In the aftermath of WannaCry, experts call for watchdogs to be split from snoopers
The Government will urgently need to upgrade the UK’s cyber defences, academics agreed at a seminar this week.
Staged by the Institute of Legal Studies at University College London, it dealt with the aftermath of last month's WannaCry ransomware attack, which temporarily disabled IT systems in several NHS organisations.
Among the subjects on the agenda were the splitting of the National Cyber Security Centre from its parent body, Government Communications Headquarters (GCHQ), and the issues around attempting to follow official advice to ‘be vigilant’ and keep software up to date.
“We need to get a lot better at giving security advice,” Dr Steven Murdoch of the university's Information Security Research Group told the event. Pointing out that telling people not to open emails is akin to telling them not to do their jobs, he said: “It is no good blaming victims of the crime especially when there’s nothing they can do".
”Murdoch noted that last month’s WannaCry attack was spread with a worm, not email phishing, and that the Windows vulnerability it exploited had been discovered by the US National Security Agency. Stockpiling vulnerabilities
"There are questions to be asked about the stockpiling of vulnerabilities by security agencies," the seminar heard. "They have two conflicting roles - to make us safer and to make us less safe in order to conduct surveillance. What is the appropriate trade-off?"
He called on the next Government to split the National Cyber Security Centre away from GCHQ and make the bodies responsible to different cabinet ministers.
There is a fear that any action will take the form of draconian controls on the web. Dr Tim Stevens, of King’s College London, said the prime minister’s threat to clamp down on encryption in the wake of the Manchester and London terror attacks "could spell serious problems. If encryption was banned,spell serious problems. If encryption was banned,we’d all be incredibly insecure, overnight."Labour’s former home secretary, Jack Straw, addedhis voice to the debate this week. In an article for theDaily Mail he wrote: “Back in 1999 when, as homesecretary, I was putting together recommendations tobring intercept legislation into the start of the internetage, I proposed system of ‘third-party escrow’. Myidea ran into such a barrage of opposition that I hadto drop it.
"In the intervening 18 years the internet has becomefar more extensive and sophisticated than anyoneimagined, and my proposal now needs to be revived.”