Ministry of Defence cyber chief urges UK to follow Estonian example

The UK needs to follow Estonia's example in order to improve user education and reduce the vast majority of cyber threats, giving government and industry an easier target for harm reduction, according to the head of the Ministry of Defence's Defence Cyber Operations Group.

Major General Jonathan Shaw argued at the Cyber Security 2011 conference on Tuesday that ''cyber war' is a misleading term.

"I dislike the words 'war' and 'cyber' because both imply it's something specialised and technical; other people's problems. This is absolutely wrong," he said.

"My observation is that activity in cyber space breaks down and crosses all barriers [and] distinctions between war and peace and civilians and personnel. We are all under attack all the time."

Shaw explained that the UK needs to move from a country in "pre-attack mode" to emulate Estonia, which is "an interesting example of a country in post-attack mode".

He likened the time lag that exists in the UK between the population appreciating there is a risk in cyber space and doing something about it, to a similar lag in the 1980s when the risks of contracting Aids were clearly publicised but large numbers still practised unsafe sex.

"Bad cyber hygiene is the biggest threat to us in the short term. How safe are you in your personal behaviour? How safe is your intellectual property that resides in industrial supply chains?" he said.

"Mass attacks are swamping our technology response. We need to make it a manageable target for government and industry. Eighty per cent of threats could be nullified by good cyber hygiene."

However, the Ministry of Defence itself has come under fire in recent days for a less than rigorous approach to cyber security.

The department said on Monday that the loss of 188 laptops in the past 18 months, of which only 20 have been recovered, was "inevitable" because of the organisation's size.