Defence & Intelligence

Weaponised Cyber as a Service?

On the 20th May I had the pleasure of moderating a Cyber Security panel at our 13th SPADE Defence Client Conference in the Hague, Netherlands.  I was joined on the panel by representatives from NATO Communication & Information Agency, Emerging Security Challenges Division and Industry – both large (IBM) and small (SolPas LLC).  Following a short presentation by each panel member, we enjoyed a vibrant discussion session with the audience.  This blog post is a short non-attributable synopsis of proceedings.

Since the vast majority of information systems are designed, owned, and operated by the private sector it is essential that NATO collaborate closely with industry on all matters Cyber.  NATO ’s commitment to partnering with industry is included in their Enhanced Policy on Cyber Defence endorsed at the Wales Summit in September 2014. The NATO Industry Cyber Partnership (NICP) is the primary implementation vehicle and a broad range of activities are in progress, realising that a “one size fits all” approach will not work.  NICP is expected to evolve over time in response to feedback from industry and changes in the threat and technology landscape.

Practical steps include the formation of a joint (NATO, Academia & Industry) cyber-incubator – an open and dynamic melting pot for ideas, concepts and demonstration of the use of emerging cyber security technologies in NATO.  The incubator is also seen as a way of augmenting the operational knowledge of researchers in industry and academia and ensuring efficiency of procurement to get the best possible results whilst conforming with NATO’s rules and regulations.  Early cyber-incubator projects include the secure development of mobile applications and the specific security requirements of interoperability within federated mission networks.

Sec FW

Industry explained that organisations need to take a systems-based defensive approach focusing on interoperability, trustworthiness and critical infrastructure protection rather than exploitation of Cyber fear.  The “Power of Simple” can enforcing strong cyber-policy and best practices without complicating the user experience thus eliminating unintentional but compromising mishaps.

The constant evolution of technology and information platforms (such as Cloud and Internet of Things) will continue to challenge the industry and create new cyber vulnerabilities.  IBM’s containment approach is best illustrated by the disease control analogy. No matter how much care is taken in defensive measures, one should assume that a breach will occur. Hence it’s vital to instrument an organisation’s information technology infrastructure so that the breach can be rapidly detected, quarantined and neutralised. It’s then important to learn from, and share the results of the incident.

Successful containment needs an intelligent balance between technology and “human” issues including leadership, culture, education & process. It’s also critically dependent on Cyber Security Intelligence derived from analysing the massive amounts of available data.

So Weaponised Cyber as a Service?  Two panel questions related to this controversial topic.  One asked what aggressive countermeasures are available in NATO policy to deter cyber terrorists. The other asked what active measures could be taken against an international terrorist’s web site.  The NATO panel members pointed out that NATO’s policy was strictly defensive, but member nations may decide to take a different posture.  A panel member stated that Cyber “services for hire” are available on the internet, which could be targeted at any actor / state if the price is right!  Interesting times indeed!

Director - Blockchain | National Security - CTO Team Europe

More stories

Does Taking the Long View Help?

Traditionally, U.S. federal agency plans last the length of a four-year presidential election cycle. But many challenges facing government are on a much longer cycle – such as building Defense weapon systems, adapting to climate change, and creating energy independence. In 1996, Congress mandated the Defense Department to conduct a “quadrennial defense review” (QDR) of […]

Continue reading

Defense Offsets – Obligation or Opportunity?

The Global Offsets and Countertrade Association (GOCA) conference just concluded in Montreal.  You may ask, “What is an offset and why is it important?”   Defense offset agreements are arrangements in which the seller of a product or service agrees to provide benefits such as buying local products or services from a country as an inducement […]

Continue reading

Predictive Maintenance – or, “Spend less, do more”

As a former submarine commanding officer and later as the US Navy admiral responsible for all submarine engineering, maintenance and certifications, I can assure you that I was a firm believer in making sure equipment worked correctly.  There was no margin for error, and the goal was always to make sure that the number of […]

Continue reading