Cybersecurity is an oxymoron for the Digital Age

August 17, 2023

0 3 minutes read

THE digital era has enriched the list of outstanding oxymorons that already includes “military intelligence” and “competent authorities” with a new contradiction in terms: “cybersecurity.”

Last week, in response to a freedom of information request, an official from the Police Service of Northern Ireland (PSNI) mistakenly posted the personal details of 10,000 officers on the internet. For three hours, a digital free-for-all ensued; anyone could access the surname and first initial of officers, their rank and grade, where they are based and with whom they work — including with the domestic intelligence service, MI5.

The chief constable of the PSNI, Simon Byrne, has confirmed that republican terrorists downloaded the information. It is certainly one of the most serious breaches of secret data experienced by any police force in the United Kingdom. But will it be the last?

Sensitive data breaches are becoming commonplace. Cyberattacks by hostile state actors like Russia and China are a clear and present danger. Just this week, it was revealed that records held by the British Electoral Commission from August 2021 have been filched by hackers, but, as in Northern Ireland, technical incompetence and human error are serious threats too. An infinite amount of data is supervised by finite talents and the police who, to put it mildly, are stretched to recruit the best and the brightest — especially in areas where there is acute competition for technological talent.

The risks are plain. Up to 2,000 PSNI officers are now considering taking legal action following the breach, according to their union, the Police Federation. As well they might, since 319 police officers were murdered and almost 9,000 injured, mostly by the Irish Republican Army (IRA), during the 30 years of violence known as the Troubles. By some measures, it was the most dangerous force in the world in which to serve in the 1980s. Even today, there are police officers who don’t let their friends know their occupation for fear of retribution. No wonder staff panicked and desperately tried to wipe their data from the web once the alarm spread. This is hardly an atmosphere that promotes what HR would call talent retention.

Dissident republican paramilitaries who broke away from the IRA to reject the 1998 Good Friday Agreement still target PSNI officers. Although the worst of the violence has ended, two police officers and two prison officers have been killed since then. In February, terrorists shot Detective Chief Inspector John Caldwell several times in front of his young son and other children, causing “life-changing” injuries. The official threat level has gone back up from “substantial” to “severe” as a result of the leak, meaning another attack is judged imminent.

It was also revealed on Wednesday that in July a police superintendent’s car had been broken into by thieves who removed a laptop and sensitive documents. Why did it take so long to admit the theft to the 200 officers and staff affected? The temporary news blackout added to paranoia in the ranks.

Members of the armed services and their families risk their lives for the British Crown on the understanding that they will be supported by the state in the event of their injury or death — the military contract. Given the historic casualties they have suffered and the continuing terrorist threat, Northern Ireland’s police officers deserve equal regard. Without their bravery, the edifice of the state would collapse. Gangsterism and the sectarian conflict of Protestant against Catholic that has historically bedeviled the province would be endemic.

Roman Catholic officers, some 30% of the total, are particularly fearful for their personal safety and the pressure that could be placed on their families living in nationalist communities. Republican extremists regard them as traitors; the terrorists would prefer that police ranks contained only the Protestant “enemy” that favors Northern Ireland’s continued membership of the UK. In fact, the Royal Ulster Constabulary was reconstituted as the PSNI in 2001 to counteract its perceived sectarian bias. Republican parties like the IRA’s political wing, Sinn Fein, that have renounced the armed struggle now accept the PSNI’s bona fides. Yet some Catholics in the PSNI have told the BBC that this breach of their security will force them to quit.

The authorities are investigating what training was given to staff who handle freedom of information requests. As with other security breaches around the world — from those of Edward Snowden to Bradley (now Chelsea) Manning — it will be asked who was entitled to such high-level security clearance and why. At the very least, the supervisory Police Board needs a good answer to the question of who signs off on this stuff before it goes out. And how many police officers will now have to relocate their homes and alter their work patterns? The fate of the chief constable hangs in the balance, although he has already declared he isn’t the resigning type.

The UK, like most advanced societies, is increasingly reliant on detailed databases to operate its public services and infrastructure. But without a better-trained workforce, these will be highly vulnerable to hacking and sloppy leaks. In Estonia, I have seen schoolchildren trained from an early age to game cyberattacks from their malevolent Russian neighbor and learn advanced digital skills in the process. Elsewhere in the West, we show no such urgency or foresight. Yet the US, India, and France, like Britain, have all suffered from catastrophic data breaches, intended or not.

Last month, a cyberattack on the Swedish medical company Ortivus AB led to two British health service ambulance trusts reverting to old-fashioned paper records to do their routine work. Old fixes for new problems — but back to the future can’t be the solution to our digital deficits.

BLOOMBERG OPINION