Ian Levy, technical director for the UK’s National Cyber Security Centre, has urged technology companies to focus on developing products that help end users make better security decisions.
The 2018 edition of Cyber UK opened its doors in Manchester this morning, with the aim of helping create a safer digital Britain.
Hosted by the UK’s National Cyber Security Centre (NCSC), the summit welcomed specialists from across government, industry, and law enforcement.
The expo’s launch was accompanied by a new NCSC report, The Cyber Threat to UK Business, which takes stock of a year that has seen no shortage of cybersecurity incidents, including the WannaCry ransomware outbreak, high-profile data breaches, and cryptojacking.
On the opening morning of Cyber UK 2018, The Daily Swig sat down with Ian Levy, technical director for the NCSC, who discussed the center’s principal aims in 2018.
“We are trying to make the UK a harder target, at scale,” said Levy. “We have automated and non-automated [mechanisms] – all the things that GCHQ can do in order to try and make the UK safe.
“For me, I think the biggest issue for the next year is trying to get the industry to talk about cybersecurity in a way that the general public can understand – to demystify it, to democratize it, and help people make better decisions.
“In the end, [cybersecurity] is just risk management. You do risk management every day of your life. Why should this be any different? We teach people how to drive, which is an incredibly complicated thing to do. But we designed cars so that people can do it.”
Levy added: “We haven’t designed technology to be used by people. That’s why we’ve got the problems we’ve got. I think we need to hold some of the technology companies to account to make better products to help people make decisions better.
“The technology is broken, not the people. We need to fix the technology so people can make better decisions, on average.”
According to Levy, every cyber-attack, regardless of who has orchestrated it, runs on a return on investment calculation – and it’s the NCSC’s aim to make an attack against British consumers or enterprises unprofitable.
“That ROI calculation is different depending on who you are talking about – if you are making money or if it’s a nation state – but we are working hard to shore up the country’s critical infrastructure and the fundamental services that we all rely on.
“We are also trying to [bring about] massive-scale market change through things like the IoT code of practice. If we can do this in the IoT space, we can do it in other spaces, too.
“Active defense is a symptom of a problem. If the longer-term market change works, then active defense will go away or certainly change significantly.”
In terms of corporate responsibility, Levy said it is “absolutely critical” that companies who hold data are held to account for protecting that data properly.
“Things like GDPR and NIS are going to really change how people view the investment they make in data security,” he added. “I hope that they make that investment wisely and make sure they understand the value of the data they hold.”
Cyber UK continues tomorrow, with more coverage and live tweets from The Daily Swig.