Last night and this morning there has been much coverage on the BBC news channels about government plans to create a “reserve cyber army” – territorial hackers, if you will.
I do hope that this is an elaborate PR exercise and has little bearing on the reality of what our defence services are doing on the subject, because if not I’m afraid it belies what little understanding there is about the technology and the threats that are faced amongst our politicians and military top brass.
If there is some metaphorical parallel to be drawn between cyber-threats and traditional military operations, then it’s with guerilla insurgency (and we all know full well how effective traditional military forces are against committed freedom fighters or terrorists). The idea of bringing in technical expertise on a one-week-a-year basis to fight against all of these un-named, faceless cyber threats is fanciful in the extreme. Especially when most of the targeted resource I imagine will be used to commanding an impressive day rate.
But if the government wanted to do something more meaningful about the “threats”, it could do well to stop adding to the mystique and start unpicking some of the nonsense language and pseudo-militaristic language used in the world of information security, allowing individuals (you and I) to start understanding the part that we all have to play in making our digital lives a little more secure. The importance of passwords and two-factor authentication would be a start. But, with layers of “tech wizardry”, I fear yet again we’ll see information security matters being left to experts – and as I’ve argued before, that just makes the problem (the rest of us, generally) less informed and more vulnerable.