Friday 26 July 2013

PRISM: European business should be more concerned with local snoops than NSA

European businesses should be more concerned about local intelligence agencies' data-collection campaigns than the US NSA's PRISM programme, according to ex-Navy Seal and Silent Circle chief executive Mike Janke.
Janke (pictured right) told V3 he is surprised media and businesses have taken such a myopic view to the National Security Agency (NSA) PRISM scandal when there is a more pressing, immediate threat on their doorstep.
"Every one of them wants to ask about the NSA but if you're in Europe you're surrounded by about 12 NSAs – the Russians, the Chinese, nation states that are using their NSA-level capabilities to hack companies to give their country's economic value a leg up. There's also companies that are hacking other companies, that pay 'consulting firms' to go in and steal intellectual property," he says.
The Silent Circle chief said that, given the increased number of threats and attacks targeting businesses, he was actually surprised it took a scandal like PRISM for the uproar to manifest: "All these things have been known entering the 2000s and it became very prevalent with national state hacking in 2007. There's a known understanding of what we call data collection by nation states. Then there's IP theft and criminal hacking for monetary gain and its been going on for so long that I'm actually surprised it took so long for something like PRISM for it to come to light."
PRISM, the data collection campaign run by the NSA, was revealed earlier this year when ex-CIA analyst Edward Snowden leaked documents confirming the NSA had been siphoning user information from Microsoft, Facebook and Google. Following PRISM's exposure, several other intelligence agencies have been accused of mounting similar campaigns. Within the UK the GCHQ has been accused of collecting vast reserves of data by tapping into global telecoms cables, under an operation called Tempora.
The operations have led to concerns the world is on the brink of a full-blown cyber cold war. Janke downplayed these suggestions reporting most military agencies are still playing catch up with intelligence agencies when it comes to cyber: "I found militaries are so dysfunctional and they are always behind the times. They have no understanding that every young 25-year-old has two or three devices they want to use and they've got policies that are 10 years old and only relate to a laptop."
"They are aware of the problem but they're so slow to act they'll be hacked for three to four years before reacting thanks to the bureaucracy. We see that in Europe and America, they're really, really slow to move to fix things even though they're aware there are serious issues. They spend a year evaluating a technology, so by the time they pay for it, it's obsolete. Where we see the best is actually in special operations and intelligence agencies. They're always up to speed."
Janke believes, despite the seriousness of the revelation, it has helped improve businesses' security awareness in Europe: "It wasn't really until recently that people understood that metadata is so dangerous; that government agencies and criminal organisations can collect your metadata."
"We see that Europe has a good level of security-threat awareness in enterprise, but what we don't see is good policy. European companies have weaker corporate policies where they let people bring any device they want, they let them use that device, yet they don't have a very good way of controlling the devices."
He adds that the trend is a marked departure from that seen in most US firms: "In America you have good policies but not good security awareness, that's the difference. We definitely find that European companies have weaker policies about how to control the communications going in and out of their offices."
Janke's comments mirror the findings of the UK government, which has launched several initiatives designed to help businesses implement more robust security policies. Most recently, the UK Home Office launched a new £4m cyber awareness campaign, designed to educate businesses and citizens about the cyber threats facing them.

No comments:

Post a Comment