In an era of escalating cyber threats, GCHQ’s warning underscores the urgent need for robust digital infrastructure and defences. This piece explores the vulnerabilities facing the UK, from NHS ransomware attacks to the looming quantum computing threat, and proposes data disaggregation as a revolutionary security solution
With the head of GCHQ using his first major speech at the NCSC’s Eighth Annual Review to emphasise the need for sustained vigilance in an increasingly aggressive online world, the scale of the challenge facing the nation’s security and defence industry has been laid bare.
Describing the cyber risks facing the nation as ‘widely underestimated’ and warning that Britain and its allies are competing in a high-stakes contest for cyberspace, Richard Horne focussed on what he called ‘a widening gap’ between the country’s exposure to threats and the defences that are in place to protect us.
So what are the risks facing our nation, and what can be done to guard the UK’s growing dependency on technology against adversaries who seek to use it against us or exploit it for criminal gain?
NHS vulnerability and ransomware attacks
Barely a week goes by without headlines about cyber incidents impacting the country’s public infrastructure. One increasingly popular target seems to be the NHS, whose sprawling and sometimes outdated IT systems make it particularly vulnerable to attack. While sensitive patient, employee, and commercial data held on its systems could be of interest to bad actors, the sheer disruption these attacks cause – from cancelled surgical procedures and outpatient appointments to the inability to access patient records – means pressure ramps up quickly to get systems back online, making it a particularly attractive target for ransomware attacks.
It is a problem that has grown to such an extent that the Government recently announced plans to ban all UK public bodies – including the NHS – from making ransomeware payments, as part of wider efforts to stem this increasingly important revenue stream for criminal gangs and pariah states.
Elsewhere, of more than 430 incidents handled by the National Centre for Cyber Security’s incident management team last year, 347 involved some level of data exfiltration, highlighting the growing value of sensitive data to bad actors around the world.
So, with cost pressures growing across Government departments, what can the nation do to rise to the challenge and better protect our sensitive data, critical infrastructure and national security?
Four key issues: Risk, Quantum, Bottlenecks, and Costs
Current methods for data storage and management in both defence and wider commercial sectors are essentially the same: Data is typically stored in a contiguous format, then ‘protected’ by encryption to ‘keep it safe’. The physical infrastructure of servers, data centres and even cloud computing that supports this arrangement are centralised and static while, in a defence context, hierarchical systems of data protection and classifications drive additional hardware and software requirements.
Each layer adds complexity and costs to the process, while increasing risk by expanding the available attack surfaces. It is an approach that creates four key issues:
- Firstly, it concentrates risk in data centres, which are now included in critical national infrastructure, and carrier networks that can become prime targets at times of international confrontation or conflict. This risk escalates proportionally the greater the volume of data that is stored, so will only become a bigger and more-costly to manage as time goes by.
- Secondly, the imminent arrival of quantum computing means many existing encryption techniques will become easy to break, leaving vast swathes of sensitive data vulnerable.
- Thirdly, as a ‘hub-and-spoke’ approach to systems architecture, it creates bottlenecks that impede the effective flow of data between those authorised to do so. The UK’s defence forces are increasingly integrated but current approaches are highly-reliant on information flowing between departments, which needs to be managed quickly and securely.
- Finally, at a time when pressures on public budgets are at an all-time high, existing infrastructure setups drive significant costs. Expenses associated with maintaining data centres, virtual private networks (which themselves have become part of the attack surface), encryption licenses and so on are expected to rise to represent some 10-20% of MOD IT spending over the short-to-medium term – an expensive state of affairs.
In short, our current, centralised data storage and encryption methods represent a national risk when placed in the context of growing complexity and volumes of data that need to be secure, accessible and exploitable.
There has to be a better way. And there is… data disaggregation.
Benefits of data disaggregation: Security, future-proofing, and cost saving
This approach breaks down data into smaller fragments that are then stored across multiple platforms rather than being held in one place on centralised servers and physical storage systems. It is a paradigm shift that could not only improve the security of our critical systems but also allow public bodies to unlock commercial cloud infrastructure for national projects, delivering significant budget savings compared to existing infrastructure, which could then be redirected into other priorities.
The benefits of this approach are many:
- Crucially, it becomes virtually impossible for attackers to reconstruct sensitive data should even a partial breach of this desegregated system occur;
- The technology is future-proofed against both quantum computing and the power of AI attack tools that can break traditional encryption techniques;
- Data can move more freely between parties with appropriate access permissions, improving decision-making and data flow – this offers a valuable, UK-developed solution that could be implemented more widely with NATO and Five Eyes allies, to name just one example.
- Finally, it also offers significant cost reductions that will only snowball as the scale of data storage grows.
The future of data security: Embracing innovation and digital infrastructure
Prizsm Technologies’ patent-pending platform has already been tested by the MOD and was the first innovation technology to pass the MOD’s Bug Bounty programme. Breaking down data into atomic bit-level fragments (rather than shards/fragments) that are stored non-sequentially across multiple cloud platforms significantly enhances security – even against quantum attacks. It is even expected to offer savings of greater than 50% versus traditional, centralised data storage over time.
We live in an information age, with a Government committed to digital transformation across a range of critical services. Adopting data disaggregation for the country’s data storage needs would not only future-proof critical data infrastructure but would also entrench the UK’s position as a global pacesetter when it comes to developing effective defences. A modern, data-driven age requires modern data-storage infrastructures that protect the interests of our citizens, nations and allies – infrastructure that can be set up alongside existing systems to smooth the transition period but which can also adapt quickly to fast-evolving use cases and digital threats.
That technology already exists. Now is the time to use it.
