Who should be Britain’s cyber security czar?

Slowly but surely, politicians are really starting to take the threat of cyber security more seriously.

Reports claim that Prime Minister Gordon Brown is set to announce a national security centre to combat the threat of foreign hackers.

This comes in parallel with US efforts to set up its own cyber security agency focusing its efforts on cyber defence, as well as attack.

US President Obama is also looking for someone to lead the security effort a cyber security czar who has direct contact with the White House.

The UK is already working towards a US-styled cyber agency but does it also need a figurehead a czar dedicated soley to cyber security? The opposition party seems to think so.

Last year, the Tories called for the appointment of a new cyber security minister as part of growing measures to combat the threat.

The role of a cyber security czar

So if the government did appoint a cyber security czar, what would he or she need to do?

Rik Ferguson, a security expert at Trend Micro, said that the first job of a prospective security czar would be to "eliminate the low-hanging fruit" that invites criminal activity on both public and business networks.

He said that IT policies around things such as Windows Autorun, passwords, up to date software and application/operating system (OS) patching left much to be desired.

"It is documented that Conficker, for example, infected both parliament and the Ministry of Defence, and this absolutely should not have happened,"he said.

"We should not have to wait for the next infiltration of government networks to find out which simple areas of IT security are neglected," he added.

Ferguson also said that the czar also needed to conduct a root and branch review of all systems connected to government secure networks.

Kevin Hogan, security expert at Symantec, said that this was a very complex issue, and debate about a new role shouldn't overlook the fact that a lot of activity was already taking place to protect businesses and consumers.

He said: "If this role was to be created it will need to be taken by someone who has an in-depth understanding of the existing regulatory infrastructure in the UK and Europe, if they are to be able to make a difference.

"There are a number of stark differences between the US and UK approaches to cyber security currently and a one-sized approach will not fit all."