Cyber security in Northern Ireland
‘Oops! Your files have been encrypted’ is the message most of us, at work or in the home, dread seeing on the screens of our myriad devices.
Yet despite the efforts of governments internationally and commercially-driven companies, the threat is increasing apace, with the villains always one step ahead.
The first Holyrood Connect conference to be organised in Northern Ireland heard the trend across the globe is for frequent and complex cyber-attacks.
“Cybercrime is the most secure way of committing crime,” insisted Klaid Magi, a leading European expert on the threat levels and how to combat them, “and everybody knows it.”
Yet, he added: “There is also a growing gap between the production of solutions – increasing security – and the general knowledge of senior civil servants and company managements of how to use them.”
The race to catch up, never mind trying to pre-empt cybercrime, was the focus of the gathering in Belfast, the first major event on the issue in NI, and it coincided with the unveiling of the province’s strategic framework for action – launched despite the collapse of the regional Executive and Assembly for more than 15 months.
“Northern Ireland is already a centre of excellence for cyber security,” claimed Ignatius O’Doherty, chief strategy officer in NI’s Department of Finance’s digital shared service section.
At present, a cyber leadership board already comprises all departments, local government and the Police Service of NI (PSNI) and is soon to be extended into academia at Queen’s University and Ulster University.
Its aim is to set up a Northern Ireland cyber centre “where people can get advice on staying safely online,” he added. For local authorities and departments, the practical applications of the technology are endless.
In public service terms alone, citizens would be able to tax their vehicles, fill out self-assessment tax returns, inform agencies about the death of a relative and even get their bins collected more efficiently than at present.
And the use of such premium-rate services by local councils – such as time-slot pick-ups of bins residents forgot to put out for the regular collection – could also allay increases in rates and even raise revenue, potentially.
However, the more negative side, and the extent of the threat of cybercrime, was illustrated by figures showing a total of 150 million emails are received every month by NI government departments but 147 million of them are blocked.
The 98 per cent shut-out through firewalls and other methods illustrates the extent of spam in the internet which, in itself, O’Doherty went on, is indicative of the level of cybercrime.
The gathering of more than 150 delegates in the Europa Hotel, once known as Europe’s most bombed hotel, came against the backdrop of the imminent introduction of GDPS, the game-changing European legislation giving individuals the right to demand privacy from local authority and other data systems.
The wider challenges, delegates were told, also includes the challenges presented by Brexit and the general environment of austerity, cash becoming less available at the precise moment more is needed – as well as the apparent breach of trust involved in the Facebook/ Cambridge Analytica affair, and fears of a Russian cyber onslaught in the aftermath of the Salisbury attacks.
Yet on the more positive side, there have been successes in the fight against cybercrime, even in Northern Ireland.
Cases there have included a criminal gang involved in human trafficking, a businessman attempting to extort money from his own company by selling them back vital data he had stolen – ensnared in a joint operation with authorities in Bulgaria – and a former police officer who attempted to purchase a gun silencer on the ‘dark web’.
But Detective Sergeant Richard Campbell, head of the PSNI’s cybercrime centre under their special investigations branch, warned the war is against increasingly complex devices as well as clever individuals.
People in the province “often think we are detached from the mainstream”, he said, but in terms of cybercrime, the province is experiencing all types including espionage and ‘hacktavism’, cybercrime warriors, mostly with a cause, or who just like the joy of causing disruption, in their warped eyes.
Rik Ferguson, Vice President Security Research at Trend Micro, one of the conference sponsors, which is also a global leader in cyber security, also underpinned the core message of the conference against complacency.
“Change only gets faster,” he said. “(Cyber) attacks are getting more selective, aimed at getting more bang for their buck.”
An info security Hall of Fame inductee, who is one of the UK’s experts, Ferguson warned that even crimes which no longer grab newspaper headlines retain the potential to infect devices and wreak havoc.
It was a secondary-age schoolboy from Northern Ireland who hacked into Talk Talk’s system in 2015, costing the company £60m with around 101,000 customers leaving.
But the 15-year-old was not motivated by malice, O’Doherty told delegates: “He learned how to do it in school.”
He then warned delegates that he was about to project a dramatic image on-screen, with an enormous picture of two rats. “If your house was infected by rats, you would spend a lot of money protecting it,” he said.
But he also warned against automatically going for the most expensive or latest product, many of which were on display. “Good enough is sometimes good enough,” he added.
Women were well represented at the one-day conference but O’Doherty also revealed that 90 per cent of those working in cyber security are men.
One of the aims of the province’s new strategy is, therefore, targeting primary school-age girls to encourage them to enter the field – an initiative which gained applause at the opening session.
In one of the breakout sessions later, Graeme Stewart, director of public sector at Fortinet Security reinforced the overall message of the day: “We are now at a point where cybercrime is across the whole piece,” he said.