Top GCHQ director calls security industry "witchcraft"

Dr Ian Levy accuses the industry of creating a climate of fear

The National Cyber Security Center's technical director Ian Levy has slammed commonly-accepted cyber security advice, equating the security industry to "witchcraft" and accusing it of deliberately creating unnecessary fear around cyber threats.

Speaking at Future Decoded 2016, Microsoft's annual digital transformation conference, Levy argued that cyber security is not transparent and that the industry is "blaming the user for designing the system wrong".

"We have to make [security] much more user-centric - stop blaming the user, give them information, let them make decisions," he said.

He also argued that traditional security wisdom regarding email attachments and passwords is too complex and difficult for users to follow. According to his team's research, maintaining secure, regularly changed passwords for the average number of online sites and services equates to memorising a different 660-digit number every month.

Another target of his ire was the level of hyperbole surrounding the security industry. He took particular issue with the portrayal of hackers, which are commonly labelled 'advanced persistent threats', or APTs.

Instead, he argued that it should stand for 'adequate pernicious toerags', based on the fact that many attackers use older exploits and vulnerabilities with patches that are available, but not installed. By presenting hackers as super-skilled experts, however, he states that security companies are creating a climate of fear.

"Everything that we do as an industry is about making it sound really, really bad; because then you can't possibly defend yourself," he told attendees. "There's no other part of public policy that I'm aware of that allows this to happen. Nowhere else in public policy do you allow fear to rule."

The sentiment clashed somewhat with a statement from chancellor Phillip Hammond, who stated that the UK needed to develop offensive cyber weapons in order to prepare the country for retaliation in case of a cyber attack from a foreign nation.

Levy argued for greater transparency within the secure industry, and the creation of a climate in which the UK can have an informed national conversation about the threats facing both private citizens and companies operating in Britain. To that end, the National Cyber Security Centre will be publishing information and documents through their website in order to inform the public.

"I want to get to a point where we have data, we have metrics, and we can start to explain to the public how we're defending the UK," he said.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
TechUK panel slams "woeful" gov response to digital IDs
identity and access management (IAM)

TechUK panel slams "woeful" gov response to digital IDs

4 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020

Most Popular

Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020