The Roaring Twenties: Future foreign policy will rely on rejuvenated 'cyber' sector, UK government claims

Good news for Mancunian infosec and chip design bods, but we're raising an eyebrow on the nukes


The British government has published its Integrated Review into defence and security policy – and though you'll like it if you're in the UK infosec industry, threats of nuking North Korea in revenge for WannaCry are very wide of the mark.

While the Cyber-Integrated Cyber-Review of Cyber-Security, Cyber-Defence, Cyber-Development and Cyber-Foreign Cyber-Policy was cyber-short on cyber-concrete cyber-promises, it did use the word "cyber" 114 times.

Yet in terms of "things that will flow from this" the Integrated Review (IR) mentioned only the National Cyber Security Centre and the nascent National Cyber Force, both already in existence. The IR was long on ambition but clothed in the impenetrable language of defence and management consultancy. A sample of it reads as follows:

We will adopt a comprehensive cyber strategy to maintain the UK's competitive edge in this rapidly evolving domain. We will build a resilient and prosperous digital UK, and make much more integrated, creative and routine use of the UK's full spectrum of levers – including the National Cyber Force's offensive cyber tools – to detect, disrupt and deter our adversaries.

Under the heading "responsible, democratic cyber power" the government promised to "use cyber capabilities to influence events in the real world," including more use of "offensive cyber" – and, eye-catchingly for the UK infosec sector, UK.gov plans to build "an advantage in critical cyber technologies."

NCSC HQ in Nova building behind London's Victoria Station in pre-COVID times.

Try to avoid thinking of the internet as a flashy new battlefield, warns former NCSC chief

READ MORE

Offensive cyber is what ordinary people call "state-backed hacking". Two years ago the then Foreign Secretary, Jeremy Hunt, said in a major speech: "If cyber interference were to become commonplace, the danger is that authoritarian states would damage public confidence in the very fabric of democracy."

One would hope that policymakers have been paying attention to the former head of NCSC, Ciaran Martin, who publicly warned in late 2020 that all this warlike talk neither contributes to international peace nor helps anyone understand what the hell UK.gov actually intends on doing.

Hunt's far-sighted speech, taken together with the Integrated Review, could be seen today as a warning that British foreign policy for the 2020s will contribute further to international instability – especially after the Ministry of Defence spun a temporary increase in nuclear missile warheads as meaning that the UK would nuke state-backed attackers.*

Businessman with hands tied

Cyberup campaign: 80% of infosec pros fear they might fall foul of UK's outdated Computer Misuse Act

READ MORE

Britain's so-called "whole of nation approach" to cyber policy and capabilities in the post-Brexit world will, so we're told, rest on UK.gov "supporting a UK research base that can compete with allies and adversaries" and nurturing an industry capable of delivering "innovative and effective cyber security products" – something that may warm even the hearts of the occasionally jaded infosec industry.

Yet the creation of a bigger infosec industry that successfully competes on a commercial footing with products and services from the US and infosec powerhouse Israel is years away; individual British SMEs employ fine and talented people but the only truly global infosec company the UK has ever produced is Sophos. It's a crowded marketplace out there too, with thousands of companies competing for business.

R&D

It's not only the infosec industry that's mentioned in the review; the government wants "to take the lead in the technologies vital to cyber power, such as microprocessors, secure systems design, quantum technologies and new forms of data transmission."

Quantum (as in cryptography) seems to be one of those marketing buzzwords that crept into the report; the tech is about 15 years away from becoming reality.

While there won't be any sleepless nights in Silicon Valley or Shenzhen after political leaders in those places read about Britain's wider tech ambitions, the review's contents bode well for companies looking to base R&D departments in the UK – perhaps building on the international reputations of Cambridge and Manchester.

Indeed, the latter is receiving specific attention; the National Cyber Force will be based in the city, as UK.gov briefed the press on Sunday. Manchester University has close links to spy agency GCHQ and a significant amount of the British infosec industry is already based there.

Mop-topped Prime Minister Boris Johnson said in a statement: "Cyber power is revolutionising the way we live our lives and fight our wars, just as air power did 100 years ago. We need to build up our cyber capability so we can grasp the opportunities it presents while ensuring those who seek to use its powers to attack us and our way of life are thwarted at every turn."

The review did not, however, mention anything about changes to the law to allow British firms to compete on an equal footing with overseas infosec companies, particularly in the areas of threat intelligence and research. Industry has tried making noises about this in the past but they have largely fallen on deaf ears in Westminster.

Kevin Bocek, VP security strategy and threat intelligence at US machine identity firm Venafi, opined that the review was a good thing for his business and urged UK.gov to send more cash its way, saying: "So far there has been too much emphasis on trying to change people's behavior in cyberspace but attackers have moved on to target the machines that make autonomous, millisecond decisions. Attacks on machines and the machine identities that uniquely define them is the new battleground that the government will rapidly need to defend." ®

Nukenote

* The review claimed, implausibly, that Britain could nuke nations that attack its digital infrastructure, raising the spectre of Trident missiles raining on Pyongyang in the aftermath of some future WannaCry-style worm.

"Britain could use nuclear weapons against a state that threatens to inflict a devastating cyber or biological attack," reported The Times, along with several other national newspapers, following clandestine government briefings (and a string of identical "exclusives") the night before the review was formally published.


Other stories you might like

  • Cerebras sets record for 'largest AI model' on a single chip
    Plus: Yandex releases 100-billion-parameter language model for free, and more

    In brief US hardware startup Cerebras claims to have trained the largest AI model on a single device powered by the world's largest Wafer Scale Engine 2 chip the size of a plate.

    "Using the Cerebras Software Platform (CSoft), our customers can easily train state-of-the-art GPT language models (such as GPT-3 and GPT-J) with up to 20 billion parameters on a single CS-2 system," the company claimed this week. "Running on a single CS-2, these models take minutes to set up and users can quickly move between models with just a few keystrokes."

    The CS-2 packs a whopping 850,000 cores, and has 40GB of on-chip memory capable of reaching 20 PB/sec memory bandwidth. The specs on other types of AI accelerators and GPUs pale in comparison, meaning machine learning engineers have to train huge AI models with billions of parameters across more servers.

    Continue reading
  • Zendesk sold to private investors two weeks after saying it would stay public
    Private offer 34 percent above share price is just the thing to change minds

    Customer service as-a-service vendor Zendesk has announced it will allow itself to be acquired for $10.2 billion by a group of investors led by private equity firm Hellman & Friedman, investment company Permira, and a wholly-owned subsidiary of the Abu Dhabi Investment Authority.

    The decision is a little odd, in light of the company's recent strategic review, announced on June, which saw the board unanimously conclude "that continuing to execute on the Company's strategic plan as an independent, public company is in the best interest of the Company and its stockholders at this time."

    That process saw Zendesk chat to 16 potential strategic partners and ten financial sponsors, including a group of investors who had previously expressed conditional interest in acquiring the company. Zendesk even extended its discussions with some parties but eventually walked away after "no actionable proposals were submitted, with the final bidders citing adverse market conditions and financing difficulties at the end of the process."

    Continue reading
  • Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
    But welcomes fast cross-border payments in central bank digital currencies

    In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has warned crypto cowboys they face a rough ride in the island nation.

    The center of excellence (COE) was established by the Mojaloop Foundation – an open source effort to create payment platforms to make digital financial services accessible to those without access to banks. The COE aims to "accelerate financial inclusion in emerging markets" through hackathons, workshops and pilot projects while examining expanded CBDCs payment capabilities."

    Singapore's sovereign wealth fund has invested in Mojaloop, and MAS chief fintech officer Sopnendu Mohanty serves as a board advisor and the authority provides representatives to the Foundation's working group, alongside folks from the Bill & Melinda Gates Foundation, Google, and more.

    Continue reading

Biting the hand that feeds IT © 1998–2022