It seems that we are to have a new national Cyber Security Strategy.

The excellent Spy Blog asks some pertinent questions about operational accountability, showing some sharp insight into the way things work or not in practice:

Does either the Office of Cyber Security or the Cyber Security Operations Centre

  • have a elected Cabinet Minister directly responsible for it, and democratically accountable for its failures (or, in theory, responsible for its successes) ?

     

  • have even a junior elected Minister directly responsible for it, and democratically accountable for its failures (or, in theory, responsible for its successes) ?

     

  • have even a senior Civil Servant of Permanent Secretary rank directly responsible for it, and professionally accountable for its failures (or, in theory, responsible for its successes) ?

     

  • have any independent budget to spend on Cyber Security ? If so, then how much ?

     

  • replace any of the other existing bureaucratic agencies, offices, departments, quangos, non-departmental government bodies etc, ?

     

  • have any planned strong statutory legal enforcement powers i.e. criminal prosecutions with fines and or prison sentences ?

     

  • have any planned weak statutory legal enforcement powers e.g. like the Information Commissioner ?

     

  • have the power to cancel or amend Government IT projects and IT contracts if they are fail the Cyber Security standards ?

And concludes:

So what is the Cyber Security Operations Centre going to do , which the other existing agencies and quangos are not already doing e.g. CESG, CPNI, CERT, CEOP, SOCA, MI5, Police Computer Crime units etc?

Answers please, someone.