Defence Leaders' Forum: Cyber security - corporate risk or new battle space?
PA's Defence Leaders’ Forum brought together key senior decision makers and leaders from the defence industry and the UK Ministry of Defence (MOD) to discuss: Cyber security: corporate risk or new battlespace?
John Ellis, UK Public Sector and Alliances, Symantec Corporation provided new insights into the scale and scope of the cyber threat, while Ed Savage, PA cyber security expert, pinpointed initiatives for minimising cyber security vulnerabilities within the defence sector.
The following headline points emerged from the evening’s discussions:
New threats mean that protection must extend to both the MOD and industry in cyberspace. The MOD and its supply chain is under threat from state actors. We live in a world where malware can hide in systems unnoticed for years, listening to conversations and syphoning off critical intelligence. The military has long recognised the need to protect its physical logistics chain but this must now extend to cyberspace.
The MOD and industry must work together to enable effective operations in cyberspace. Drafts of Future Force 2020 indicate that industry will play a greater part in the delivery of military capability and will conduct an increasingly important role across defence in the future. Industry can bring fresh insights to help the MOD operate effectively in cyberspace but working effectively together to take advantage of new opportunities will mean mastering a number of issues:
- Developing a common language – cyber security is wrapped in jargon and it is easy to lose focus in the complexities of cyber threats and vulnerabilities. A shared baseline level of understanding about the cyberspace environment amongst the military is essential but that level is still maturing.
- Identifying appropriate governance and responsibilities – uncharacteristically for a military group, there was considerable uncertainty over who should take the lead on cyber security. Many military personnel recognised the part that the Cabinet Office and other organisations have to play; many also voiced the view that defending the 'Square Mile' isn’t a job for the MOD. Questions such as ‘who will be responsible for rebuilding military capability once the intellectual property behind it has been stolen?' need to be addressed and sufficiently answered.
- Increasing awareness and education – there was general agreement that the MOD recognises the challenge but has only just started meeting it. Currently, the MOD’s suppliers and military academics have a greater awareness than many serving officers of the subtleties and dangers posed by operating in an electronically interconnected world.
A ‘Future World’ scenario can be helpful in deciding where to focus resources. A ‘Future World’ model based on four roles (Warrior, Supporter, Defender and Assassin) could help the MOD decide where to focus scarce resources to minimise vulnerabilities and maximise opportunities. Critically, this must include the MOD’s industry suppliers.
To find out more about how PA can help the defence community to minimise vulnerabilities and develop an effective cyber security strategy, please contact us now.