Posted by: Kev Eley, Senior Director of Sales, EMEA –
Pretty much every single human innovation has very quickly been adapted for use in warfare. Think of the invention of the stirrup and the advantages conferred on mounted cavalry. Or the invention of the aeroplane and its subsequent adoption for military use in WW1 (initially for reconnaissance then combat purposes). Fermi’s research very quickly ushered in the age of nuclear weapons and the Cold War. Information technology is now no different. George Osborne’s speech today at GCHQ UK points directly to the militarisation of Cyberspace. And I quote directly from his speech, “The stakes could hardly be higher … if our electricity supply or the our air traffic control or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but in terms of lives lost. If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic.”
The Chancellor’s remarks are hardly news to anyone that works in Information Security. Many organisations are dealing with the implications of such attacks already – whoever the actor is, and whatever their motive may be. And Richard A Clarke’s book Cyberwar published in 2012 was a pretty powerful portent; describing in detail the havoc that such attacks could wreak on society. The Chancellors decision to increase UK spending on cyber security to protect the economy and critical assets of the UK as well as deterring adversaries suggests he has a sound understanding of the dangers posed by cyber adversaries. Utility companies, ATC, hospitals, banks, government organisations are all singled out in his speech as being at risk. Many of these organisations will have already made substantial investments in Information Security. I wonder how many CISOs in those organisations will be lucky enough to see their own cyber security budgets increase if requested to improve their defensive capabilities? Or if they would like to enhance their existing capabilities?
In his speech, the Chancellor warns cyber adversaries, “We will defend ourselves, but we will also take the fight to you.” Pretty powerful stuff! Many CISOs we work with already share that sentiment. Which leads me to the question – will we see a greater number of organisations adopting a more offensive approach to Cybersecurity? Not everyone will agree but I strongly suspect the answer to that question is yes, it is inevitable.