Friday 16 September 2011

Respect! I was in the House on Wednesday night ...

Not Portcullis House, which is where Information Commissioner Christopher Graham was on Wednesday morning. No, I was at Chatham House – “the House” – so you’ll appreciate that I’ll be taking even greater care not to identify anyone I was chatting to. Chatham House is both the name of the building in St James's Square and the name by which the Royal Institute of International Affairs is widely known. Its mission is to be a world-leading source of independent analysis, informed debate and influential ideas on how to build a prosperous and secure world for all.

The reason? To discuss the aspects of a recently launched report “Cyber Security and the UK's Critical National Infrastructure”, written by Paul Cornish, David Livingstone, Dave Clemente and Claire Yorke. Sponsored by Detica, it’s part of a series or reports that have been commissioned to try to understand what the problem actually is, and what it is that opinion formers and decision takers can do to address the issues that arise from the problem.

The methodology? By talking to a bunch of senior executives from private sector organisations, the analysis team took particular care to note the language that was used by the executives as they responded to interview questions, to assess just how deeply they appeared to care about a range of issues.

What did the report actually conclude? In a nutshell:

Government cannot provide all the answers and guarantee national cyber security in all respects for all stakeholders. As a result, Critical National Infrastructure enterprises should seek to take on greater responsibilities and instil greater awareness across their organizations.

All organizations should look in more depth at their dependencies and vulnerabilities. Awareness and understanding of cyberspace should be 'normalised' and incorporated and embedded into standard management and business practices within and across government and the public and private sectors.

Cyber terminology should be clear and language proportionate to the threat. It should also encourage a clear distinction to be made between IT mishaps and genuine cyber attacks.

Research and investment in cyber security are essential to meeting and responding to the threat in a timely fashion. However, cyber security/protection should not be the preserve of IT departments but of senior executive boards, strategists and business leaders and it should be incorporated into all levels of an organization.

The response from the audience? Well, surprisingly, a number took up a theme that emerged from a meeting I blogged about on 7 September. And it was about the sort of people who will, in increasing numbers, be responding to cybersecurity threats.

These people are going to be a new breed of respondents.

They’re not all geeks, or nerds. They won’t be dressed from head to toe in Primark. Or George at Asda. Or wear thick glasses and have really pale complexions.

These guys are going to be different. They’re going to be much cooler than the geeks. They’re more likely to shop at Aubin & Wills. Or at Alexander McQueen. Or at Paul Smith. A bit of bling is going to be ok. And tatts. And they will be wearing their hair any way they dare.

We’re talking of a new breed of cyberpeacekeeper. Like someone a lot of us are going to want to aspire to become. Matt Damon. Not Alan Cumming. Beth Bailey and Tariq Masood. Not Katy Price or some Big Brother contestant. Style. Confidence. Good humour. Athletic. Caring. With integrity. Get the picture?

The good guys are going to beat the bad guys by being guys that most of us would want to be around.

Of course there will always be a need for some nerds and geeks - I’m not saying that nerds add geeks are unnecessary. But what I am saying is that as well as the nerds and the geeks, there will be this new breed of cyberhero. And they’ll be masters of the “translation layer”, with an ability to engage with and convert technical terms to the most senior of Board members, and get them to “get it” once and to keep “getting it”.

And how can you join this new breed? Where do you go to sign up? Errr, not exactly sure yet – so keep up those computing and maths studies at Uni, and by the time you’ve graduated I’m sure that they’ll be some really cool jobs that are well worth applying for.

So, if you’re good enough, you might just get an opportunity that most will only be able to dream about.