4.6 Increased attention to the resilience of critical infrastructure
The need to take a much more considered approach to the protection and long term resilience is obvious but has been severely neglected by the current government. The proposed systematic modelling of all related infrastructure and services is an idea that is well overdue but may need legislation as much of it is owned or administered by private sector and overseas organisations.
Once a thorough understanding has been obtained it will form a basis for legislation and the development of minimum national standards, again, another long overdue requirement.
Most of these industries have separate regulatory regimes and requirements so whether the standards would be developed and imposed through these or by some other resilience regulator is open for discussion.
The idea of a super regulator with responsibility for short and long term resilience should be pursued with some vigour.
The protection of critical sites by armed police for example, is currently split between a number of civilian and military constabularies. We looked peripherally at this with our post on military policing and any move to create a single guarding service is to be welcomed.
Energy and cyber security also come in for special attention in the report but the term ‘cyber’ adds an air of superficiality to what is a very serious subject. Energy security is an expansive subject and closely tied up with the climate change debate, it is slightly out of the scope of this post but the suggestion of linking overall security strategy to energy security is sensible.
In regards to electronic security across the internet, SCADA networks and telecommunications networks the UK definitely needs to do more but this should build upon works already done and expertise available in both the public and private sector. There is a large international element to electronic security because physical boundaries provide little protection and transnational criminal and intelligence networks are distributed. The EU and NATO have already done much work, supported specifically by Estonia and the UK should seek to support and enhance this in addition to strengthening national capacity.
One area that does not seem to be mentioned is that of electronic attack, almost as if that isn’t the sporting thing to do, instead concentrating of defensive measures.
As all readers will know, the most effective defence is offence. In any attack the likelihood of a smoking gun is remote but this should not deter the UK from developing a strong electronic attack capability and not being shy about letting the world know about it. This might even extend to being able to interdict physical infrastructure such as satellite or undersea fibre optic cables.
There is also the intelligence benefit of electronic intrusion that should not be overlooked in the rush to defend ourselves.
In addition to technical measures the UK, in the same manner as business continuity, has created a leading standard framework for information security management. The ISO27000 series integrates with BS25999 and other management standards. The existing public sector Security Policy Framework implementation needs robust enforcement and this should extend to external third party certification.
4.7 Striking the right balance – ensuring security while protecting civil liberties and social cohesion
The final section in the document makes the point that most of the terrorist attacks on the UK have originated in this country. The growing realisation that New Labour multiculturalism has made this country a more decisive place and the self evident erosion of many deeply rooted civil liberties has not created a safer society.
There is a great hope that an incoming Conservative government would take a more robust approach and restore ancient civil liberties, lets see shall we.