The UK news has been dominated in recent weeks by a series of celebrity scandals, where ‘traditional’ media outlets were prevented from publishing details through court imposed ‘super injunctions’ ( a UK legal measure for protecting personal privacy) but the names of those involved were revealed by Twitter users thus seriously flouting UK law and immediately liable to contempt charges and a prison sentence. It has kept journalists busy and provided a great source of gossip for many people however it also highlights how traditional national legal frameworks are struggling to keep up in the globally connected online 21st Century world.
I recently participated in the Unisys supported East West Institute’s Second Worldwide Cybersecurity Summit in London. The Summit brought together 400 of the world’s leading policy makers, academics and experts to define new approaches and best practice in tackling cyber security threats. Just as with ‘super injunctions’ a similar theme ran through the Summit – namely how can government policy, the courts and law enforcement professionals keep up with sophisticated cyber security threats which cross national boundaries; which are hard to trace and which can spread like wildfire in hours?
The East West Institute will be reporting its findings at next year’s Summit in New Delhi but I thought it would be interesting to highlight some of the key discussions I’ve been participating in over the last few days:
Collaboration – historically nation states have been fiercely protective of their military, judicial and law enforcement systems and reluctant to share information with other countries. However just as cyber security threats span national boundaries, it is clear that an unprecedented level of cooperation and willingness to share information will be required and it was reassuring to see a genuinely international audience participating in the conference which included delegates from India, China, Europe, the Nordics as well as the USA and Canada.
Finding one area to set a precedent – different interpretations of human rights; legal definitions; religious attitudes and the sheer range of attacks can make it difficult to decide where to start when tackling different cyber security threats. However picking one area where there is common ground can create best practice which can be applied elsewhere. There is universal condemnation of online child pornography and working on that basis the East West committees are seeking to create a unified legal and investigative framework which will enable different countries and organisations to take a global approach to stamping out activity in this area.
Ensuring we have the right skills – much of the research into security currently focuses on cryptography and national defensive measures but I believe we also need investment in researching behavioural, sociological and psychological factors which motivate hackers and cyber criminals. This can help spot trends, pre-empt vulnerabilities and take preventative measures. I had the privilege of speaking to Dr Susan Aldridge, the President of the University of Maryland University College who told me that they have just started a new cyber security faculty with up to 3000 students studying at first, second and doctoral levels with the intent that these highly qualified individuals will be available to fill the immense cyber security professional gap that President Obama alluded to in his first statement on the importance of Cyber Security back in 2009.
Encouraging young people who have grown up with the Internet to help tackle cyber security – older generations typically shape policy and legal precedent but clearly we need more ‘Internet natives’ to want to help solve these challenges. Last night the UK Cybersecurity Challenge was launched, a series of national online games, which encourage people from all backgrounds to come up with solutions for handling threats. Last year’s winner was a 35 year old postman from the north of England, the runner up a 17 year old maths student who had no knowledge of computer science and third was a “resting” actor from London. The goal is to excite and inspire people to consider careers in the cyber security industry and is a great way of bringing in new perspectives and new talent to combat the online security challenge.
Adapting to criminal behaviour is nothing new but the challenge here is enabling the law and law enforcers to keep pace with the rapid and borderless nature of cybercrime. Clearly there is a lot more to do but the four themes which have been discussed over the last few days are practical areas where quick gains can be made.
Further thoughts to come tomorrow from the second day of the East West Institute Cybersecurity Summit.