Mr Harvey made these remarks during a speech he delivered at the Govnet National Security Conference 2011 in London this morning.
In the speech Mr Harvey spoke about the need to redefine what is meant by the critical infrastructure of the nation and how it is protected in the digital age.
Discussing the clear benefits of the internet and digital technology, Mr Harvey also pointed out that cyberspace is abused by people, because, he said, cyber crime, cyber espionage, cyber terrorism, cyber vandalism, even the use of cyber in warfare, are all just human pursuits - simply crime, espionage, terrorism, vandalism and conflict by another means. He added:
The difference is the method, not the outcome or the intent - stealing money is stealing money regardless of whether it is done by pickpocketing or hacking.
So I do not agree with those who say we need a massive raft of new criminal offences relating to the internet.
What we do need is to become smarter in preventing, detecting and prosecuting the use of cyberspace for criminal ends. This is why we are investing in capabilities that enable law enforcement agencies to combat criminal activity in cyberspace.
Mr Harvey said that a great deal of the current threat can be dealt with through the application of what he’d call basic ‘cyber hygiene’.
This, he said, is the commonsense application of security measures that are simple to follow and easy to implement:
- keep your anti-virus software up to date
- regularly scan your computer for viruses
- do not post sensitive personal information on open sites
- do not open email attachments from senders you do not recognise
- do not download files you are unsure of.
Mr Harvey continued:
Cyber hygiene needs to be applied both at home and at work because what cyberspace is doing is breaking down the barriers between someone’s job and their personal life.
For example, a member of the Armed Forces gossiping on MSN, posting on Facebook, or tweeting for the benefit of their family and friends needs to be aware that, because of their job, others may well be tuning in - opponents, adversaries, terrorists.
An attack on your computer at home may well be designed to hack into your personal finances, but equally you might have been targeted because of what you do for a living.
Mr Harvey added:
The MOD’s own networks are under daily attack as are networks across government. Between 2009 and 2010, cyber-related security incidents more than doubled at the MOD.
The MOD’s new Global Operations and Security Control Centre provides a state-of-the-art facility in which we are able to bring together all the essential capabilities required to protect our own defence systems, but we know we will need to do more.
We must accept that the security measures we are expected to adhere to at work apply equally, and, just as importantly, at home.
This is the thrust behind the new campaign in my own department - changing behaviours, changing mindsets.
Last month the MOD launched a new campaign to remind Armed Forces personnel, their families and friends about keeping a close hold on information - not just relating to work, but to personal lives too.
Mr Harvey said that those of us with responsibility for national security must ensure resilience and security in our critical national infrastructure (CNI). He said:
Traditionally when we talk of our CNI we are referring to the utility network, transport systems and the energy grids that power the country and keep us going.
Protecting this has been about physical sites and physical assets around the country - power stations, reservoirs, distribution centres. But the context has changed. We need to think differently about what it is essential to protect and how we do that.
The digital networks which sustain our critical national infrastructure should be considered part of that infrastructure itself. Networked telecommunications underpin the UK business and banking system, they underpin the process of government, they underpin public access to everyday services and they underpin our security posture.
Mr Harvey said this is about making sure our emergency services can effectively respond to a serious disaster situation and about making sure we consider the importance of digital networks to the financial system the country relies on, and it is about making sure there is resilience in the digital networks that allow day-to-day governance to continue, in Westminster and across the country.
Mr Harvey said:
Our approach to security in the physical world and in cyberspace needs to be seamless.
The National Security Strategy has made a start in this process, elevating cyber attack into the top rank of threats to national security and creating the new National Cyber Security Programme.
The MOD has created the Defence Cyber Operations Group to ensure that our own departmental work is linked in.
The new National Cyber Security Strategy currently being developed will take forward this comprehensive, cross-government approach.
Its key themes - economic prosperity, increased national security and the protection and promotion of our way of life - embrace the kind of expanded concept that I outlined earlier.
We have to be careful we don’t overextend ourselves or lose focus on what is essential to protect. But we must do so with a new mindset, not just concentrating on protecting concrete and steel, but encompassing cyberspace too.
Mr Harvey also spoke about working together, saying because the cyber challenge has further blurred security boundaries, it means we have to break out of our silos, break down barriers and break new ground in the creation of a new security partnership between government, business, academia and private citizens, adding:
The first step to improving national cyber security will be to get organisations properly sharing information on common threats so that combined responses can be made.
To be successful this project must cover as many sectors of the UK economy as possible.
He also said we need to think and act internationally because cyberspace is international space, adding:
My department has been working closely with allies to develop enhanced cyber relationships and there will be important announcements in the coming months.
The UK has also now ratified the Budapest Convention on Cyber Crime which is a good example of a multilateral organisation making a real contribution in the way in which we can work together.
But all this work needs to be guided by discussion of how states should act in cyberspace. The international cyber conference which the Foreign Secretary announced the UK will host later this year will be an important first step in beginning the process of establishing principles that all nations should adhere to in cyberspace.