I’m now back blogging after an extended break of several weeks. Unsurprisingly, nothing much has changed in the world of cyber security, except for the media coverage, which has grown in quantity, scope and sophistication.
This trend is clear from the number of daily emails churned out by specialist briefing services, such as Team Cymru’s excellent Dragon News Bytes, which seems to have at least doubled in size over the past year. It’s also quite apparent that the subjects addressed are now much more sophisticated, encompassing cryptic threats such as State-sponsored espionage, as well as abstract risks such as intellectual property rights. Such coverage would have been unthinkable a decade ago.
But it’s not unexpected. In fact it’s quite predictable, as press, politicians and pundits gradually catch up with long lasting, subtle trends that are becoming increasingly apparent to a much wider audience. Esoteric subjects such as espionage, operating system vulnerabilities and cryptography are now regularly discussed in newspaper columns. The Internet probably publishes more classified government secrets than can be found in any intelligence agency synopsis.
So what are the trends that are currently catching the imagination of the media? Here’s three to kick off with.
Firstly there have been a number of high-profile catastrophes. For the purposes of this posting, by “catastrophe” I don’t mean regular disasters such as fires or floods – though they can cause massive damage. And I don’t mean “hacking” which is both unrelenting and damaging. What I’m really getting at are the digital glitches caused by inadequate software testing or bad change management. The sort of things we generally consider “cock-ups” rather than “conspiracies, if you get my meaning.
Secondly there’s the gradual realisation by military observers that cyber warfare is very, very important, though few people have any idea what it’s really about. Let me rephrase that: I mean lots of people can easily articulate the problem space, but few people understand the underlying root causes or the changes needed to correct them. Hardly a day goes by without a government agency or lobbyist calling for more research and development, regardless of the thin results that have emerged from previous decades of academic and industry studies.
And thirdly there’s the growing speculation that China is becoming a little too dominant in the cyber security field. Whether it’s the absolute control of the routing technology or the perceived level of offensive capability, many people seem concerned. This is rather interesting, as the cyber battle space appears (at least to me) to be a relatively level playing field, characterised by a handful of bright individuals drawing on a relatively similar set of tools and techniques. It’s certainly not an arms race of the kind we have experienced in the nuclear space. Nevertheless there are lots of reporters and TV producers exploring this area and even a few conferences dedicated exclusively to this subject. (Who can justify attending those?)
Over the next few blogs I’ll explore some of these trends and suggest what the longer term implications – as opposed to the short term media interest – might be. Many people in business focused roles might wonder what on earth the relevance might be to their everyday programmes, but, believe me, press coverage and the resultant citizen perception have vastly more influence on employee behaviour than industrial strength awareness campaigns.