From Wild West to Western Front : the evolution of Cybersecurity

“The Internet used to be compared to the WIld West, the lawless frontier; now it is more like the Western Front, a massive, unrestricted battlefield. Geopolitics is putting your data in the firing line.” So concludes an article by Allan Dyer of Yui Kee Computing in the IMIS Journal. On Thursday, at the ISSA UK Chapter and I heard several presentations on what is currently happening (and what is expected to happen). One summarised a PWC study report. Another summarised the report of an ISSA Advisory Board brainstorming. Until yesterday I would have said they were both excellent. I took part in both the PWC study and the ISSA brainstorming. Then I read Allan’s article. It reminded me that we in the West are at the Far End of the world from where the future is being forged. [double entendre intended].


He begins by describing the cyberwars that are now exercising Western Government but then goes on to describe the battles between hactivists and governments in the Far East – including the activities of “young patriots” in defence of their governments: with the “honkers” counter-attacking the hackers. The current war between the supporters and opponents of Wikileaks shows the comparative amateurishness of the West. Although perhaps it is also because our teenagers do not have anything like the same bandwidth from their bedrooms.

If we had the same “vision” as those who are creating the Internet of the future, all those who have entered the Cyber Security Challenge would, according to their supposed age, already have been sent invitations to join the Army or Police Cadet cyber sections, join the Territorial Army cyberwarfare units and/or train as cyberspecial constables.   

The main theme for the next meeting of the “Cybersecurity Skills” team within the Information Society Alliance (EURIM) e-Crime group is to help those responsible for securing their own organisations in 2012 meet those who (after the recent “all change”) are now responsible for securing the nation. We have barely 18 months left before the cream of world’s criminals, off-line as well as on-line, gather for the unique opportunity of the Olympic Games in what is still the world’s greatest financial centre. Given that the scale and nature of the challenges were well indentified within months of our winning the bid, that is an “interesting” commentary on the UK attitude towards planning ahead. 

The gulfs of culture and understanding between military cyberwarfare experts and civilian law enforcement are as great as between those with a UK centric approach (who want others to follow their lead) and those who see the UK as a decaying backwater and wish us to learn from the rest of world. The former point with pride to £650 million of new money (over four years) for cybersecurity. The latter point out that it is less than annual security budget of a single global bank (with most major regional banks now also spending hundreds of millions p.a. each). More-over government spends most of its security budgets looking at processes. The banks spend most of their budgets on technology and training to support, implement and enforce processes.

The banks are mobilising their budgets to move from “the Pinkerton Men bringing law and order to the WIld West (paid for by the banks and railroad companies)”, through the current “battles on the Western Front (and fixed defence lines)”  to a holistic mix of “defence in depth”, “hearts and minds” and “seek and destroy”: from rules-based engines to detect “anomalies” (alias possible zero day attacks) and security by default/design, to “civil” action  across borders to remove (e.g. bankrupcy or worse) predators and those who help them.    

If you are seriously interested, join the Alliance and work with your peers to address all those problems that are not well covered – because they cross the boundaries of conventional trade associations and professional bodies let alone government departments and agencies.

e-Crime is but one – but it is arguably the most serious. 

You can then ask for details of the groups looking at co-operation on information governance and security. 

Other may disagree, but I happen to think the work on cybersecurity skills, whether for professionals or for volunteers, is the most important.

History was made by those who turned up.

Victory was won by those who trained together in advance.  

Train hard- fight easy.

Don’t train – get slaughtered.

The UK cybersecurity skills problem is of quality and relevance just as much as of quantity and availability