I'm now back blogging after an extended break of
several weeks. Unsurprisingly, nothing much has changed in the world of cyber
security, except for the media coverage, which has grown in quantity, scope and
sophistication.
This trend is clear from the number of daily
emails churned out by specialist briefing services, such as Team Cymru's excellent
Dragon News Bytes, which seems to have at least doubled in size over the past
year. It's also quite apparent that the subjects addressed are now much more sophisticated,
encompassing cryptic threats such as State-sponsored espionage, as well as abstract
risks such as intellectual property rights. Such coverage would have been
unthinkable a decade ago.
But it's not unexpected. In fact it's quite predictable,
as press, politicians and pundits gradually catch up with long lasting, subtle
trends that are becoming increasingly apparent to a much wider audience. Esoteric
subjects such as espionage, operating system vulnerabilities and cryptography
are now regularly discussed in newspaper columns. The Internet probably
publishes more classified government secrets than can be found in any
intelligence agency synopsis.
So what are the trends that are currently catching
the imagination of the media? Here's three to kick off with.
Firstly there have been a number of high-profile
catastrophes. For the purposes of this posting, by "catastrophe" I
don't mean regular disasters such as fires or floods - though they can cause
massive damage. And I don't mean "hacking" which is both unrelenting
and damaging. What I'm really getting at are the digital glitches caused by
inadequate software testing or bad change management. The sort of things we generally
consider "cock-ups" rather than "conspiracies, if you get my
meaning.
Secondly there's the gradual realisation by
military observers that cyber warfare is very, very important, though few people
have any idea what it's really about. Let me rephrase that: I mean lots of people can easily articulate
the problem space, but few people understand the underlying root causes or the
changes needed to correct them. Hardly a day goes by without a government agency
or lobbyist calling for more research and development, regardless of the thin
results that have emerged from previous decades of academic and industry
studies.
And thirdly there's the growing speculation that China is becoming a little too dominant in the cyber
security field. Whether it's the absolute control of the routing technology or
the perceived level of offensive capability, many people seem concerned. This
is rather interesting, as the cyber battle space appears (at least to me) to be
a relatively level playing field, characterised by a handful of bright individuals
drawing on a relatively similar set of tools and techniques. It's certainly not
an arms race of the kind we have experienced in the nuclear space. Nevertheless
there are lots of reporters and TV producers exploring this area and even a few
conferences dedicated exclusively to this subject. (Who can justify attending
those?)
Over the next few blogs I'll explore some of these
trends and suggest what the longer term implications - as opposed to the short
term media interest - might be. Many people in business focused roles might wonder
what on earth the relevance might be to their everyday programmes, but, believe me,
press coverage and the resultant citizen perception have vastly more influence
on employee behaviour than industrial strength awareness campaigns.