Government should use former hackers to boost cyber defences

The UK's former secretary of defence, Lord Reid, has argued that the government must use a combination of education, partnerships with businesses and even recruiting former hackers to shore up the nation's online defences.

Reid was speaking at the launch of a report titled Cyber Doctrine - towards a coherent evolutionary framework for learning resilience in his new role at the Institute for Security and Resilience Studies at University College London.

He argued that, while total control of cyber space will never be achieved, preparing for future threats has to be a priority and must involve the government working with outside agencies and even former criminals.

"We have to accept that we cannot control cyber space. Learning, entrepreneurialism and the capacity to constantly innovate are the fundamental preconditions for gaining the best from cyber space while minimising the dangers," he said.

"What has become obvious is the centrality of entrepreneurial dynamic thinking, culture and action, much of it from small networks and businesses, academic-industry partnerships and individuals who made their first visits to cyber space as hackers."

Reid said that the government needs to update its strategy to represent the fact that cyber threats do not adhere to national boundaries, adding that the US approach marked the way forward in this regard.

"This disjoint between the US and UK approaches is evidence that we have not yet understood that cyber crosses all boundaries," he said.

"We should learn from the US and ask whether enough of the government's cyber spending is going to education and research, the essential elements of strategic capacity building."

The government announced late last year that it would provide an additional £500m to fight cyber crime, while current defence secretary Liam Fox called on Monday for the creation of a fourth branch of the armed forces to focus on cyber threats.

The risks from hackers and online groups has been well documented in recent weeks. LulzSec has brought down numerous large institutions such as the CIA and the Brazilian government to highlight the inadequate security protection used by many organisations.