Alexander Martin
Although the NCSC — a part of the cyber and signals intelligence agency GCHQ — is not a policymaking body in the United Kingdom, its latest blog post is explicit in setting out the need for more political attention on cybersecurity.
It was co-written by Ollie Whitehouse, the agency’s chief technology officer, and Paul W, its principal technical director. Whitehouse has repeatedly warned that the technology market is broken and failing to incentivize building resilient and secure technology, and argued that regulation and legislation are not keeping pace with technology change.
The same arguments had been made under the Biden administration in the United States, where software manufacturers were being urged to ship products that are secure by design. As Jen Easterly, then the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told the Oxford Cyber Forum last year: “The only way to deal with this problem is to demand more from our vendors.”
It is not clear whether the Trump administration shares those views on vendors, although last week the president signed an executive order scrapping requirements for software companies who sell to the government to attest to CISA that their products are secure.
Despite the apparent sympathy for regulation in the U.K. Labour Party’s 2024 manifesto — which stated that “markets must be shaped, not merely served” — there has been no indication this government will take any market-shaping actions, despite cyberattacks continuing to hit the country.
Amid attacks during last year’s U.K. election campaign, experts told Recorded Future News, that silence about the issue from politicians was indicative of how the topic of cybersecurity is “de-politicised” in Westminster and seen as something technical experts are expected to resolve rather than an issue politicians think they should be held accountable for.
No comments:
Post a Comment