Oops – Ofcom Hacked. Quis Custodiet Ipsos Custodes?

by Rob Pritchard, posted in Communicate, Network, Secure
R. Pritchard

Summary Bullets:

• Even telecoms regulators get hacked. Ofcom was hit by the MOVEit cyberattack, with the breach leading to information about a number of regulated companies and its staff being stolen.

• Consequently, Ofcom is now more likely to focus its attention of cybersecurity regulation, given that it is “the regulator for online safety in the UK.”

Quis custodiet ipsos custodes? (‘Who watches the watchers’) was Roman poet Juvenal’s comment on people in positions of power and influence – which must, these days, also include telecoms regulators. UK telecoms regulator Ofcom, alongside the likes of the BBC, Boots, and British Airways, was targeted in the cyberattack on MOVEit Transfer (a “secure file transfer service”) customers. So irony piles on irony.

If the ancient Romans were already concerned about protection of data – a bit easier in the days of styli and the original tablets (history echoes, courtesy of 21st century marketing folk), it is a reminder that every business, organization, and institution is subject to attack, no matter how well resourced.

It is vital, however, that Ofcom gets its act together on cybersecurity – not just for the sake of protecting its own employees’ data, but because it is in a position to make decisions on regulation across media and telecoms in the UK – decisions that can be market-affecting. For example, there is bound to have been discussion about the mooted combination of Vodafone UK and Three UK (CK Hutchinson), which has been widely reported to be on the verge of a formal announcement. It is all too easy to envisage a scenario where a bad actor could gain access to market-affecting information and use it either to seek a ransom or to manipulate it to make a profit from investing in or shorting shares, although it is to be hoped that financial regulation would make this harder to achieve.

Cyberattacks are a fact of life, but solutions and services are available. It is disappointing that Ofcom fell victim, as it should set the gold standard in the UK if it is being paid for by taxation and influences literally billions of pounds of potential investment. Admittedly, MOVEit Transfer is responsible for the security of its software and so carries the can on this. It may be time to include force majeure in all software contracts to keep suppliers on their toes.

A 21st century Juvenal might add to his maxim that people are only interested in “bread and circuses” and the ‘security of their data.’ Thankfully, apart from Ofcom’s 412 employees’ data, this appears to have been a relatively minor event. But if the guardian of the telecoms, media, and technology market is vulnerable, everyone should pay more attention.

Leave a Reply