TechUK, what happened to cybersecurity?

By Fred Arndt
Fred Arndt
Fred Arndt
Fred Arndt is an IT security professional currently based in London, UK. He has worked in over a dozen countries during his career, including long stints in Taiwan and Germany.
September 18, 2014 Updated: April 23, 2016

When TechUK, the British trade association for the technology industry, released its bashfully titled manifesto “Securing our Digital Future” earlier this week, some of my colleagues were enthralled. Presented as a roadmap for 2015-2020, it calls on policy-makers to tackle head on the digital revolution head on by recognizing its importance in delivering growth and jobs, the two words that will make any politician’s eyes light up. Unfortunately, not only do the recommendations presented on September 16th sound a bit dusty for anyone familiar with the topic, the report surprisingly fails to tackle cyber security.

The headline-grabbing recommendations made by TechUK for the future UK government are to set up dedicated digital ministers in every branch of the Government, as well as creating a new Chief Privacy Office and a new FCO Digital Trade Tsar (their terminology). Moreover, since migrants are responsible for founding one in seven tech start-ups, London should ease up on its restriction on migration, or else forego billions in lost GDP. Another noteworthy idea would be to have a special 10-year ‘innovation’ budget, one that extends beyond parliamentary cycles.

 

Securing our digital future without cyber security?

The long and short of the report is that more government and more money are what the UK needs to dash into the 21st century and emerge as the leading digital economy. This may be true, but what about ensuring the security of cyberspace from the ever-growing number of threats? Or what about protecting intellectual property, the expected outcome of TechUK’s special budget for innovation? 

Tellingly, the words copyright and piracy don’t even show up in the 61-page roadmap, the only mention of cyber security in the context of praising the government’s capacity to secure cyberspace as it “was demonstrated by the 2012 London Olympic Games which were kept safe from disruption”. Albeit true, this is just one side of the debate.

Take illegal streaming (disclosure: I’m coordinating an independent report on this topic, soon to be issued by the Association of Internet Security Professionals). While debates over illegal streaming are often cast as battles between the interests of wealthy broadcasting industry executives and lobbyists on the one hand and those of freedom of speech activists and internet entrepreneurs on the other, this is not actually the case. The cyber security dangers that accessing unauthorized videos pose to individual computers means that illegal streaming is just as damaging to the user as it is to the industry. 

The greatest, and most often neglected, cost of illegal streaming falls on Internet user, who open the door to a host of cyber security dangers. From computer viruses to identity theft, video streaming has become the number one method of propagating highly dangerous malware on the Internet. Zeus, CryptoLocker and ZeroAccess, are just some of the highly dangerous Trojans that streaming sites use to infect an ever growing number of users. As reports have shown, some 97% of such sites are already compromised by one of the 160,000 new malware samples produced every day around the world. 

According to Symantec’s yearly security report, worldwide losses for users as a result of malicious software rose to more than $113 billion in 2013. Americans, for example, have lost an average of $298 per attack, mainly through the stealing of sensitive personal information (credit card fraud, stealing of banking details, hacking of personal accounts). Worryingly, the figure has risen by 50% compared to 2012.

Usually camouflaged as software or codec updates, many such Trojans infect users who access illegal streaming sites, even bypassing their antivirus software. Even now, seven years after its first detection, Zeus has only a detection rate of less than 40%. And the negative side effects for the infected user? On average, more than two years’ worth of Netflix subscriptions. 

The recent World Cup offers another compelling example. Reports about infected computers, theft of private information or credit card fraud abound on the Internet. Trend Micro identified, for example, a key generator that supposedly allowed people to stream FIFA’s official content for free. In reality, it installed malicious software on the user’s computer, stealing confidential information in the process. With more than 20 million people tuning in worldwide to illegal streaming sites, the damage done is hard to even estimate. 

Solving the problem of illegal streaming requires a coordinated effort: copyright laws need to be clarified and unified, broadcasters’ rights have to be clearly spelled out, and illegal service providers need to be tackled head-on with the cooperation of search engines. 

TechUK’s primary recommendation, of creating dedicated Digital ministers, would go a long way to solve this problem by providing the multi-pronged approach asked by, say illegal streaming. This is just one example meant to illustrate both the need for such a portfolio and the fact that governments everywhere should rethink their cyber security strategies when tackling individual risks. “Securing our Digital Future” requires securing our digital present.

Fred Arndt
Fred Arndt
Fred Arndt is an IT security professional currently based in London, UK. He has worked in over a dozen countries during his career, including long stints in Taiwan and Germany.