Well it has taken over a year to get the "system" out of my system and it is good to be writing again. I was pleased to see that the UK Government has run an event to urge business leaders to step up their response to the threats of cyber security and produced a number of guides to help them understand the challenges and what they can do about it – the details can be found here. Much of the advice centres on basic awareness and training, which reminds me of the challenges of mixing senior people and technology together:
This Executive calls in to complain that he gets an "Access Denied" message every time he logs in. It turned out he was typing his user name and password in capital letters.
Tech Support: "OK, let's try once more, but use lower case letters."
Executive: "Uh, I only have capital letters on my keyboard."
NOT THAT ANY OF US HAVE RECEIVED AN EMAIL IN CAPITALS FROM A SENIOR COLLEAGUE, or indeed only notice the PC turned on in winter as the boss uses it as an extra light source, of course not…
We have also published a "White Paper" that details the difficult marriage between technology and cyber security. My overall premise was that in a world where business, government and citizen interaction is intertwined with technology, and the technology itself comes from a global supply chain, the only way that we are going to make progress on cyber security is to collaborate and have open dialogue and communications between as many parties as possible, even though this might seem difficult to some.
The problem with collaboration of course is it implies trust and in a world where every government and every company is fighting to keep their heads above water and not be a victim of the economic and competitive challenges that we all face, trust seems to be pushed lower and lower down the priority scale. However there is much we can and should do. Take the advice just published by the UK Government – good advice it is to – and they should be applauded for taking such an initiative. I just wonder if we could have combined this advice with the advice from the SANS institute, or the advice from NIST or, the advice the Signals Directorate in Australia, and, and and… If we could have got 20, or 40 or 100, or 200 countries to agree on the same advice and have a unified programme of raising the cyber protection bar globally maybe, just maybe we can start to limit the options that the bad "guys" have.
To make progress we must move away from a single company or country trying to change the world to us collectively working together to change the world.
If you are passionate about the huge positive difference technology has made to the world and you want to see this continue and not be slowed down by the ever increasing challenge caused by the challenges of securing technology then all of us should be calling for a unified approach to securing the global technology supply chain and the technology we use in our daily lives. We should ignore the "nay sayers", ignore the "finger pointers" and do our best to ignore anything that is tinged with political trade protectionism or indeed competitive protectionism and focus on things that we can collectively change – there is plenty we can do.