News

Cyber security will change ideas of the nation state, says Stonesoft

Warwick Ashford

Lack of security in the cyber world is one of the most significant threats faced by the civilized world, according to Jarno Limnell, director of cyber security at security firm Stonesoft.

“But it seems that we have to experience a catastrophic incident before this threat is taken seriously enough,” he said.

security threat.jpg

Limnell, a former advisor to the military and government in Finland, said that it was time to take cyber security seriously because in the coming years it will change most radically the world’s understanding of security of nation states, society and individuals.

Cyber security, he said, is becoming increasingly important because of the world’s growing dependence on digital resources, growing investment by nation states in offensive as well as defensive cyber capabilities, the cyber weapon arms race, and the cost and efficiency of cyber attacks.

“Nation states are beginning to realise that they can achieve the same political goals with cyber weapons as traditional arms, but at a much lower cost,” said Limnell, who consults internationally on the issue of cyber security.

However, in a cyber war, the military is no longer the main target – civilians are, he said, which is why in all cyber defence strategies, great emphasis is being place on protecting critical national infrastructure.

This shift as the cyber and physical worlds become increasingly tightly integrated, could mean that the most powerful nations today, will not control the digital world in the same way they control the physical world, said Limnell.

Smaller, less powerful nations today, could create unique cyber capabilities and change the logic of warfare in future, he said. “Those who control the cyber world, will also control the physical world.”

The growing dependence of the physical world on the cyber world has important implications for the business world too, according to Limnell.

“Cyber security needs to become a critical part of the business; it is not something that can be left to the IT department,” he said.

Limnell believes that for governments as well as businesses, cyber capabilities must be seen as being of strategic importance.

In assessing these capabilities, organisations need to consider not only defensive capability, but also offensive capability – or at least an understanding of it – as there is no credible defence without it.

They also need to consider their level of dependency on the cyber world.  The US, for example, has a lost to lose in terms of its dependency on cyber, said Limnell.

They are number one in terms of offensive capabililty, but they admit weaknesses in defence. “They have got the biggest stones to throw, yet they are living in a glass house,” he said.

In both government and business,  a strategic understanding  of cyber threats is vital, and must inform and guide the operational and technical, not the other way round as is currently the case, said Limnell.

“The common approach of treating cyber security as a technical question is wrong, guidance needs to be from the strategic level down,” he said.

Second, there is a need to break the illusion of security and make security the first thought rather than an afterthought. “Deploy defences, but at the same time understand the vulnerabilities,” said Limnell.

Third, organisations need to understand that complete cyber security is a myth, he said, but that resiliency is obtainable and worthwhile.

“It is important that organisations understand how to develop resilience because there will be times with the digital world will not work as it should,” he said.

Related Topics: IT risk management, Social media technology, IT for manufacturing, Network security management, IT for charity organisations, IT for telecoms and internet organisations, IT architecture, Database software, Privacy and data protection, IT for leisure and hospitality industry, Security policy and user awareness, Network routing and switching, IT for small and medium-sized enterprises (SME), IT for government and public sector, IT suppliers, E-commerce technology, Endpoint security, IT innovation, research and development, IT strategy, IT for retail and logistics, Web application security, Internet infrastructure, Voice networking and VoIP, Unified communications, Antivirus, firewall and IDS products, Business continuity planning, Network security strategy, Mobile software, Data centre networking, IT for media and entertainment industry, Cloud security, Web development, Identity and access management products, Hackers and cybercrime prevention, IT for financial services, Business applications, Mobile networks, Cloud computing software, Financial applications, Regulatory compliance and standard requirements, Network monitoring and analysis, Telecoms networks and broadband communications, IT legislation and regulation, Cloud applications, IT for utilities and energy, Virtualisation software, Data breach incident management and recovery, IT for consulting and business services, Application security and coding requirements, Network software, IT for transport and travel industry, IT governance, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy