On 25 October, the GCSP held a public discussion on “Cyber Security and How to Operationalise Cyber Strategies”.
GCSP Associate Fellow Prof Alexandre Vautravers presided over a diverse panel of industry specialists. Opening the session was Ms Michelle Watson, Director and Co-Founder of the Cyber Intelligence Institute, who introduced the core work of the Cyber Intelligence Initiative being the analysis of cyber security, intelligence, policy, and its economic impacts. She outlined the emergence of public/private partnerships as a trend in the area of cyber security that has led to the development of corporate statecraft.
Mr Geoff Hancock, principal at the Advanced Cybersecurity Group and Chairman of the Cyber Intelligence Initiative (CII) Board of Advisors, provided an overview of the current issues in developing effective cyber security strategies from both a public policy and corporate point of view. One of the most significant challenges in the policy approach is the fact that policies are often static or difficult to change, whereas the nature of cyber risk changes rapidly. As such, many nations that have adopted a cyber strategy focus primarily on defence rather than taking a proactive approach to cyber threats. From the corporate point of view, there is a disconnect between executives and IT professionals, with inadequate communication and understanding between the two functions. These challenges are identified as the major hurdles for developing an effective cyber security strategy for the future.
Ms Patricia Schouker, Energy Analyst and Instructor at the CII and Associate Fellow at Oxford University, developed the theme further by describing a holistic approach to risk management, using the example of the energy industry. Essentially, understanding security exposure can be viewed as a three-step process: viewing the components, vulnerabilities, and mitigation. However, there are identifiable gaps in understanding when it comes to the nature of cyber threats and what can be done to effectively combat them. In all industries, it is therefore important to use knowledge to encourage investment in security strategies as an integral part of a comprehensive risk management programme.