How can we take cyber from a technical issue to a political priority
This week we welcomed experts from across industry, politics and academia to share their perspectives on how we can best communicate cyber to policymakers in a well-attended and thought-provoking webinar.
The panellists included:
- Simon Fell MP, Chair of the Cyber Security APPG
- Jen Ellis, Vice President of Community and Public Affairs at Rapid7
- Saj Huq, Director of LORCA (London Office for Rapid Cybersecurity Advancement)
- Joe Baguley, VP and Chief Technology Officer EMEA at VMWare
- Dr Joe Burton, Research Fellow, Chatham House
The discussion touched on a number of key topics for industry and policymakers to consider when approaching the cyber debate, key takeaways included:
1 Mainstreaming cyber
The panellists agreed that cyber was increasingly on the agenda of policymakers and politicians, with Simon Fell MP clear that Ministers across departments are taking this on as a key issue. Jen Ellis felt that getting civil servants interested was no longer the issue and that the focus should now be on creating greater sophistication and engagement. In this context it was noted that the spread of cyber across many different sectors was one of the more difficult aspects to manage alongside the fact that industry had been too successful in making cyber a niche issue. However, the non-bipartisan nature of cyber in the UK was commended and offers a lot of potential.
Panellists felt that there is, however, still a need to connect with people in Parliament and Government who are not already living and breathing cyber to ensure it is more effectively mainstreamed and can be engaged with in a more sophisticated and nuanced way.
2 Entrenching trust
Raising the profile of cyber shouldn’t just be about scaring people into caring – we need to be careful to build public trust to get their buy-in. This is particularly difficult because currently, when cyber is working well, no-one is talking about it. To ensure that security and technology are an enabler of societal transformation rather than a barrier, more must be done by industry to make cyber more accessible at an organisational level, and across society as a whole.
One of the key barriers to a more effective debate around cyber was felt to be education, with Dr Joe Burton noting the significant investment crisis at all levels of education. Saj Huq agreed that whilst we give people access to technology at a younger and younger age, we don’t educate people in parallel, and this needs to change.
4 Intrinsic security vs the human side
The panel also noted the tension between relying on humans and empowering them, and seeking more automated and intrinsic fixes. Whilst Joe Baguley and Simon Fell MP agreed that the human element will always be the weakest link, with more of a push given to ‘secure by design’, others noted that there was still a role for humans. Dr Joe Burton cited the importance of human-machine teaming and Saj Huq noted examples of where deploying human at the right point was key to a more rounded security solution.
5 Collaboration – domestically and internationally
Geopolitics and international dimensions will naturally continue to play a huge part in policymakers’ response to cyber threats, particularly as Simon Fell MP highlighted the work of the APPG doing a lot of work around Huawei, and the tensions that increased focus on security will have for other political priorities like broadband coverage.
Panellists were also interested in where the UK’s changing place in the world may impact our approach to cyber, with Dr Joe Burton stating the UK should be prepared to renegotiate our cyber relationship with Europe as we approach Brexit, and that utilising other avenues such as NATO, the UN Security Council and expanding Five Eyes will be crucial in continuing this collaboration across jurisdictions.
On collaboration more broadly, Saj Huq was clear that there is a lot to do from industry to help policymakers prioritise and make tactical decisions that are strategically aware in the face of rapidly changing technological landscapes.
So, what should we be doing differently when communicating cyber?
As stakeholders look to elevate and influence the cyber debate it was clear from the panellists the best way to get cut through was to:
- Engage early – debates in Parliament are often led by what information is received first, especially in sectors where the arguments are particularly nuanced. Ensuring information is communicated effectively and quickly is key, as Simon Fell MP stated, there are plenty of Parliamentarians ready and willing to take this up.
- Link the debate to society, not just IT – we need to move away from seeing and portraying cyber security as a niche and technical issue only to be dealt with by experts, but engage on a societal level, with clear indications of the broader applications and impact as well as the multifaceted aspects of the cyber sector.
- Clarity is key – because of the complexity of the area, and tendency even among policymakers to conflate and misuse terms it is even more important to ensure information is clearly and simply.