Analysis / Is it time for a Cyber United Nations?
Is it time for a Cyber United Nations?
31 May 2018 |
Is it time for a Cyber United Nations? How would it function? Who would be part of it? Could such an alliance even work? TEISS explores these questions with experts in the field Tony Krzyzewski, Director at SAM for Compliance Ltd and Elias Okwara, Resource Development Manager at Aga Khan Academy.
Cyber collaboration; how are we doing?
With the increase in nation state cyber attacks, there has been call for better collaboration between states. Whereas private companies are getting better at sharing information, nation states still have far to go.
Tony Krzyzewski strongly agrees with this view, "If you look across the globe at the moment, every year you see the great outpouring of reports about 'this is how badly we did over the last year'. But nothing moves much beyond that until the next report comes out and that seems to be the only feedback mechanism that exists on an international basis."
Perhaps this is due to the ambiguity about nation state engagement when it comes to cyber issues. This, Elias Okwara points out is why we don't have unanimously accepted rules around at what point does a country retaliate. Questions that make the issue challenging are: How do you measure the retaliation in terms of its impact? How do you figure out a proportional response to a cyber attack? What happens when a nation state attacks foreign companies?
Also of interest: How Huntsman Security CEO is bringing the human touch to cyber
A Cyber United Nations
So is a Cyber United Nations the answer? Perhaps, but both experts have mixed views of how that would work.
Tony thinks a United Nations of cyber security that brings like minded people to work together could be beneficial, however he feels it would be best structured in a decentralised way.
He outlines a model where regional groupings can react to situations within their particular geography. "Then we interact with other regional entities so that we can react faster," he adds. He highlights the importance of sacrificing the regional politics for the greater good and not for meeting our own political goals.
Elias wasn't sure whether a slow moving organisation such as the UN, driven by major state interests, was the best structure to get actionable tasks done. "The cyber world is constantly evolving and we need to establish some set of rules of engagement in a way that is responsive to the quickness of the cyberwar," he says.
Elias sees the UN playing more of a "convener" role who brings all the parties to the table. But he doesn't see them necessarily as the drivers of the agenda.
This role should be given to the private sector, Elias feels, because companies are constantly on the frontline of cyber security issues. "They are constantly being attacked and for them security is a big deal because it means dollars and cents. So they have an incentive to actually take concrete steps to mitigate the uncertainty around cyber warfare," he states.
The challenge in bringing nation states together, Elias says, is there'll be an additional effort to actually get them to agree on a common agenda.
Also of interest: How do China and North Korea’s cyber personalities compare?
Private companies vs nation states
But should private companies really be leading the way?
Tony is not so sure. "They have to be nation state driven. If it is purely industry, then there will always be a perceived vendor bias in there. I think that nations have to get together and say we have a problem. We accept that we have a problem and we have to fight together to counter this problem. Once we've accepted that and some countries are willing to put funding together, then we can call on the vendors to bring their input, advice and expertise and go forward from there," he says.
However Tony does see that it can't be bogged down in the political stances and masses of paperwork - as is often the case with the UN. He underlines the importance of this being an alliance which is a lot more dynamic than activities we are seeing at the present time.
The issue of vendor bias does not seem to trouble Elias who explains that the benefit of the private sector is its ability to think about cyber security in a more holistic way.
Elias states: "I'm sure that they (private companies) have specific interests at heart but given that they have been at the frontlines, the benefit of having them at the table playing spearhead, outweighs the potential of conflict of interest."
Also of interest: TEISS among Top 10 UK Cyber Security Blogs!
A cyber network that builds trust
With collaboration, of course, there comes the need for trust, something which is not always easy to build between countries or companies. So what will it take to establish and maintain that trust?
Elias thinks that companies and nations must share information without necessarily being specific to any entity, individual, or particular situation. The key is to establish patterns that would then inform the action plan on how this sort of cyber warfare organisation or sets of organisations can actually move forward.
For Tony, it's going to take good leadership. "We need to ask ourselves as an industry, "What are we here for? Why do we exist as a business? Do we exist to extract money from our customers or are we here to protect their information and the systems that are processing that information? It's time for somebody to stand up and say we're here for the benefit of our customers. And for the benefit of our customers we need to cooperate across the industry."
It may take time for such an alliance to form; but at least the conversations are happening now. Perhaps we should take inspiration from Kofi Annan's statement about the purpose of the United Nations, "More than ever before in human history, we share a common destiny. We can master it only if we face it together."
Cooperation is the way forward because the risks of not doing so are too great.
What do you think? Could a Cyber UN work? Leave your comments below!
Latest posts by Anna Delaney (see all)
- What’s the big deal about zero trust? - 10th May 2019
- Is it time for the cyber security industry to grow up? - 3rd May 2019
- Security training: should we give humans a break? - 26th April 2019
- How to deal with spear phishing effectively - 12th April 2019
- Are marketeers employing the same tactics as cybercriminals? - 12th April 2019