AN EX-UK GOVERNMENT CIO has waded into the security debate about NSA and GCHQ surveillance of the internet and told everyone to chill out.
John Suffolk, the global head of Cyber Security for Huawei and a former UK government CIO and CISO, penned his thoughts in a blog post with the title, 'Let's get real about the NSA. Not all technology and data is born equal.'
Suffolk said that he has followed the debate about government surveillance and can see why some people might have some concerns. His concern is that people are worrying about the wrong thing, adding that he can't see a problem with a data-hungry government that won't stop eating.
"I am quite clear I want my government to have as much data as possible. I want them to have the tools, techniques and resources to mine this data to stop a terrible event from occurring - stopping one event is good enough for me," he said, before adding that there should be some transparency to this.
"Having said that I want the legal frameworks to be in place, I want transparency, I want oversight and I do not want my government (or any government) to cross the line and weaken security for all by building in backdoors, weakening crypto or any of the shenanigans that have occurred with the American tech industry."
Suffolk suggested that fantasy talk has entered the internet surveillance debate, saying that the resources and measures of the NSA have been overestimated, and that individuals and organisations do not need highly secure systems.
"We need a little more realism about what security agencies do and their capability to attack and breach the security of companies and governments through any vendor's equipment. No government will demand that every technology system they operate runs at top secret. No company will demand that every system they run is at top secret and few citizens will demand their phone, tablet, PC etc runs at top secret... even if they could buy such stuff," he added as he looked to take the discussion away from back doors and side exits.
"So we should not be surprised that the NSA has a catalogue of tools and techniques to break into vendor's equipment given this is what they do."
While he had everyone's attention, Suffolk called on the industry to improve standards. "Currently we have no collective idea what good looks like when it comes to security. There are no internationally agreed security standards; there are no agreed standards on product verification; there are no agreed internal laws or standards of behaviour for Governments to operate in the digital world," he added.
"In our view, it is paramount that the entire ecosystem of governments, industry and end-users step up to collectively work on the problems and challenges we will face in the future."
His comments follow reports that the NSA is building a quantum computer than can break any security systems that cross its path. µ
Sign up for INQbot – a weekly roundup of the best from the INQ