GCHQ Director Robert Hannigan told an audience on Tuesday at IA15, the government’s information assurance event, that the global cyber security market is “not quite right” and that standards need to be improved.
Speaking at the same event, GCHQ’s Director-General for Cyber Security Ciaran Martin warned major cyber-attacks on energy supplies, nuclear power stations, and the defense industry are expected in the near future.
His warning comes two weeks after British telecoms firm TalkTalk was targeted by hackers, who exposed thousands of customers’ personal details. In the words of government officials, this served as a “wake up call” for organizations with weak security.
Speaking at the government’s annual information security event, Hannigan said the free market is failing to meet the security needs of nation states.
“It is time to take a hard look at whether the international market for cyber security is working sufficiently well … something is not quite right here. What is also clear is that we cannot as a country allow this situation to continue,” he said.
“Standards are not yet as high as they need to be. The global cyber security market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear. The normal drivers of change, from regulation and incentivization through to insurance cover and legal liability, are still immature.
“Those charged in government with national security have worried about the top-end threats for some time … there is no doubt — significant cyber-attacks will become more common, not less in the coming period,” he added.
Hannigan said the UK is lucky to have avoided a serious incident, like the cyber-attack on Sony Pictures last year, which the US government alleges was committed by North Korea.
He added it was up to businesses to improve their security and that GCHQ is not responsible for protecting private infrastructure.
GCHQ’s cyber-security chief Ciaran Martin gave a talk at the same conference in which he warned the cyber-threat to critical infrastructure in Britain is “chronic, advanced and persistent.”