Practical Advice

Cyber Security

About the Author

Colonel (Ret’d) John Doody FBCS FCMI CITP ISSP MIOD

Cyber Lead, BCS Security Community of Expertise, part of BCS, The Chartered Institute for IT

Cyber and cyber security present some of the greatest challenges in the modern IT environment, ever increasing complex threats from hostile intelligence agencies, criminals, terrorists and hactivists are penetrating IT systems globally and result in the loss of data, intellectual property, money, and personal identity.

These attacks need constant monitoring, timely analysis and near real time response to ensure the security integrity of IT systems and the information contained therein. Nation states are totally reliant on the internet to conduct a wide range of business activities that contribute to their economic, defense and political status. To achieve a high level of efficiency, networks are more connected today than they ever have been, not just national connectivity but international connectivity. This connectivity brings a wide range of vulnerabilities and legislation challenges and it is impossible to achieve a utopian network environment.

The rapid development of sophisticated technology provides a platform for delivering IT services, however the weakest link in all cases is the human being; combating this demands good education, training and professionalism for both the technologists and the users, a matter being given high priority in both the UK and U.S.

The U.S. and UK have traditionally been the great innovators in IT and, more recently, in cyber security components for both the defensive and offensive roles. As such, there has been a longtime sharing of technology, research and innovation between our two countries. Indeed, we enjoy a global influence in the cyber domain.

The cyber security challenge is not just restricted to government, defense, critical national infrastructure, and industrial networks; it also permeates through to the citizen who is conducting an ever increasing number of transactions through the internet, with these transactions increasing in financial value and becoming an attractive target for criminals through sophisticated phishing attacks. These transactions include on-line banking, tax returns, government services, holiday bookings, flights, hotels, food shopping and access to the likes of Amazon. The citizen needs constant education from their start in school, and on through university and other forums, to ensure that everyone who uses the internet does so securely and confidently.

Cyber security is not new, information assurance (IA) or information security (Infosec) have dominated the IT security world with five main principles – confidentiality, integrity, availability, authentication, and non-repudiation – none of which have changed in importance since first defined back in 1992.

What has changed is the technology. This has become more sophisticated, complex and large in computing lines of code. The threat has changed significantly from viruses, a lack of software patching leading to increased vulnerabilities that can be exploited, and through bad password management. Today there are more sinister threats from the likes of malware, trojans and advanced persistent threats (APT). Developing countermeasures to face these new threats, require a high level of technical competence from computer scientists and mathematicians. Detect, analyze, report and respond – these are the key attributes in a cyber environment if IT systems and people are to remain secure whilst using the internet.

In 2012 the U.S. Embassy in the UK started work on a strategy to strengthen links between the U.S. and UK in all aspects of cyber security with the hope of establishing a UK/U.S. Business Forum.

This aimed to foster stronger links on cyber between our two countries in line with President Obama’s declaration that “the cyber threat is one of the most serious economic and national security challenges we face as a nation”, and that “America’s economic prosperity in the 21st century will depend on cyber security”.

This resulted in the formation of a UK/U.S. Cyber Business Forum to promote greater collaboration, networking and information sharing between UK and U.S. cyber business, academia and government.

Voluntary co-chairs were appointed from two companies with extensive transatlantic business interests and, although initial attendance of forum events was strong, the forum lost momentum and is currently inactive. The focus on cyber has now been subsumed into a wider role at the U.S. Embassy which supports the whole of the U.S. technology industry.

Given the lasting special relationship that the UK and U.S. enjoy, there has always been extensive sharing of information and technology, despite the International Traffic in Arms Regulations (ITAR) that sometimes hampers this exchange. There is a willingness to collaborate, co-operate and share in areas such as research, innovation, product development and education. Both the UK and U.S. can claim to be world leaders in the cyber domain and have readily encouraged trade missions to each other’s country as, through the sharing of information and technology, there are strong benefits to our respective export standings.

Today’s world is a very uncertain place with new conflicts arising as the world order is dynamically changing, new cyber threats are being detected every day and these threats are extremely damaging to the national well being of both the UK and U.S.

Many UK companies have U.S. ownership, as do many U.S. companies have UK ownership – a healthy situation that encourages the transfer of technology and ideas. The UK/U.S. Business Forum was a means of furthering this exchange and should be given further impetus to be re-established with UK and U.S. Government, industry, and academia being committed to its support. In parallel this initiative should be seen as a contributor to a transatlantic free trade agreement.

Cyber Infographic

Further Information

For more information, visit

www.bcs.org

BCS

Read More
0