“Mind the Gap” between innovation and cybersecurity, says UK’s Cyber Chief

“Mind the Gap” is a commonplace phrase warning commuters about the space between the train doorway and station platform edge in large metro systems around the world, particularly in the London Underground and Singapore’s Mass Rapid Transit (MRT) system.

It is also an apt metaphor that cybersecurity professionals should take heed of, said the United Kingdom’s new CEO of the National Cybersecurity Centre (NCSC), Richard Horne, at the Singapore International Cyber Week (SICW) 2024.

At the event, Horne highlighted the increasing risks posed by emerging technologies, such as artificial intelligence (AI) and quantum computing, towards the cyber security posture of the global community.

“Increased dependence on technology is driving growth and transforming societies, creating exciting new opportunities. It also exposes us to greater cyber risks. Without collective action, we risk widening the gap between the escalating threats to our societies, critical services, and businesses, and our ability to defend and be resilient,” he said at the international forum.

To subscribe to the GovInsider bulletin click here. 

Growing divide between innovation and cyber resilience

Speaking to GovInsider, Horne said that although technologies such as AI and quantum computing can improve global cyber resilience, the global community also needs to be prepared for the increasing risks they pose.

“When quantum computing gets to a certain scale, they will become cryptographically relevant. We will need to replace a lot of the cryptography that’s used globally with quantum resistant cryptography, so that quantum computers can’t defeat them,” he explained.

Cryptographically relevant quantum computing can weaken current forms of cryptography by running algorithms to break traditional encryption at speeds that are unavailable to traditional computing.

The national cyber community is taking steps to address today. The United States’ National Institute of Standards and Technology (NIST) released three quantum-safe encryption algorithms in August this year, which aim to secure a wide range of digital information from quantum attacks.

“We need to move towards the actual implementation of those algorithms, get them right, and start to get users to adopt them,” said Horne.

Beyond the threats posed by emerging technologies, he also encouraged the tech community to embrace a lifecycle approach to security when developing tech, to ensure that they are resilient in the face of future cyber challenges.

For instance, some credit cards use chip-and-PIN technology to reduce security risks at every stage, from card issuance to transaction processing and card renewal, he noted.

Changing cyber winds

Horne took office at NCSC in October this year, but his role in the UK’s cyber security efforts dates back to 2011, when he helped to shape the government’s first cyber security strategy.

Asked about how the landscape has changed since then, he said: “We are more dependent on technology today than we were 15 years ago. That means we are more exposed to the impacts of cyber-attacks and the attacks have greater impacts.”

“We now have new technologies disrupting things quite quickly as well. All that is driving a more exposed society. Our ability to defend and be resilient to successful attacks needs to rise faster to keep pace with that exposure. The urgency and the need to drive action is probably more pressing today than it was 15 years ago,” Horne said.

NCSC aims to make the United Kingdom the safest place to work and live online. To achieve that goal, Horne highlighted three strategies.

The first is to create a secure technology base by introducing the right principles, incentives and frameworks to drive a secure-by-design approach to tech development; the next is to raise the cyber competence of tech users, as well as to help organisations raise their cyber resilience and recovery efforts; and the last is to be able to manage and counter national cyber threats.

Earlier this year, the UK government announced a new Cyber Security and Resilience Bill to strengthen the cyber resilience of essential digital services and increase incident reporting requirements.

To subscribe to the GovInsider bulletin click here.

Importance of international collaborations

It is of note that Horne’s first overseas visit since taking up his new role was to Singapore for SICW – a fact he attributed to Singapore’s role as a leading cybersecurity convenor.

“Singapore has such a powerful role in this region of being able to convene so many different nationalities and interests, and really convene a load of players not just from this region,” he said to GovInsider.

He further noted that in today’s cyber climate, risks are increasingly borderless – as such, global coordination is a must.

For instance, the International Counter Ransomware Initiative, of which Singapore and the UK are party to, comprises 68 countries working together to develop collective resilience to ransomware attacks.

“Choosing Singapore International Cyber Week as my first overseas visit as CEO of NCSC underscores the strategic importance I place on our relationship with Singapore and reinforces my wider commitment to meaningful cyber dialogue across the region,” he said at the event.