To ensure cyber security, cooperation is essential between governments” – An Exclusive Interview with Rt. Hon. Francis Maude, UK Minister for Cabinet Officeweb-post October 16, 2013
The British government’s stance on Cyber Security and Internet governance firmly favours a multi-stakeholder approach with a substantively large role for the private sector, at a time when the world is grappling with serious policy and Internet jurisdiction questions in the wake of the Snowden exposés.
The British Minister for Cabinet Office, Mr. Francis Maude, MP, who bears direct responsibility for the U.K.’s cyber security policies was recently in India and spoke to SECURITY TODAY Group Editor Mr. GB Singh and Executive Editor Mr. Anil Sharma exclusively. The discussion focused on the various facets of cyber threats and how the British government was willing to coordinate with India in battling this new threat.
Excerpts from the Interview:
ST: What brings you to India?
There are a lot of common interests between India and Britain. We always like to have a very close and deep relationship between our two countries. And the current government in Britain is seeking to enhance this relationship. As far as I am concerned, I deal with a whole range of topics which have shared interests with India, digitalization for one. I was very keen to involve the private sector business in India so that they can be involved in this digitalization. And then there is cyber security where it is imperative for all governments to collaborate. And we know there is a high level of capability in India. There is considerable capability on this in Britain as well, but as we know these threats are fast moving and fast changing, governments need to collaborate together, as well as with businesses. Then, in the field of open data we would like a whole lot of collaboration.
ST: Are your efforts in engaging with the Indian government on the issues meeting with the right kind of response?
I think there is a very sincere desire to open up. Different governments are going about it at different paces. There may be a few governments who are not making that movement to openness. But that will
ST: In India, the general impression is still that the threats are more in the physical sense and not so much in cyber space.
Yes, I think that governments tend to be more aware on the cyber security issues than businesses. It is tended to see this as an issue for the governments. In reality it isn’t. It’s just as much a threat for businesses as for the governments. Even if businesses are not internet based, they are vulnerable to cyber attacks. They all have email systems, storing data and digital systems. It is reckoned that 80 per cent of cyber attacks could be defeated by basic internet hygiene. You know – basic updating, protection and so on. It’s nothing very sophisticated or complicated at all. But it has to be done constantly. At the higher level of cyber security we need to have a high level of coordination and cooperation.
ST: But is this cooperation happening globally or do you think there some reservations exist in certain countries on the subject of openness and cooperation?
Well, it is very varied. There are not uniformly high standards of collaborations. There is a very good level of collaboration between Britain and India. But then again, the governments need to be collaborating within themselves, then with other governments and ultimately with businesses. It will not help if the collaboration is only between governments while within itself there is no such collaboration.
ST: For physical security, countries can unite when they have a common identified enemy, but in the case of cyber threats, how do you identify the enemy?
The alignment is not all that difficult because every country has an interest in ensuring that their intellectual property is protected. But the extent to which it happens tends to vary. This identification is a continuous process.
ST: From your experience, is there some reluctance in sharing information with businesses?
Yes, some businesses have been rather wary of sharing information because they believe it can be commercially damaging. I feel it is commercially more damaging for them not to share information. In too many cases there are businesses, who aren’t internet companies but have data in digital form, that need to take this concept very seriously.
ST: Tell us something about the UK’s cyber security programme that was initiated a few years ago and how has that progressed?
We did it because we decided that cyber threat was one of the four Tier-1 security threats. So at a time when we are significantly cutting public spending overall, we decided to invest a significant sum on cyber security. The bulk of it is being spent on capacity building capability, then recruiting and training the right staff, and trying to avoid duplicating capability. We spent money on developing and supporting centers of excellence, supporting business and raising awareness; investing in additional protection for our critical national infrastructure. But really the biggest single investment would be in building better bigger capacity. Most governments are under- prepared in this.
ST: What is needed to get them to meet a specific level of preparedness?
Well a whole lot of things, like how well is the protection of critical national infrastructure, how aware of the risks are the private sector companies and businesses.
ST: What are the government infrastructures that are most vulnerable?
Well, we look at all areas really. All the way from financial services – because it can be very damaging for
the countries if payment systems are brought to a halt, energy – production and distribution, water companies, transportation, oil and gas…everything is under risk. We can’t say that any one of them is particularly vulnerable but they all have to be well protected and we work with these sectors to ensure they are well protected.
ST: Has there been any recent attack where cyber security has been breached on a national level in UK?
I’m not aware of any recent attacks.
ST: What do you hope to achieve with Indian private sector companies, since this time you are not leading an entourage of British companies?
What we are trying to get is a sense of what they can do in future – a bit of an exploratory exercise. We
are also trying to see if there are any specific collaborations that could be fruitful. We are always looking at what are the next developments in technology, because that is essential.
ST: The Indian government would really be encouraged by your visit because in India the government has not been very forthcoming opening in up to the private sector.
Why is that?
ST: For example, we have been buying defence equipment from outside but the government has not really opened up to buying this equipment from Indian private sector companies. So your visit, as a part of a British government initiative in coming here and meeting the private sector, may well be seen as encouraging.
Well I’m doing both. I’m engaging both with the private sector here as well as with the government. And I sincerely believe in this field you have to do that. We need to know about innovation and see how
we can best utilise it and support it. You can’t do one without the other.
ST: When you talk about building capacity, you need to have a lot of people who are educated in the cyber security area. Do you think there can be cooperation with Indian universities?
Absolutely. I believe there is a lot of scope in enhancing the academic collaboration but we are, as of now, not collaborating with any university at this stage.
ST: New Delhi is your first stop; where else would you be travelling?
Yes, New Delhi is the first and then we are going to Mumbai and Bangalore.