Now four months on from the revelations of Prism from Edward Snowden, it seems that businesses are the next to respond to the surveillance.
This week it has been reported that both Germany’s Deutsche Telekom and Brazil’s Government have announced plans to offer services that deliberately bypass the United States and UK to avoid surveillance by the NSA and GCHQ respectively.
According to the German news website
Spiegel, Deutsche Telekom is proposing a specified data path for emails and to avoid hosts and hubs in the UK and the US, thereby preventing the ability to monitor such traffic and listen. It said that it wanted “to agree with all important business partners in Germany, that emails and other information exchange are conducted only on nodes within Germany and not about foreign nodes”.
It claimed that this would “ensure that only local authorities and intelligence agencies could get access to the data traffic”. Meanwhile, the
Register reported that Brazil will develop a secure email system to try and protect its government-level communications against American spying.
A series of Tweets from Brazilian president Dilma Rousseff said the Brazilian government needs “more security on our messages to prevent possible espionage” and she had ordered SERPRO – that country’s federal data processing service – to implement a whole-of-government secure email system.
Rousseff has already condemned the USA and Canada for allegedly spying against Brazilian government agencies, while other countries are less than pleased. What we are seeing here is a form of response from nations and governments to the reality that they are being spied upon, and a method to protect their own citizens.
The challenge here is for governments to protect their own citizens, while on the other side the NSA will want to warrant its own activity in monitoring, and find itself without access to state-built systems.
In another story, it was reported by
IT Pro that the talent shortage it hitting the Government’s anti-hacking plans in fighting attacks. After the Ministry of Defence (MoD) announced plans to hire “ hundreds of computer experts as cyber reservists” last month”, the report claimed that demand for specialists is far outpacing the number of those qualified to do the job.
The skills shortage is not big news; in fact it is something that I have been writing about for all of the time that I have been in IT security, but did anyone really consider that great plans to hire would be hampered by a lack of experienced people?
My assumption is that the reservists would be those employed elsewhere and giving up their time to contribute, but in previous conversations that I have had, it was made clear that full time people are needed and part timers would not be sufficient.
Another story similar to this appeared in
the economic section of the India Times, where chairman of the Indian National Skill Development Agency, S Ramadorai, called for hiring of ethical hackers and to treat them like Special Forces. Ramadorai said that the private sector “must play a crucial role in enhancing cyber security capabilities” and identified that while India has followed other initiatives to identify and recruit the right people, “much more needs to be done”.
He said: “The talent is available. We must also focus on rapid detection, containment and reaction.” Few nations seem to have the capability to grow and develop appropriate talent, perhaps apart from China, Israel and the United States, but for those solving attempting to solve the problem, the dilemma is clear.