Government Surveillance Poses Cyber-security Threats, ISPs Say

Ninety-one percent of ISPs in the UK are concerned that government surveillance efforts will compromise or weaken the security of their networks.

government surveillance, cyber-security risk

While most internet and managed service providers see cyber-attacks on a weekly basis, the most common concern among the companies is that government surveillance will weaken network security and make providers a target of attackers, according to a report released by the UK Internet Services Providers Association (ISPA).

The report, released Sept. 6, found that 54 percent of respondents were attacked at least every week. Currently, denial-of-service attacks and SQL injection attacks are the main types of cyber-threats Internet and managed service providers face, with 91 percent of respondents suffering a denial-of-service attack, 64 percent an SQL injection attack and 36 percent a phishing attack, the study found.

The group urged the government to do more to educate consumers and make law enforcement more effective and responsive to cyber- incidents, while acknowledging the role of internet service providers, managed service providers and cloud providers in protecting their customers.

"ISPs recognize that they have a role to play in keeping citizens and nations more secure," Andrew Kernahan, ISPA spokesman, stated in an email response to an eWEEK inquiry. While companies provide a variety of technical defenses and guidance to help secure their users, "this is only part of the solution and ultimately users need to follow basic cyber hygiene."

The study, based on a poll of an unspecified but "significant" portion of the ISPA's 200-plus members, found that 84 percent had contacted customers about a data breach. A similar number (83 percent) had reported at least one incident to police, but 30 percent had no follow-up from law-enforcement officials and half only had occasional contact from police, the survey found.

However, government regulations that require that ISPs provide ways to access communications means that the networks are less secure, the group stated.

"Government surveillance powers, such as state-sanctioned hacking and the creation of a request filter to bring together the multiple data sets available to them, will mean that the threat of being seen as a target will only increase," Kernahan said, adding that "[g]overnment should be driving awareness and law enforcement needs to rethink how it can improve its approach to create a more hostile environment for criminals."

While all providers used firewalls, they employed other defensive technologies to a lesser degree: 92 percent used some form of port blocking, 85 percent used anti-spam technology and 70 percent used a service to protect against denial-of-service attacks. In addition, providers engaged a variety of consults, such as security auditors (69 percent) and penetration testers (62 percent).

More than three-quarters planned to spend more on cyber-security in 2016 than the previous year.

The ISPA also called for a greater focus on collaborative law enforcement efforts.

"We would particularly like to see a greater focus on bringing cyber criminals--who are often based overseas--to account so that the Internet is no longer considered an easy place to target," Kernahan said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...