Opportunities for International Collaboration

The ISAO SO is highlighting the roster of experts we’ve selected to participate in the upcoming inaugural International Information Sharing Conference, October 31 – November 1 at the Walter E. Washington Convention Center in Washington D.C.

Stuart Murdoch, CEO and founder of Surevine, a UK SME, specializing in smart and secure collaboration technology for the National, Homeland and Cyber Security domain, will be presenting “International Collaboration Opportunities” on day two of the conference. Register today!

Cyber is borderless.

You’ve heard it often, probably. In fact, at every event you’ve been to this year. You and I no doubt nodded vigorously in agreement. But what do we really mean when we say that cyber is borderless?

Perhaps we mean that cyber crime is borderless. Certainly, even relatively novice cyber criminals actively take advantage of different regulatory regimes and the relative lack of maturity of law enforcement in different states to pursue their activities. These differences make their crimes easier to commit and make it less likely that they will be caught.

So, is it right to think of cyber crime as borderless? Or is it better to think of cyber criminals as understanding and actively taking advantage of those borders to further their criminal activities?

Maybe it’s better to think of cyber response as being borderless. Cyber security is often characterised as a team sport, and it is clear that no one individual, team, organisation, sector or state can hope to tackle the threat in isolation.

But every individual working within a team, as part of an organisation, and subject to the laws of the state, is operating within borders. In states which operate within the rule of law, those borders exist for good reasons.

Those borders protect the commercial confidentiality, intellectual property and trade secrets of the organisations for which we work, ensuring that they maintain their competitive advantage.

Industry sectors within which organisations operate, especially those which form part of Critical National Infrastructure, will be subject to regulations. When the organisation is in the hands of private industry, that regulation ensures that there are borders between industry operators to prevent collusion and ensure competition to the benefit of the consumer. Regulations can likewise mandate controls to ensure the resilience of the critical infrastructure, to the benefit of the wider economy and citizen.

Within the borders of sovereign states, laws are enacted and enforced which protect our privacy and our rights as citizens. Our need to enforce laws and protect our interests against cyber criminals across borders doesn’t mean we can pretend those borders don’t exist. Effective cyber-security isn’t borderless, it needs to understand those borders, to respect them, and use them to our advantage.

The Cyber-security Information Sharing Partnership (CiSP) was established in the UK following the London 2012 Olympic Games. For the games to be a success required international co-ordination and for British Industry and Government to co-operate to an unprecedented level on matters of safety and security.

The CiSP built on the trust which was established, to form a National platform facilitating public-private and truly cross-sector collaboration.

But it’s a partnership that understands and works within borders. It ensures that what those borders exist to protect, remains protected: privacy; trade secrets; competitive advantage; and the resilience of our critical national infrastructure.

International opportunities for collaboration on cyber-security will be successful where they too understand and respect borders, keeping all of us, together, one step ahead of the cyber threat.