Back in October, the ISSA-UK Advisory Board, together with some of the UK’s top information security thought leaders, met to discuss the challenges of the next decade of information security. The meeting, held at the House of Commons and chaired by the Rt. Hon. David Blunkett MP, resulted in a fascinating and engaging exchange of views. Last week I presented the results to an ISSA-UK chapter meeting. My report of the findings, with a preface by David Blunkett, has just been published on the ISSA-UK web site.
You can’t of course expect a perfect or complete analysis from a single event, no matter how knowledgeable the contributors. But this one is quite good and compares favourably with existing forecasts from analysts. More importantly, I hope that we can build on this basis over the next year, to produce a more sophisticated road map for the next ten years.
The next decade will be highly significant, as we’ve clearly reached an inflection point in information security, a time beyond which existing practices will progressively fail. Over the next few years we need to encourage the development of new approaches, skills and solutions. And do not accept, as many claim, that we already have enough science, technology and methods. We don’t.
Let’s face it, we haven’t even solved long standing solutions such as how to design secure systems, influence user behaviour, tackle insider threats and secure external supply chains. In the future these challenges will be greatly amplified by step changes in threats, information volumes and in the use of external services.
To respond to these challenges, we have to stop behaving as a herd, and encourage greater innovation. More of the same won’t do. That means governments should sponsor more competitions, institutes should stop stamping out alternative approaches, and security managers should stop complaining about the proliferation of new security products. So let’s stop promoting best practices and start saluting new ideas.