By Matt Graff, Client Director, Cyber Security, BT
This week I attended IA14, the government’s primary event for Cyber Security and Information Assurance in central London. Rt Hon Francis Maude opened the event with a reminder of opportunities for growth, innovation, jobs and prosperity. There was a lot of interest in our stand, and we had the chance to have great conversations — not just with customers, but also with potential suppliers and partners who could work with us to continue to improve response to cyber threats and make the UK more resilient.
Collaboration
Our workshop — facilitated by Ashley Jellyman, General Manager of Information Assurance — continued the collaboration debate. Key topics included the sharing of information across the industry and governments, and the opportunity as well as the threat presented by BYOD, mobility and cloud services. There was significant interest in the cyber information sharing programme, how to give participants key information not otherwise available and how this could improve response times as well as the ability of an organisation to respond to new threats.
Building on this theme, Sir Iain Lobban announced the intention of GCHQ to share classified information with trusted carrier service providers to act as first line of defence against new and emerging threats for the UK as a whole — with the PSN being the initial focus. We look forward to using this information to better protect our core networks and the services we provide to customers around the world.
Paddy McGuinness — Deputy National Security Advisor for the Cabinet Office gave several ‘near miss’ examples of cyber attacks that could have had a huge impact on the UK as a whole and its ability to operate.
In his new role as government Senior Information Risk Owner (SIRO), Stephen Kelly told a compelling story about innovation and the shift from this being government-led to being industry-led, with SME’s and specialist companies to the fore. The need for sharing information was highlighted along with the value, agility and benefits of government and industry as a whole collaborating effectively.
People and skills
People and skills stayed firmly on the agenda, with most streams featuring speeches or workshops in this area. We heard about great progress on the cyber challenge — the ongoing government investment in universities and higher education links. But, there’s still a huge amount to do in this area to support sustainable growth.
Government focus
We heard a great deal about how government and GCHQ are focusing attention on the high-end threat as the four-year cyber programme reaches maturity. There’ll be a focus on key departments which face particular threats but aren’t necessarily experienced in facing such attention. Protecting the Coalition for Network Information (CNI) and work with the Centre for Strategic and Policy Studies (CSPS) was also a priority — ensuring as much as possible can be achieved through government investment.
Behavioural change
Peter Wilson from ‘Get Safe Online’, discussed a range of, at times, startling evidence in the area of behavioural change and how the government is trying to influence and educate the UK citizen. Particular focus is going into ‘normalising’ safe behaviour. Over £100 million of loss avoidance is being targeted and this is just the tip of the iceberg. We heard about the dangers of overconfidence on-line — often the examples were experienced internet users falling prey to fraud through not being questioning or challenging enough and thinking that fraud wouldn’t happen to them. The Cyber Streetwise campaign was also shared — this is ongoing and has raised awareness, getting people thinking in the right way when using all that the internet has to offer.
Panel session – thriving in the digital economy
Lionel Barber — Editor of Financial Times — posed a series of probing and demanding questions to the GCHQ, government and industry expert panel. Panellists reiterated cyber as an opportunity and area for growth, with a genuine sense that challenges were being addressed and progress made. It wasn’t all plain sailing though, with Ian Levy coining the phrase ‘Darwinian Cyber Effect’ to refer to the need for the industry to get their approach cyber right or face extinction. Cyber is a differentiator and can be powerful for every customer when we get it right, but the industry must also face up to the consequences of getting it wrong.
Secure by default was also a strong theme, with government increasingly asking industry and providers to build devices and capabilities that are secure by default and can be relied upon.
The world post-Snowdon was also referred to, with Lionel teasing out some comments on GCHQ and industry views regarding the Snowden leaks. A resounding sense of pride in technical skills and intellectual property held within GCHQ was expressed; and we were reminded of the role that humans themselves play in any secure system or process.
