UK Gov launches Round Three of cyber security skills initiative

The Department of Digital, Culture, Media and Sport (DCMS) has launched a new campaign to attract a broader array of talent into the work of cyber security.

This is the third-round of funding for the Cyber Skills Immediate Impact Fund (CSIIF), with training providers able to access up-to £100,000 of government funding to work with employers and design training programmes which retrain a diverse range of individuals for a career in cyber security.

“This latest round of funding demonstrates our commitment to make sure the UK’s cyber security industry has a skilled and diverse workforce and, through our new Cyber Security Council, there are clear paths for those wishing to join the profession,” said Cyber Security Minister Nigel Adams.

“It’s fundamental that cyber security is seen as a nationally recognised and established profession with clear career pathways,” said Simon Edwards, IET Director of Governance and External Engagement.

“With cyber skills shortages already emerging at every level, we are committed to working with the Government and the National Cyber Security Centre on delivering the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent.”

Alongside this funding, the Institution of Engineering and Technology (IET) has been selected to help design and deliver new UK Cyber Security Council to coordinate the existing professional landscape. The aim will be to create an accessible career path, which is appealing to those entering the workforce.

This is the challenge which the UK is facing; a shortage of skilled workers to address specialised tasks which are emerging in the digital economy. While cyber security might not be a new concept, though as it is one which has been ignored by industry for years, this under-preparedness has been passed onto the workforce.

Recent research from DCMS suggest 54% of businesses in the UK have a basic technical cyber security skills gap. The biggest areas seem to be forensic analysis, penetration testing, security architecture and using threat analysis insight.

Interestingly enough, while this is a promising initiative to retrain workers and provide a boost to the workforce, some of the building blocks are still missing; the UK education system and the national curriculum is still to focused on traditional and classical topics, and not on skills and vocations which will create the workforce of tomorrow which is needed today.

Take coding as an example. There are schools where ICT, where coding is an element, is a compulsory topic at GCSE, but these are not the majority. The workplace of the future is going to be increasingly digital, and if the UK Government envisions a continued shortage of competent digital employees, surely reforming the curriculum would be a good step-forward. Perhaps these subjects which drive potential employees towards data science, software engineering and cybersecurity, should be make compulsory by default.

This is a positive step-forward, though retraining schemes like this are reactive. A long-term, sustainable solution to the skills shortage would be to address the challenge at the root.

‘Five Eyes’ align security objectives but where does this leave Huawei?

After a meeting in London, the members of the ‘Five Eyes’ intelligence alliance has released a communique to reinforce the relationship and outline quite generic objectives.

As with all of these communiques, the language sounds very impressive, but in reality, nothing material is being said. In this document, the UK, US, New Zealand, Australia and Canada have committed to countering online child sexual exploitation and abuse, tackling cybersecurity threats and building trust in emerging technologies.

Although nothing revolutionary has been said, the reinforcement of this alliance leaves questions over Huawei’s role in the aforementioned countries.

“There is agreement between the Five Countries of the need to ensure supply chains are trusted and reliable to protect our networks from unauthorised access or interference,” the communique reads. “We recognise the need for a rigorous risk-based evaluation of a range of factors which may include, but not be limited to, control by foreign governments.”

Government officials will never be so obvious as to point the finger at another nation, at least not most of the time, but it isn’t difficult to imagine who this statement is directed towards.

So where does this leave Huawei? Banned in Australia and the US, denied work in New Zealand and on thin ice in Canada. The only market from the ‘Five Eyes’ where is does not look doomed is the UK. But can the other members of the intelligence club trust the UK while Huawei is maintaining a presence in the country’s communications infrastructure?

The US has already spoken of withholding intelligence data should the partner nation allow Huawei to contribute to 5G networks, and this alliance is already very anti-Huawei. In re-affirming its position to the alliance, the UK is certainly sending mixed messages only a week after a statement which suggested Huawei might be safe.

Of course, this might mean very little in the long-run, but it is another factor which should be considered when trying to figure out what Huawei’s fate will actually be.

For its own part, Huawei is doing as much as possible to disprove collusion and security allegations. Aside from the cybersecurity centres opened to allow customers and governments to validate security credentials, it has recently signed up to the Paris Call.

“The quest for better security serves as the foundation of our existence,” said John Suffolk, Global Cyber Security & Privacy Officer at Huawei. “We fully support any endeavour, idea or suggestion that can enhance the resilience and security of products and services for Governments, customers and their customers.”

The Paris Call is an initiative launched by the French Government in November 2018. It is a call-to-action to tackle cybersecurity challenges, strengthen collective defences against cybercrime, and promote cooperation among stakeholders across national borders. To date, 67 national governments, 139 international and civil society organizations, and 358 private-sector companies have signed up to the collaborative initiative.

Although we are surprised it has taken Huawei so long to sign up to the initiative, it is another incremental step in the pursuit to demonstrate its security credentials and build trust in the brand.

Even with this commitment from Huawei, you have to question how the UK can continue to be a member of the ‘Five Eyes’ alliance and work with the Chinese infrastructure vendor. The concept of the alliance is to align activities and this communique talks about managing risk individually but also about supporting the efforts of other partners.

It does appear the UK is attempting to have its cake and eat it too. We suspect there will be pressure on the newly-appointed Prime Minister Boris Johnson to fall into line before too long, and it will be interesting to see how the newly formed Cabinet manage expectations externally with international partners and internally with British telcos who rely on Huawei.

Breaking down the Supply Chain Review Statement

Although there was very little said during the Supply Chain Review statement yesterday, there are some interesting developments worth keeping an eye on.

Speaking to the House of Commons, Secretary of State for the Department of Digital, Culture, Media and Sport Jeremy Wright did as most expected he would and dodged the Huawei decision. Although we were promised a decision by March, the slippery politician has managed to create enough breathing room to get him through to September.

Despite some being disappointed by a lack of clarity on the competitive landscape for UK communications infrastructure, there were a few takeaways.

There’s no avoiding interference from Transatlantic geo-politics

Every politician will tell you decisions are made dependent on what is best for the British people alone, but it is impossible to avoid the US here. The White House and its aggressive policies are causing havoc around the world, including here in the UK.

Fundamentally, without a decision on Huawei there is no clarity for investment and progress into the digital economy will falter.

Wright said a decision on Huawei would be made irrespective of the political influences of the US, but US interference is unavoidable.

“The hon. Gentleman has said that he is concerned to ensure that this should be a decision about the interests of the UK and not the priorities of the US Administration, and I understand that,” Wright said in response to the suggestion the US has too much influence from Tom Watson, Shadow Secretary of State for Culture, Media and Sport.

“I can give him the assurance that decisions we take will be decisions in the best interests of the United Kingdom, but he knows that this is a hugely interconnected sector and it simply is not possible to make sensible judgments about telecommunications without recognising those interconnections.”

With Huawei being placed on the Entity List the performance, resilience and security of its products might be impacted in the future. Wright has said he will not make a decision on Huawei until he has all the facts, and the relationship between China and the US is a huge factor in this.

Kicking the can to avoid irritating the new boss

Despite there being pressure from influential Parliamentary groups and the telco industry to make a decision, it was always highly unlikely Wright was going to say anything until his new boss has taken residence in No.10 Downing Street.

Boris Johnson is the new Prime Minister and he will want to put his own mark on proceedings. The Huawei decision is an important one, not only for UK 5G infrastructure, but because it will impact the relationship with the US. BoJo has already shown himself as somewhat of a pet of the President and will most likely want to nurture this relationship as only he knows how.

Wright does not want to jump the gun on making a decision and potentially irritating the new boss, especially when there is a potential promotion around the corner.

David Guake, the Justice Secretary, has resigned. Education Minister Anne Milton has gone. Chancellor of the Exchequer Philip Hammond has publicly stated he would quit if BoJo won. Rory Stewart, the Secretary of State for International Development, formally announced his resignation over Twitter at 11.18am. And finally, it is highly likely Foreign Secretary Jeremy Hunt, BoJo’s opponent for PM, will be shifted elsewhere.

“The reality is that this statement is just a lot of words to confirm further delay. Why are the decisions now being left in the gift of the new Prime Minister? Is this just another case of putting the Tory party before the country?” SNP MP Alan Brown questioned.

As one of the few politicians who managed to remain neutral during the proceedings, Wright could find himself heading up a new department before too long.

Security framework will make UK more secure

This is perhaps the most encouraging snippet to emerge from a relatively shallow statement overall; security requirements will be heightened for everyone.

“Fundamentally, we must make a decision on the basis of what is in our security interests, but he is also right that if we were to focus solely on one company or country, we would miss the broader important point that our telecoms supply chain must be resilient and secure, regardless of where equipment comes from, because risk may transfer from place to place and our population is entitled to expect that the approach we take puts security at its heart, wherever the equipment comes from,” Wright stated.

Although there are few details available regarding the new security requirements, Wright has suggested there will be a more stringent framework set in place and on-going assessments to ensure standards are being maintained. This will be applicable to every supplier, irrelevant of where they have come from.

To start with, this will be a voluntary scheme for the telcos, but soon enough it will be cemented in place through legislation. This takes time, but it is encouraging that the Government recognises threats can come from anywhere, everyone has a globalised supply chain and cybercriminals are becoming much more capable.

If policies have the position of 100% secure is impossible and everyone is a potential threat, risk mitigation levels should be set higher. This is the best possible means to achieve a resilient and secure network, capable of dealing with threats irrelevant as to their origin or intention.

Vendor diversification is nothing but a smokescreen

It might sound like a wonderful plug, but suggesting the UK is going to encourage diversification in the supply chain is nothing but a distraction to attract PR points for DCMS.

“In addition, we must have a competitive, sustainable and diverse supply chain if we are to drive innovation and reduce the risk of dependency on individual suppliers,” Wright said.

“The Government will therefore pursue a targeted diversification strategy, supporting the growth of new players in the parts of the network that pose security and resilience risks. We will promote policies that support new entrants and the growth of smaller firms.”

During the statement, Wright promised work will be done to enable smaller and more innovative players to contribute to the 5G euphoria. This sounds good and, in theory, addresses a long-standing problem in the telco world, but let’s not get ahead of ourselves.

The telco industry has been attempting to create a more diverse supply chain for years, as well as adapting procurement models to ensure smaller companies can weave through the red-tape maze. There has been little progress to date and intervention from DCMS is unlikely to reap any material changes.

You also have to wonder whether Wright is tackling the challenge head-on. Wright pointed to funding which has been directed towards the West Midlands and other innovation hubs, however this is not the problem which the telco industry has been facing. The limited supply chain is most harmful in places like the access network or core. This is where there are so few suppliers and competition has been impacting the cost of deployment.

Wright might be encouraging diversification and growth for start-ups, but don’t be fooled by this statement; he is not directly tackling the biggest competition challenge the industry faces.

Long-overdue legislative overhaul and Ofcom empowerment

The legislative and regulatory landscape has needed an update for years and Wright is promising one. Not only would this put the security framework into law, it will also ensure Ofcom has the right powers to be effective in the digital economy.

“We will pursue legislation at the earliest opportunity to provide Ofcom with stronger powers to allow for the effective enforcement of the telecoms security requirements and to establish stronger national security backstop powers for Government,” Wright said.

Until the new legislation is put in place, Government and Ofcom will work with all telecoms operators to secure adherence to the new requirements on a voluntary basis.”

Many of the rules which govern the telecoms and technology industry have been written for a bygone era. This is an outcome which is largely unavoidable when you consider the speed at which progress develops nowadays. However, rules need to be brought into the 21st century.

Legislation will offer the Government more influence over commercial communications infrastructure while Ofcom will have its teeth sharpened. It’s a long-overdue update.

Not much said, but potential to progress

Overall, there was little said by Wright in terms of material progress, but there is enough evidence the UK is creeping forward toward contextual relevance. We saw hints of progress yesterday, but realistically, the new Prime Minister and his administration will dictate evolution over the coming months and years.

206 days: IBM’s estimate on how long it takes to find a security breach

A new study from IBM suggests it takes 206 days on average for companies to discover a breach and another 73 to fix it.

With cybercriminals becoming savvier and assaults becoming much more complex, it seems many companies will have been exposed for months without even realising it. The average cost to the business could be as much as $3.92 million, with the firm feeling the impact over three-year periods.

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services.

“With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line – and focus on how they can reduce these costs.”

On average, 67% of the financial impact of security breaches are felt within the first 12 months, 22% is seen in the second year and 11% in the third year after the incident. The long-tail costs are felt more painfully in highly-regulated industries such as healthcare, financial services, energy and pharmaceuticals. Telecoms was not mentioned specifically, but we suspect it will also be among the more impacted industries.

What you have to bear in mind is that this is a security vendor stoking the fire. The dangers of inadequate security in the digital era are very well-known, but you have to take the estimates with a pinch of salt here; it is in the IBM interest for companies to be in heightened states of fear and paranoia.

Looking at the time in which it takes to detect a breach, this is quite a remarkable number and perhaps demonstrates the retrospective approach many firms have taken to security over the last few years. These attitudes are slowly changing, security is moving up the agenda, though this does not compensate for the years of inadequacy.

The IBM report suggests the lifecycle of a breach is 279 days, not accounting for all the regulatory headaches which would follow. That said, those who are able to detect and contain a breach with 200 days are $1.2 million better off when it comes to the financial impact.

Here are a few of the more interesting stats from the report:

  • Data breaches cost companies around $150 per record that was lost or stolen
  • Security automation technologies could potentially half the financial impact of a breach
  • Extensive use of encryption can reduce total cost of a breach by $360,000
  • Breaches originating from a third-party cost companies $370,000 more than average
  • Average cost of a breach in the US is $8.19 million, double the worldwide average
  • Breaches in the healthcare industry are the most expensive
  • Companies with less than 500 employees suffered losses of more than $2.5 million on average

This announcement is about further delay – UK Gov on Huawei

The UK Government has made it clear the Supply Chain Review is about more than one company or one country, but the Huawei dilemma is the most important question; and there still is no answer.

Speaking in the House of Commons late Tuesday (22 July), Secretary of State for Digital, Culture, Media and Sport Jeremy Wright updated the world on the progress of the Supply Chain Review. This Review has seemingly faltered progress towards the digital euphoria, and it appears this statement is nothing more than a delay with some vague promises on security updates.

“This announcement is about further delay,” Wright stated to the House of Commons.

DCMS has not made a decision on Huawei. There is still potential the firm might be banned, Wright stated this during the grilling from MPs.

Huawei’s fate is still far from certain and now the can has been kicked down the road, where even more unknowns are going to be presented. Who will be the new Prime Minister? What will his attitude be towards China? How cosy will he be with President Trump and the US? Who will be the senior politicians running each of the Departments next week?

Unfortunately for DCMS, this Review might well be bigger than one company or country, but it is unavoidable to think about anything else at the moment. Wright has made several other minor announcements on new security frameworks and requirements, policy and legislation updates and efforts to diversify the supply chain. These were all supposed to offer the telcos confidence, but realistically, nothing has changed.

Wright has announced the conclusions which have been drawn from the Supply Chain Review. Firstly, existing networks have been built with commercial attractiveness in mind not cybersecurity. Secondly, policies and legislation are woefully out-of-date. And finally, supply chains are too focused on single suppliers.

To right these wrongs, new security requirements will be placed on any vendor who wishes to contribute to UK communications infrastructure. Ofcom will be granted new powers to enforce new frameworks. There will be more oversight on procurement and Government will be given more opportunity to intervene if necessary. These requirements will be voluntary to start with but will be legislated for as soon as possible.

The message from Wright is that telcos can carry on working with any company it wants to, but without a concrete decision on the fate of Huawei, does this actually mean anything? No, it doesn’t.

Telcos want certainty to invest the billions required to make the 5G era a reality and this is anything but certainty. Scaling up network deployment aggressively still might turn out to be an expensive mistake. There are so few vendors in this segment of the telco ecosystem, the importance of this decision cannot be under-played.

However, there certainly were some welcomed points made during the announcement.

“Risk can transfer from place to place,” Wright commented with regard to enhanced security requirements being applied universally.

The new security framework and on-going assurance testing for equipment, systems and software will be applied to every supplier that wants to be incorporated into the UKs communications infrastructure. This is a refreshing approach, understanding the global nature of supply chains. There is a risk when working with any supplier as their own complex supply chains are vulnerable for intrusion.

Additional requirements will be placed on ‘high risk vendors’, though in escalating the security requirements across the entire ecosystem, the task of managing risk is much more comprehensive. This should, in theory, create a landscape which is much more resilient and secure.

However, you cannot escape the fact this announcement was little more than politely informing the community of another delay. The sense of purgatory will continue for months and the void of investment will be maintained. There have been some minor steps forward, but without a decision on Huawei, uncertainty remains. And uncertainty is one of the biggest enemies of the telco industry.

The UK created a fast-follower position in the 5G era but the inability of politicians to make a decision is simply dragging the UK bag to the chasing peloton of mediocrity.

Parliamentary Intelligence Committee piles pressure on Huawei decision

The Parliamentary Intelligence and Security Committee has unveiled a statement to rubbish delays put on the Supply Chain Review, demanding a decision ASAP.

In the same week as the Chair of the Science and Technology Committee suggested there are no technical reasons to ban Huawei, the Intelligence and Security Committee has demanded a sharp decision or risk losing a strong position in the digital economy.

“5G will transform our day to day lives – if it meets its full potential – and it could be key to our future prosperity,” a statement from the Committee reads. “Such an important decision therefore requires careful consideration. However, the extent of the delay is now causing serious damage to our international relationships: a decision must be made as a matter of urgency.”

While the UK fell drastically behind the norm when it came to adopting 4G, progress has been much more promising for 5G. While calling oneself a global leader usually means little coming from the mouths of groomed politicians, in this case the UK is a genuine leader in the 5G race. There are only a handful of nations who launched ahead of the UK and the opportunity to scale nationwide rapidly is certainly is present.

However, the Intelligence and Security Committee, chaired by Dominic Grieve, feel this is a position which is becoming increasingly vulnerable. The longer this review continues, the slower 5G expansion plans will be, and the greater the opportunity for fast-followers to catch-up.

That said, perhaps the biggest revelation from the Intelligence and Security Committee seems to be the implications to national security.

“However, the telecoms market has been consolidated down to just a few players: in the case of 5G there are only three potential suppliers to the UK – Nokia, Ericsson and Huawei,” the reports states. “Limiting the field to just two, on the basis of the above arguments, would increase over-dependence and reduce competition, resulting in less resilience and lower security standards.”

Despite many critics of Huawei suggesting inclusion of the firm in critical infrastructure would compromise national security, Grieve’s opinion is that reducing the number of available vendors would create more problems. Not only would the networks be more expensive to build, but resilience would be dampened as well.

As you can imagine, Huawei are relatively pleased with the report from the Committee.

“We agree that diversity improves resilience in networks,” said Victor Zhang, Vice-President of Huawei. “We’ve been a part of UK networks for 18 years. 5G is critical for the UK and is the foundation of tomorrow’s digital and mobile economy. Quite simply, it will improve people’s lives. Our priority has only ever been to deliver world-leading technology to our customers.”

This is the problem the Department of Digital, Media, Culture and Sport (DCMS), the National Cyber Security Centre (NCSC) and the wider Government, is facing. Not only does DCMS have to recruit a new Digital Minister after the resignation of Margot James, deal with Brexit and select a new Prime Minister, it has to come to decision on the role of Huawei in the 5G era.

This statement and the report from the Science and Technology Committee is piling up the pressure. The message is relatively clear, these distractions should not undermine the importance of coming to a conclusion on Huawei.

At some point, the UK Government is going to have to hurt someone’s feelings. Either the relationship between the UK and the US or China is going to be impacted. With Brexit around the corner, the UK needs to nurture relationships outside of the European Union, but unfortunately it is unavoidable here.

The pressure is mounting and soon enough the Government will have to make a decision. It has been able to procrastinate, but the more influential groups who press for a conclusion, soon enough the Government will have to show some progress.

US Senators start snapping Trump’s China olive branch

The President’s opponents have promised to be difficult and now they have begun the process of making it official.

A horde of Senators, led by the Republican representative of Arkansas Tom Cotton and Democrat Chris Van Hollen of Maryland, have tabled a new bill which will be known as the Defending America’s 5G Future Act. The bill aims to reinforce the Executive Order signed by Trump, prohibiting the removal of Huawei from the Commerce Department Entity List without an act of Congress.

Other Senators backing the bill include the Republican representatives of Florida and Utah, Marco Rubio and Mitt Romney, as well as Democrats from Virginia and Connecticut, Mark Warner and Richard Blumenthal.

“Huawei isn’t a normal business partner for American companies, it’s a front for the Chinese Communist Party,” said Cotton. “Our bill reinforces the president’s decision to place Huawei on a technology blacklist. American companies shouldn’t be in the business of selling our enemies the tools they’ll use to spy on Americans.”

“The best way to address the national security threat we face from China’s telecommunications companies is to draw a clear line in the sand and stop retreating every time Beijing pushes back,” said Van Hollen. “By prohibiting American companies from doing business with Huawei, we finally sent an unequivocal message that we take this threat seriously and President Trump shouldn’t be able to trade away those legitimate security concerns.”

Despite Trump’s efforts to demonstrate the power of US sanctions, it seems there are politicians who genuinely believe the Chinese threat to the US, even if Trump doesn’t. That, or they just want to be awkward.

It has appeared over the last couple of weeks that the President has only be stirring the national security pot as a means to drive China back to the trade talks table, but other politicians haven’t read the playbook; if this was a demonstration of strength, with the intention to back down one the message had been heard, things are not going to plan.

Rubio is using the argument Huawei is a front for the Chinese Government, Warner objects to the use of national security as a bargaining chip, Blumenthal has bought into the dangers of Huawei as a company and so does Romney, who is also protesting to IP theft. It should come as little surprise, Trump has done an excellent job of rousing xenophobia and fear of globalisation, there were always going to be objections when Trump climbed down off the pillar of propaganda.

Soon enough, Trump will learn he is not able to run the US like a private business. He might be one of the most powerful people in the world, but his word is not gospel; the separation of powers in US Government prevents such suspect strategies. Amazingly, despite efforts to escalate an atmosphere of discord, Trump is managing to convince Senators to reach across the aisle in opposition.

It’s a rather beautiful representation of unity.

Sprint customers victim of another hack

Sprint is the latest telco to become the victim of cybercrime as an unknown number of customers have had their personal data eyed over by nefarious parties.

In a letter sent to customers, Sprint has suggested a huge amount of personal information has been exposed to the darker corners of the internet. The hackers gained access via the Samsung ‘add a line’ website, with the total number of impacted customers being unknown for the moment.

“On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” the letter states. “We take this matter, and all matters involving Sprint customer’s privacy, very seriously.”

An ‘add a line’ website is one utilised by third-parties, mainly device manufacturers, if customers want to add an additional phone line to an existing contract with a telco. Sprint offers this feature to customers who would like to add more individuals or devices to existing contracts.

This is of course not the first time Sprint customers have been the victim of the darker practices of the web, with the pre-paid brand Boost being compromised in March. Again, Sprint was not transparent with the severity of the breach, though in this instance a common technique called a credential stuffing attack was used.

Looking at the latest breach, exposure is quite severe. The hackers gained access to phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services.

Sprint has played down the risk in the letter, suggesting no other information ‘that could create a substantial risk of fraud or identity theft’ had been accessed. Sprint might want to play down the severity of the hack, but many will disagree with the laissez faire attitude.

“When attackers manage to hijack legitimate access rights, they can remain undetected for extended periods of time,” said Saryu Nayyar, CEO of cybersecurity firm, Gurucul.

“Many organisations don’t have the ability to identify subtle behavioural anomalies that are indicators of cyber threats. But with advanced machine learning algorithms it’s possible to spot behaviours that are outside the range of normal activities and intervene before the damage is done.”

Details are relatively thin on the ground right now, it is possible Sprint does not fully understand the severity of the breach at this point, though this is further evidence of security being an afterthought. Attitudes are changing for the better, though it is clear not enough firms are secure enough for today’s digitally-defined society.

‘No technical grounds’ to ban Huawei says UK Parliament committee

Chair of the Science and Technology Committee in the UK, Norman Lamb, has stated there is not enough technical evidence to ban Huawei and is demanding a final decision by the end of August.

In a letter written to Jeremy Hunt, Secretary of State for Digital, Culture, Media and Sport (DCMS), Lamb has demanded a conclusion to the Supply Chain Review which has staggered the progress of 5G networks in the UK. Many in the industry have become increasingly frustrated with the state of purgatory which has loomed over the UK telecoms industry, and now the influential Science and Technology Committee has had enough.

“Following my Committee’s recent evidence session, we have concluded that there are no technical grounds for excluding Huawei entirely from the UK’s 5G or other telecommunications networks,” said Lamb.

“The benefits of 5G are clear and the removal of Huawei from the current or future networks could cause significant delays. However, as outlined in the letter to the Secretary of State for Digital, Culture, Media and Sport, we feel there may well be geopolitical or ethical considerations that the Government need to take into account when deciding whether they should use Huawei’s equipment.”

This is the interesting aspect of the letter to Wright. Lamb is effectively telling DCMS and the National Cyber Security Centre (NCSC) to hurry up and make a decision, but not to come to a conclusion too quickly as there are ethical and political considerations to account for. It’s a bit of a mixed message, but a deadline is perhaps overdue for this saga.

The message from Lamb is relatively simple; there are no technical grounds to ban Huawei. Quoting the NSCS’ assumption that 100% secure is impossible, suggesting a lack of concrete evidence against Huawei espionage, reasserting legal obligations placed on telcos to maintain security and pointing towards the international nature of supply chains nowadays are all points made by Lamb to suggest Huawei should be allowed to contribute to network infrastructure.

There are of course concessions make in the letter. Lamb is suggesting Huawei should be excluded from contributing to the network core, while there should also be a mechanism introduced to limit Huawei should it fail on-going competency tests and security assessments, but the message seems to be focused on the idea that Huawei is no more of a security threat than any other organization.

“Supply chains for telecommunications networks have been global and complex,” the letter states. “Many vendors use equipment that has been manufactured in China, so a ban on Huawei equipment would not remove potential Chinese influence from the supply chain.”

Another interesting point raised by Lamb is the legal obligation which has been placed on the telcos to ensure security. Communications infrastructure is a key component to today’s society, but the telcos are the ones who will suffer some of the greatest consequences for poor risk mitigation and due diligence. None of the telcos have raised concerns of an increased security risk from Huawei, and this should be taken as some of the most important evidence when considering the fate of the Chinese vendor.

Ultimately, this is action from the Government. It might kick-off some bickering between the parties (Lamb is a Liberal Democrat) and between departments, but finally someone is forcing DCMS and NSCS into a decision. It seems Lamb is not concerned about the distraction of a party leadership contest or Brexit, he simply wants an answer by the end of August.

Interestingly enough, this letter also forces DCMS into basing the outcome of the Supply Chain Review on politics. By stating there are no technical grounds for a ban, should Wright and his team want to exclude Huawei it will have to be done for another reason. Lamb has asked DCMS to consider the ethical and political weight of a decision, as well as the impact it might have on relationships with allies.

This is now a very difficult decision for DCMS. Lamb has seemingly taken technical considerations off the table; any ban would have to be political.

Cybersecurity is becoming impossible without AI – Capgemini report

Security is certainly a topic which is top of the agenda for almost everyone in the technology world, but it is quickly becoming apparent it will be impossible without AI.

The concept of 100% secure has now been rightfully banished and now more people are waking up to the idea any form of security is going to be impossible without artificial intelligence.

According to a new report from the Capgemini Research Institute, 69% of respondents believe they will not be able to respond to cyberattacks without the use of AI. Such is the velocity, volume and variety of threats thrown towards businesses nowadays, there will never be enough budget or hours in the day for humans to effectively deal with the problem in its entirety.

“Organizations are facing an unparalleled volume and complexity of cyber threats and have woken up to the importance of AI as the first line of defence,” said Geert van der Linden, Cybersecurity Business Lead at Capgemini Group.

“As cybersecurity analysts are overwhelmed, close to a quarter of them declaring they are not able to successfully investigate all identified incidents, it is critical for organizations to increase investment and focus on the business benefits that AI can bring in terms of bolstering their cybersecurity.”

The report follows another interesting bit of research from enterprise ISP Beaming earlier in the week. Beaming suggested the number of attacks levelled at British businesses during Q2 increased 179% year-on-year. These firms were effectively facing a threat every 50 seconds on average over the three-month period.

The Capgemini research suggests investments in security AI will increase dramatically over the next twelve months. During 2020, 48% of decision makers suggested investments in this area will increase by a third. 73% are currently testing use cases for AI in cybersecurity, while 63% intend to deploy AI security in 2020 to bolster defences.

And while it might seem like a grave conversation to have right now, the situation is only going to become worse. With the introduction of 5G, more products and services moving to the cloud, consumers adopting more connected devices and IOT set to boom over the next couple of years, the perimeter is expanding. Threats exist today, but exposure to the dark corners of the web is going to become much more apparent.