Last week’s Cyber 2019, Chatham House, proved to be an excellent event, drawing together some of the most senior people in the cyber world to discuss and debate issues of governance, regulation and security of cyberspace.
The event aimed to explore the following questions:
Will nation states reach a consensus on responsibly governing cyberspace?
How can governments and industry collaborate effectively to combat cybercrime?
How can AI be used responsibly to secure cyberspace?
Who should be held accountable in the event of a cyber-attack?
Is there enough attention paid to the ethical aspects of cyber policy and regulation?
Not easy angles to tackle or solve, and questions are left lingering, but it certainly highlighted the ever growing geopolitical tensions and industry challenges we are currently facing.
The conference, as one might expect, was held under the Chatham House Rule*. However, keynotes were addressed by Ben Wallace MP, Minister of State for Security and Economic Crime, Home Office and a Senior Representative of the National Cyber Security Centre, GCHQ.
One topic which, unsurprisingly, raised multiple questions from the audience was “Huawei”. Security minister Ben Wallace displayed uneasiness at the Chinese control of 5G tech, "The big question for us in the West is actually, how did we get so dependent on one or another? Who is going to be driving 6G? How are we, in our society, going to shape the next technology to ensure our principles are embedded in that tech? That's a question we should ask ourselves: were we asleep at the wheel for the development of 5G in the first place?"
It will be interesting to see how this develops.
One of the most engaging panels focused on, “Crisis Management, Mitigation and Accountability”.
The session explored the practical implications of a cyber-attack, the fallout of a data breach and managing the loss of trust for a company.
But a data breach does not always lead to disastrous consequences. It’s important that organisations ask themselves, “did we take appropriate steps?” If yes, then there’s a chance it might not be all that bad.
The greatest cyber security threats to an organisation still remain the insider threat and third party suppliers.
With regards to the insider threat, it was advised that security teams work closely with HR, because HR is often the best positioned department to see early warning signs develop from disgruntled or distressed employees.
One of the experts advised not to rush to notify the regulator before you’ve taken time to assess the case; you probably have more time than you think to prepare and gather the relevant information. They also stressed the importance of “maintaining the perception of control”. Not dissimilar to the well-known adage, “Be like the swan, glide gracefully on the surface but paddle furiously beneath the water”.
*When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.