Speaking at the launch of the National Cyber Security Centre's third annual review, NCSC chief executive Ciaran Martin outlined how evolving technology could be harnessed to improve cybersecurity standards for both businesses and citizens.
Many of the issues we're facing in 2019 -- like hacking, cyber attacks and malware campaigns -- weren't considered by governments or industry in the early days of the internet, so securing it wasn't seen as the crucial issue it has become.
"We're dealing with a legacy that I would call accidentally insecure," said Martin.
"No-one in the 1990s in public policy anywhere in the world really saw the internet coming in the way that it did; nobody in the industry looked at security from a structural or strategic point of view," Martin explained, citing internet pioneer Vint Cerf, who once said: "We didn't focus on how you could wreck this system intentionally".
Now the world finds itself having to deal with nation states, hackers and cyber criminals intentionally trying to break the system, creating risks for users.
However, the rise of new technologies and their potentially crucial role in everyday lives going forward means that governments, technology vendors and cybersecurity companies can plan for potential problems around security before they arrive.
Secure by design
While the Internet of Things (IoT) undoubtedly creates potential risks – especially when it comes to the number of internet-facing endpoints potentially vulnerable to attackers – the risk is a known quality, so it can also be dealt with in a way which, if applied correctly, could improve internet security.
That's because, Martin suggested, the way the internet currently operates creates security risks for users.
"We're moving away from an internet economy where people give away large amounts of personal data for free in order to get services they don't have to pay for with money – which isn't very good for security – towards a model where people will be paying for products and services".
That, he argued, "gives us an opportunity to introduce objective standards that consumers and businesses can judge when buying those products and services".
The NCSC has already worked alongside the Department for Culture, Media and Sport to produce guidelines for IoT device manufacturers designed to ensure that products are secure and easy to update. Companies that adhere to the Secure by Design code of practice can therefore prove their devices are secure, allowing the public to make informed decisions when buying and installing IoT products.
The code of practice is still in its relative infancy, and vendors can still ignore it, but the NCSC believes it can act as a template for ensuring that other emerging technologies are secured against current and future threats.
"Let's use that model when we're thinking about quantum [computing], when we're thinking about aspects of artificial intelligence, when we're thinking about 5G. Let's use that model of working out how this digital economy is going to work and what action we can take to make it safer," Martin concluded.
MORE ON CYBERSECURITY
- Securing the IoT: A question of checks and balances
- How to secure your IoT devices from botnets and other threats TechRepublic
- IoT security: Why it will get worse before it gets better
- IoT attacks are getting worse -- and no one's listening CNET
- AI, quantum computing and 5G could make criminals more dangerous than ever, warn police