Cyber-Glossary

Another day, another government report. Adorning my desktop right at this moment is the UK's National Cyber Security Strategy document, launched at the beginning of November 2016 by the Chancellor and Under-Treasurer of Her Majesty's Exchequer, Philip Hammond. It's grabbed my interest for a number of reasons.

First of these is the budget. £1.9bn has apparently been earmarked, though the history of government IT spending should tell us to expect it to cost a lot more. (£1.9bn is also, by an amazing coincidence, the same amount that Her Majesty's Revenue and Customs reckons is being lost in dodged tax by the mega-wealthy.) Lest we forget, the deluxe NHS healthcare records system, commissioned by the UK government at an estimated cost of £2.3bn, was canceled after nine years of work at an eventual cost of £12bn. This was the costliest IT cock-up in history, but the current revamp of the welfare system will overtake it soon unless it's canceled, as the welfare revamp has already cost £12.8bn – for a system that will have only 25,000 users.

The second is the glossary. This wonderful section is a thing of beauty, including no fewer than 28 variations on the word "Cyber." For example, it defines a cyber-physical system as one with "integrated computational and physical components." That sounds like my car to me, and my watch, and my computer, and my phone, and all those webcams that have been turned into a giant bot – in fact it sounds like anything made after 2012 that uses electricity. Any definition as broad as that is functionally useless.

Third, there's no mention of the words "Linux" or "Windows." The document completely ignores the vast differences in hackability that exist between different operating systems. The need to replace legacy systems is mentioned though, and I think this gives us a clue as to where a large chunk of the money is going to be spent. Rather than name Windows as inherently insecure; the Internet of Things as completely wrongheaded; and the weakest link as human failing, we're going to spend £1.9bn getting consultants to replace instances of Ye Olde Windows XP with Windows 10, with a couple of settings changed and a couple of ports closed by default. There will be bespoke secure IRC channels that only work with Internet Explorer, and there will be a load of knighthoods handed out to the CEOs of the companies fleecing the taxpayer, and some tasty board-level positions for the politicians that signed off on the spending.

Meanwhile, script kiddies will laugh and keep on trucking, and makers of every gadget going will add Internet access with a default, hard-coded admin password of password123. Well done Britain. Well done.