Security in an information age

This month’s news has highlighted three developments that reflect the changing nature of the security landscape.

The expulsion of Russian spies demonstrates the limitations of cold war tradecraft in a transparent society. The publication of over 90,000 military documents on Wikileaks illustrates the difficulty of safeguarding secrets in a networked world. And the Washington Post exposure of the sprawling size of the homeland security budget illustrates the expense in attempting to keep up with the mushrooming number of sources of intelligence.

These stories show that security and intelligence agencies have failed to transform their philosophy and methods to suit an information-rich, networked society, in which the nature of espionage, war and security are quite different.

We need a new philosophy for safeguarding information assets in an information age. One that appreciates the changing value and nature of knowledge, relationships and transactions in the emerging world. One that minimises secrets and focuses on reducing the business damage from the inevitable leaks. And one that develops richer intelligence systems that are better able to navigate a superabundance of data.    

More than a decade ago, I recall presenting these concepts to a UK government security conference. Everyone nodded their heads in agreement. Yet in the past ten years information security standards and governance systems have barely moved on. We continue to invest in outdated methods. Today’s initiatives in professional development, for example, focus more on yesterday’s needs rather than tomorrow’s world. We need much greater foresight, and, more importantly, a new willingness to change our ways.