The main auditorium of the QEII Conference Centre in the centre of London was bursting at the seams last week as the 2nd Worldwide Cybersecurity Summit got underway with the active participation of such senior practitioners and policy makers as the heads of BT and Vodafone, Kaspersky Lab, the FBI and politicians from the UK's foreign and commonwealth office, France and India.
The theme of the conference was "Mobilizing for International Action", picking up the action from the 1st summit that took place in Dallas. The keynote speaker, the secretary of the Indian Department of Information Technology discussed the imperative of international cooperation and the need to address the dillemas and contradictions associated with cyber-security. The phrase cyber-security itself implies one such contradiction with "cyber" being largely associated with the private sector and commercial development and "security" being a sovereign function at the highest level. The borderless and anonymous domain of the cyber-world is trying to be controlled by entities which are strongly conscious of their well-defined boundaries.
The private sector is largely engaged in the development of technology but, as Shawn Henry, the Cyber-Crime expert at the FBI put it, "you can't tech your way out of this dilemma, people and policies are vitally important". This was also graphically illustrated in the pre-summit briefing material where the EWI identified the rates of advancement in the key areas affecting the ability to fight cyber-crime. Technology is the most rapidly advancing aspect with the least rapid advancement taking place in law enforcement and Agreements, Standards, Policies and Regulations - the human factors.
With the rapidly increasing demands for instant digital gratification as cyberspace colonizes society, as Detica's MD Martin Sutherland put it, the risks are increasing much more rapidly than the ability to respond to those risks. Overcoming that challenge is the purpose of the summit.
Vodafone's Matthew Kirk summed up the requirements as the continuing requirement for risk awareness, Technology, Private/Public Partnerships and clarification of jurisdiction.
So, what happens next?..... The summit saw lots of heads nodding in agreement for the need for international cooperation, public/private partnerships and greater collaboration and information sharing between industry competitors but these are enormously difficult hurdles to overcome. In this regard, there is some criticism that has been levelled at the Summit as being another high level talking shop where a lot would be discussed and little achieved. This isn't the case. Achieving such significant steps as were discussed at the summit requires negotiation, agreements and ultimately ink on paper and the drive at the summit was to attain these. Advances are also being made in terms of improving information sharing with such collaborative platforms as the Global Risk Register enabling the latest risks to be identified, assessed and discussed in real time.
The next Worldwide Cybersecurity Summit will be held in October next year in India where the achievements from the actions put in place at this year's summit will be assessed.
For more information on the Global Risk Register, contact firstname.lastname@example.org