European businesses
should be more concerned about local intelligence agencies'
data-collection campaigns than the US NSA's PRISM programme, according
to ex-Navy Seal and Silent Circle chief executive Mike Janke.
Janke (pictured right) told V3 he is surprised
media and businesses have taken such a myopic view to the National
Security Agency (NSA) PRISM scandal when there is a more pressing,
immediate threat on their doorstep.
"Every one of them wants to ask about the NSA but if you're in Europe
you're surrounded by about 12 NSAs – the Russians, the Chinese, nation
states that are using their NSA-level capabilities to hack companies to
give their country's economic value a leg up. There's also companies
that are hacking other companies, that pay 'consulting firms' to go in
and steal intellectual property," he says.
The Silent Circle chief said that, given the increased number of
threats and attacks targeting businesses, he was actually surprised it
took a scandal like PRISM for the uproar to manifest: "All these things
have been known entering the 2000s and it became very prevalent with
national state hacking in 2007. There's a known understanding of what we
call data collection by nation states. Then there's IP theft and
criminal hacking for monetary gain and its been going on for so long
that I'm actually surprised it took so long for something like PRISM for
it to come to light."
PRISM, the data collection campaign run by the NSA, was
revealed earlier this year when ex-CIA analyst Edward Snowden leaked
documents confirming the NSA had been siphoning user information from
Microsoft, Facebook and Google. Following PRISM's exposure, several
other intelligence agencies have been accused of mounting similar
campaigns. Within the UK the
GCHQ has been accused of collecting vast reserves of data by tapping
into global telecoms cables, under an operation called Tempora.
The operations have led to concerns the world is on the brink of a
full-blown cyber cold war. Janke downplayed these suggestions reporting
most military agencies are still playing catch up with intelligence
agencies when it comes to cyber: "I found militaries are so
dysfunctional and they are always behind the times. They have no
understanding that every young 25-year-old has two or three devices they
want to use and they've got policies that are 10 years old and only
relate to a laptop."
"They are aware of the problem but they're so slow to act they'll be
hacked for three to four years before reacting thanks to the
bureaucracy. We see that in Europe and America, they're really, really
slow to move to fix things even though they're aware there are serious
issues. They spend a year evaluating a technology, so by the time they
pay for it, it's obsolete. Where we see the best is actually in special
operations and intelligence agencies. They're always up to speed."
Janke believes, despite the seriousness of the revelation, it has
helped improve businesses' security awareness in Europe: "It wasn't
really until recently that people understood that metadata is so
dangerous; that government agencies and criminal organisations can
collect your metadata."
"We see that Europe has a good level of security-threat awareness in
enterprise, but what we don't see is good policy. European companies
have weaker corporate policies where they let people bring any device
they want, they let them use that device, yet they don't have a very
good way of controlling the devices."
He adds that the trend is a marked departure from that seen in most
US firms: "In America you have good policies but not good security
awareness, that's the difference. We definitely find that European
companies have weaker policies about how to control the communications
going in and out of their offices."
Janke's comments mirror the findings of the UK government, which has
launched several initiatives designed to help businesses implement more
robust security policies. Most recently, the UK Home Office launched a new £4m cyber awareness campaign, designed to educate businesses and citizens about the cyber threats facing them.
No comments:
Post a Comment