Cybersecurity driven by fear

June 12, 2019 | Media
As cyberattacks and hacking incidents increase in frequency and scope, it's important that organisations and governments don't revert to a fear-based approach to cybersecurity: it won't help users and it doesn't help to prevent attacks.

‘Scaring people about cybersecurity doesn’t work’, – says Ciaran Martin – ‘particularly when it comes to 5G, Huawei and China’.

Reflecting on how cybersecurity guidance has changed since the UK’s National Cyber Security Centre started operating in 2016, NCSC chief executive Ciaran Martin said the cyber-arm of GCHQ began as if its job was scaring people into staying safe online. But now the approach is based around promoting a deeper understanding of threats, he said.

“Four years ago, as GCHQ and government, we were still reluctantly in the role of the ‘Monsters Inc’ Top Scarcer. We still had to convince people about the threat and that it was all very scary and so forth,” said Martin, comparing the government’s approach to cybersecurity to that of the Pixar movie during a keynote address at Infosecurity Europe 2019 in London.

A holistic approach to 5G security

The NCSC’s chief was speaking following several months of argument and debate over Chinese technology firm Huawei potentially building 5G network infrastructure for the UK, and what that could mean for national security.

The Trump administration in the US has already banned Huawei infrastructure from the country. In the UK, the cabinet has been split over the issue, while several national publications have run scare stories about worst-case scenarios with China controlling 5G services like autonomous vehicles, and the damage that could be done by suddenly turning 5G off.

Martin argued that the debate should be about 5G as a whole, rather than around one particular supplier.

“We have to get 5G network security right – and that’s a much bigger issue than the national identity of suppliers. We’ve had all sorts of debates about the globalisation and the role of China; there’s an absolutely legitimate debate to have, and we’ll talk about it more when the government has reached a final decision,” he said.

But for now, Martin said, cybersecurity experts need to analyse and discuss the security of 5G as a whole, to ensure that the networks – whoever builds them – are as secure as possible, and that the public can be reassured.