The cybersecurity industry needs to push forward global collaborative efforts to combat cyber-threats. This was the message from a panel discussion during the UK Cyber Security Association’s One Day Summit Event.
Governments need to play a major role in facilitating alignment in this area. Still, the panelists believe the industry associations, who operate in and fully appreciate the increasingly dangerous cyber-threat landscape, must take the initiative for real progress to begin. Professor Lisa Short, director & co-founder of P&L Digital, emphasized that the digital world is borderless, and “the attacks we’re seeing have a global impact.” Despite this, countries are largely still operating in silos regarding cybersecurity, favoring a “nationalistic approach.” She added that as of yet, there hadn’t been a significant global event focused on cybersecurity among major world leaders. “We haven’t seen the 193 nations of the UN, the G7 or the G20 get up with industry experts and have a discussion on what can be done at a global level.”
Chris Windley, co-director of UK Cyber Security Association, noted that while there is much more governments can do to foster collaboration, “we can’t really wait for them, we have to act right now and communicate globally and cooperate.” He believes it requires the leadership and insights of industry organizations like the UK Cyber Security Association and the Cybersecurity Global Alliance to force change.
Short concurred, stating that government machinery is traditionally slow, and left to its own devices, cannot keep up with fast-moving and agile cyber-threat actors. Additionally, she said that most decision-makers do not have the technical knowledge required to enact the proper steps in this space. “Unless they start to have collaborative discussions with industry organizations, who’ve got very deep networks with a multidisciplinary approach, then they won’t address the challenges at the pace of change that we require,” she commented.
A critical aspect of this approach is for the industry to educate governments on just how serious a problem cyber-threats are and the potentially catastrophic impact they may have. James Castle, founder of Global Cyber Security Alliance, said governments need to start treating this thing as an act of terrorism,” adding that “once we have achieved that then the government will be able to start working with organizations.”
Once governments are working more closely with industry and treating cyber-threats with the seriousness they deserve, they can develop the necessary global infrastructure to foster collaboration. For example, Short advocated developing an international communication system, enabling intelligence to be rapidly passed between governments and organizations, in the same way as there are tsunami and terror warnings. “I don’t think there’s enough communication occurring when there’s intelligence known about potential movements in this space, potential attacks that have occurred and letting the rest of the world know in a much quicker way,” she outlined.
The cyber industry must be at the forefront of such an approach, according to Short. “We need to take this seriously and start to communicate and pass intelligence between organizations around the world.”
Bishakha Jain, senior cybersecurity consultant at IBM India, agreed that communication is key to global collaboration but cautioned that “there has to be a strategy in place.” To communicate effectively between different countries and organizations, “governments need to join hands with everyone to build it together.”
While there is a long way still to go in this space, Windley said that given the surge in high-profile cyber-attacks over the past year or so, we are seeing signs that governments are starting to take the issue more seriously. This includes measures recently introduced by US President Joe Biden in this area, such as an executive order mandating zero trust for all federal government software suppliers.