David Cameron’s headline-grabbing accord with Barack Obama to enhance cyber-defences amounts to little more than acknowledgement of a huge problem. Clearly, in the wake of the terror attacks on Paris and the use of cyberspace by terrorists, the two leading political leaders needed to put cyber-security high on their summit agenda last week.
Britain and the US agreed to increase co-operation on cyber-security by setting up “cyber cells" to share intelligence, training the next generation of cyber agents and launching simulated cyber-attacks to test the defences of organisations including banks.
Mock attacks can highlight strengths and weaknesses but I am left questioning whether there are better ways to focus our understanding of how our world and its security requirements are changing in the digital age. Both governments acknowledge that the need is broad, and both have produced research to confirm that it touches every aspect of our economic and social wellbeing. The measures favoured at the summit do not appear to reflect this.
The banking sector, while important, is just one sector. Specialist cyber-agents have their value but they are a drop in the ocean when compared to the need for cyber skills. Is this to be the sum total of our cross-Atlantic ‘co-operative effort’ to address cyber-risk, or is there more?
The reality is that crime, warfare and other societal issues are moving online and as a result becoming more fluid and more international. We as a society are woefully slow and inadequate in our response to this internationalisation. Many feel we are more insecure than ever as the majority of our capability remains invested in outdated tools, techniques and approaches. Law enforcement should be able to master the basics of cybercrime and be able to collect evidence of such crime,; not just specialist agents.
I suggest that investing in our knowledge and understanding of how cyber-attacks occur across all sectors, particularly the SME sector where cyber security is the least mature, may produce more useful results.
There was little recognition in Cameron and Obama’s joint statement of the internationally-focussed efforts currently underway, from the World Economic Forum’s Partnership for Cyber resilience to the International Cybersecurity Protection Alliance. International professional bodies like (ISC)2, and our colleagues from ISACA, which already look beyond international barriers to understand current developments across the threat landscape, were ignored. Yet consider the value in terms of front-line experience and talent that these professional bodies could bring to international policy development.
It is great to see cybersecurity become an issue on the international stage with the US and UK taking a lead to ensure cyber-security occupies the same status as economic, health and other social concerns. Earlier this week, Obama further emphasised cyber security’s importance in his State of the Union address, urging for more legislation to tackle the evolving threat, showing that it’s a top government priority. Now it’s time for David Cameron to do more of the same in his own election campaign. This kind of mainstream attention raises the level of priority that cybersecurity commands across all facets of society and government activity.
Together Cameron and Obama have helped us all acknowledge that making the world a safer place is dependent on making the cyber world a safer place. Their understanding of how to achieve this, however, remains elusive
Adrian Davis, European managing director (ISC)2