In less than two weeks time, it’s the London Conference on Cyber, hosted by the FCO and William Hague.
It’s a big deal this one and the cast list is stellar: Hilary Clinton, the President of Estonia, Swedish Foreign Minister and a ton of delegates from around the world. The aims of the Conference are wide but are focused on trying to draw together some high level principles for the operation of Cyber space
Sophos will be in attendance, and I am looking forward immensely to being there, as I suspect it will be serious but very different from the usual sort of conference I attend. The downside of such high-level events is that in general the outcomes can be woolly and hard to translate into anything tangible. From my perspective, I’m looking to see the application of pragmatism to any outcomes. Agreements on operating principles are great, but UK private and public sectors should be able to draw guidance from the outcomes.
So what are the outcomes I’d like to see?
1. An acknowledgement that Security = Prosperity. The internet enables businesses to transact more cheaply, and public service transaction costs to drop. This can only be done on a stable, long-term basis if people have confidence, and confidence requires security
2. Pressure put on the ‘you know who’s’ of this world that conduct major cyber attacks, and increased penalties for those that are convicted of being active threat actors
3. Walking away from regulation. I’m constantly involved in arguments with peers in the industry that see regulation as the way forward. I am convinced this is a bad thing. Regulation will naturally favour the larger players, pushing out SMEs. SMEs are where the innovation comes from: the majority of economies depend on the SME sector for the vast proportion of their GDP, and frankly, both Google and Facebook were SMEs once.
Fingers crossed that consensus can be reached and we can move this topic along.
Public Sector Security 
Hi Graeme – big question so I apologise!
How do you think the security issue sits versus the benefits of and move towards cloud, outsourced, web based solutions, transparency and the government open source agenda? Is the security issue totally at odds with these or is there a lot of mythology around these technologies?
Hello James
Ahh, this is the perennial biggy right now. I should lay my cards out early. I personally think that cloud is mostly marketing hype. Software as a Service (Saas) and its brethern, yep buy that that (evidence being Salesforce.com’s trasition to global player ina few short years), but cloud is by definition, an amorphus blob or hot air. Storage as a Service, which is what many people think of as a cloud application, is by its very nature, a bit of a pickle security-wise. There are a vast number of issues to worry about including:
What happens to my business if my internet goes down?
What happens to my data if I want to move provider?
How can I move provider?
How transparent can it be, if even the service provider can’t tell me exactly where my data is and what its up to?
What happens if the data moves outside of the UK/EU? How comfortable am I about other jurisdictions being able to subpoena it?
And surely its a huge kick in the teeth for open source?
I’m not saying never to cloud, as it provides a brilliant opportunity for SME businesses to utilise Enterprise grade software. But from a Government perspective, there are just too many contradictions which I’m not wholly happy about
Whatever happens, don’t ask me about this over a beer. I will go on for hours 🙂