Following last week’s publication of a UK national Cyber Security Strategy, the FT devoted a leader column to “Cyber security risk” highlighting the growing threat of cyber warfare to national security and resilience and its future role in conflict.

This is a subject close to the technology industry’s heart, and the recent publication of a national Cyber Security Strategy has now also focused Government’s attention on what many believe is the newest theatre of war. Whilst we at Russell Square therefore applaud the FT’s interest in the subject, I cannot help but disagree with their fundamental conclusion – that developed economies (including the UK) are better placed to withstand the collapse or compromise of our digital networks than less developed equivalents.

I’d posit that in truth the opposite is true - the UK is one of the world’s most technology dependent societies, and the impacts for Government, business and citizens of even part-failure of our “digital backbone” would be unprecedented.

As the 2003 power blackout on the east coast of the United States (which was itself, some say, caused by overenthusiastic Chinese cyberagents) proved, the inability to use ICT sends most developed world businesses and many vital public services – which depend solely on the Cyber domain for trade, communication and finance - back to the digital Dark Ages.

This contrasts sharply with less technology or service-based economies, where networks are both more limited and less integrated into business processes, and agricultural or manual industries could largely continue to function – Britain’s banking sector or creative industries could not.

We know that both state and non-state adversaries are using the Cyber domain to attack national infrastructure and our open and globalised society’s dependence on its digital backbone makes us an extremely vulnerable target. Intellect therefore welcomes the advent of the Cyber Security Strategy, and looks forward to helping Government use industry’s expertise, experience and innovation to aid its implementation.

By Joel Grundy, Defence and Security Programme Manager

There seemed to be less suspicion amongst commuters on the London Underground this morning as the papers reported a slow-down in the spread of the Mexican swine-flu outbreak.

Having been party to discussions on pandemic flu in my role as Defence and Security Programme Executive, I knew that a full blown outbreak could be devastating. With only a third of workers off sick, business would grind to a halt, money would run out at cash points, supplies would run out at shops in under two days and hospitals would be overwhelmed. For the moment we have got off lightly, but pandemic flu remains at the top of the Governments security concerns, above natural disaster and terrorist attack. 

So in one sense swine-flu can be seen as a blessing – it is a timely reminder of what could be, and a prompt for Government agencies, organisations, businesses and citizens to work together to prepare in earnest for a pandemic.

Some good work is being undertaken by business continuity experts and voluntary organisations to prepare for such eventualities, but as always, more must be done. 

What is often forgotten, and should be addressed in the post swine-flu fallout is the use of technology to improve emergency response. As we have seen this week, timely information is key to directing emergency responses, and in the case of flu-outbreaks requires multi-agency, international communications. These communications are currently hampered by a lack of information standards, and any detailed testing or analysis of the adequacy of national and international information flows in emergency situations. Work must be undertaken with the technology community to ensure that in the case of a sustained pandemic outbreak, the right people have the right information to act in time to save lives.

By Rachel Wrathall, Programme Executive.

Last week a cohort of Intellect members braved the snow and travelled down to Corsham – near Bristol – for an industry day with the Ministry of Defence’s Information Systems & Support (ISS) commercial team. Organised by Intellect, the day was intended to give ISS staff an insight into the business drivers and processes of defence companies. This featured a series of presentations and discussions covering everything from how companies approach business opportunities to what happens when things go wrong. 

Most of the speakers addressed the bidding process, and very quickly a few common themes emerged. One was the importance of creating a level playing field between incumbent suppliers and new contenders. One presenter likened this scenario to going on a first date. First-time bidders ask themselves: ‘am I there because there’s an interest or simply to make others jealous?’ In other words, is it clear from the outset that the contractor wants to stick with the incumbent or is there a genuine interest to strike up a new relationship?

Another was that early engagement with the contractor is a good thing for both the MoD and suppliers. In the world of romantic liaisons, we all know that lying on the first date is bound to get you into trouble down the line, and by the same token, defining expectations and business requirements from the outset will help to ensure success in the long run. Early engagement typically leads to better outcomes precisely because it sharpens everyone’s understanding of what the desired outcome actually is.

A third issue concerned the sheer cost of bidding – in terms of time and personnel required – meaning that industry reps almost find it harder to get sign-off from their own board than to secure the tender at hand. Because the cost of bidding can be disproportionally large to the value of the contract, industry speakers urged the MoD to streamline the bidding process. At the risk of stretching the analogy, the first date simply doesn’t always have to be the three-course, Michelin-starred, full-treatment option. Rationalising the bidding process would result in savings for the MoD itself (since bid costs are covered in the contracts) and help to stimulate competition as lowered costs of entry encourage more companies to throw their hat in the ring.

Overall, much of the ensuing discussion revolved around the kind of relationship companies wanted to build with the MoD. Successful projects require a sense of shared responsibility, presenters argued. For this to work, both parties need to be open and forthcoming with each other, both in good times and bad.

Unrequited love and first dates aside, this industry day was a fascinating and useful exercise. While the MoD and its suppliers are driven by very different imperatives, the challenge lies in the fact that they must deliver outcomes together. These can best be achieved through partnerships designed for the long term.

By Sebastian Fox, Programme Executive

Today, 28 January 2009, is the third European Data Protection Day– how apt that it should follow yesterday’s report of colossal data theft from the online job site Monster.co.uk. What better time for the Information Commissioner's Office (ICO) to remind businesses of the importance of data protection:  today it launches the Personal Information Promise- a list of key commitments that organisations can sign up to, to demonstrate their commitment to data protection.

Major data losses in both the public and private sectors have demonstrated the need for increased awareness and action in this area. The capabilities of the technology industry, alongside the appropriate process and behavioural changes, are vital tools in the effort to protect data and improve information security. In a climate of decreasing consumer confidence, people need to feel – and know – that their data is safe, and not simply because if lost, it might fall into the wrong hands with ill-fated consequences. Increasingly, poor data governance is likely to reflect on organisations’ overall ability to run effectively.

Data Protection Day will hopefully serve as a wake-up call to all organisations; but while cost-cutting is high on the corporate agenda, business leaders would do well to remember that information security is a long-term commitment that requires a long-term strategy. With the right approach, technology can turn data protection from problematic red tape, into a powerful tool for increasing business efficiency. And without it, data security breaches could prove increasingly costly.

Intellect is looking at these issues in a number of forums, including its Security and Privacy group, Information Sharing group, Data Breach Notification working group, and the Document Management group's papers 'Safeguarding information, reputation and corporate productivity - a guide for information governance' and 'Addressing information risk and compliance'. Intellect will also be looking at these issues during the upcoming Data and ID Management Conference, in Autumn 2009.

By Scarlett Graham, Programme Executive.

This week the Home Office announced the creation of the new Police Central e-crime Unit (PCeU). The PCeU promises to tackle cyber crime and clamp down on internet fraud, and will provide ‘specialist officer training and co-ordinate cross-force initiatives to crack down on on-line offences.’

This is to be applauded, particularly given the nature and scope of the problem. Today e-crime is alive and kicking; tomorrow it will be an even greater threat as commercial, business and personal transactions increasingly go virtual.

Just today, for example, The Guardian reported that losses from online banking fraud have tripled, tallying up to £21.4m in the first half of 2008 alone. The private sector is not exempt from cyber crime either; one must only consider the incident with T K Maxx last year, where data thieves extracted the records of over 45 million credit cards.

The government has had e-crime on their radar for quite some time – as the Metropolitan Police Computer Crime Unit attests to – but until now it has lacked a coordinated strategy for dealing with these issues.

It should be the role of the PCeU to provide such a strategy, though needless to say this is a tall order. Not only must it develop a cutting edge investigative capability, but also work together with 42 police forces across the country, which is easier said than done.

Both of these challenges are reminiscent of crime fighting in the good old days when things were more black and white. The ‘e’ in front of crime can be confusing, sometimes introducing an artificial distinction between electronic crime and crime ‘in the real world’. E-Crime is in fact very real, so the title merely refers to how and where it takes place. The web may be the new battleground, but we're still fighting the same old crimes.

By Sebastian Fox, Programme Executive

It’s over for another year - the floors have been swept clean, the banners have been taken down and the last staff member has been persuaded out of the bar. Intellect’s second Security & Resilience conference took place on Monday in Kensington, and like last year we had a lively day discussing terrorism, flooding, flu, and other threats and hazards. The landscape has evolved, but fundamentally the UK is still very vulnerable to a range of manmade and natural risks, and the technology industry is a key stakeholder in helping build up our prevention and response ability.

The big change from last year was that during yesterday’s morning session, our chairs Clive Richardson and Steve Kingan launched our new Security & Resilience outputs – a market map of customers in the sector, an industry map of companies’ capability, and a wiki for the sector called ‘Securipedia'.Steve and Clive also presented our new position paper, called ‘The Jewel in the Crown’ which calls for a national information architecture so that the UK can have a more joined up security & resilience community. These outputs have been a big part of the group’s work over the last year, and it was great for the programme, and all our members who contributed, to see them published.

The conference was held under Chatham House rules, but we kept track of a few highlights through the day to give a flavour of the event in a ‘live blog’ sort of way:

09.40: John Higgins, Intellect’s Director General, opens the conference using the infamous Hadron Collider as a metaphor for Intellect’s role, trying to make the flow of ideas from industry and Government meet in the middle. Our Defence & Security chair, Clive Richardson, echoes this in his opening address and says he hopes this conference and the paper mark a big turning point in the industry-Government relationship.

10.23: Steve Kingan, chair of Intellect’s Security & Resilience group, introduces the maps  and Securipedia, thanking the members who’ve worked so hard on them, and has barely paused for breath before talking about the next phase of work..(Intellect staff start cancelling holiday plans). In the panel session which follows, members bring in some international examples which support our ‘Jewel Architecture’  strategy.

12.05: One of the most interesting parts of days like this is hearing new statistics. During a session on resilience the panel discusses problems like coastal flooding. The sheer number of people likely to be evacuated (and the length of time before they can return home) in this kind of scenario is always mind-blowing. The stat that will stick in the mind, though, is related to the national fire strike in 2002, when over 19,000 armed forces personnel were called in to keep the fire service running.  One of our MoD speakers delivers the first animal metaphor of the day with a good icebreaking joke about bunnies and smoking.

14.14: Security & Resilience group Vice Chair, Jim Sibbald, uses the first lines of his address to poke fun at me - I should never have sat near the front. Once the laughter has died down, Jim gives a characteristically thoughtful presentation on the fragmented geographical information area, offering a good practical view on some of the generic information sharing issues the conference has been considering.

15.05: Discussions with our panel on security for the 2012 Olympics have become quite lengthy, and its clear there’s a passion in the room for industry to play its part.

15.15: Conversation continues into the afternoon coffee break, and despite the allure of some excellent scones, delegates are still going over some of the discussion points on protecting national infrastructure in 2012. Some interesting stuff also emerges about how different local authorities are approaching their bit of the games.

15.57: I’m the butt of jokes again, and animal gags appear to be the order of the day. Andrew Fitzmaurice is using a joke about moose hunting to illustrate a point about information assurance, and somehow I’ve been made a character in this tale. Andrew does at least spread the humour around, with a very funny visual gag involving Brad Pitt’s role in the siege of Troy.

16.10: In an unpredictable turn, the panel session on cyber warfare is debating an interesting proposition – whether the lack of recognised global information standards for security equals market failure. The conference isn’t trying to rewrite the modern laws of economics, but drawing on themes from the current financial services debate, members are pushing the envelope in considering whether the sort of market pressures which created a VHS standard, for example, can apply in an area where failure isn’t an option.

17.05: The references are coming thick and fast now. During a discussion on the impact of the sort of architecture Intellect is proposing, Les Gregory from sponsors BAE Systems raises the question of whether Walter Raleigh could have foreseen the effects of introducing tobacco, whether Henry Ford could have understood how the car could change society, and whether Tim Berners-Lee expected the internet he helped build to fundamentally alter our way of living. Heady stuff, and along with the briefings earlier in the day it helps to focus the mind on how contemporary action could shape national security for a generation or more.

17.40: Angela Singh from the Home Office is very complimentary about the leadership role our DG, John Higgins, is playing on behalf of industry. John isn’t quite blushing, but it’s close!

21.10: Over dinner, Gordon Corera from the BBC is involved in a fairly animated discussion with members about the role of the press in security. Over the course of today there’s been a lot of agreement about the centrality of “information” in both the hearts and minds campaign abroad and preventing radicalisation at home, and there’s some back and forth going on about whether the media is a player in the information war, or part of the playing field.

22.00: Coffee and sweets are long since finished, but the chairs are still full of industry and guests discussing the issues raised today. These are serious times in security & resilience, and its clear that the debates which take place in our industry are part of a wider tapestry, and will continue on - which means we’ll be back in a year’s time to see what’s changed.

By Joel Grundy, Programme Manager

‘Machines to scan faces of travellers at UK airports’ read the title of Chris Hope’s article on Stansted and Manchester airports’ facial recognition trials in the Telegraph on Tuesday. Uncertain of whether to relate this to border security or the eagerly awaited Terminator film starring Christian Bale, I read on with renewed vigour.

Thus it emerged that the Government has launched a new biometric trial designed to tighten security and speed up passenger traffic through immigration. The project is part of the UK Border Agency’s long term strategy ‘for ensuring the UK continues to have one of the most secure borders in the world.’ Providing all goes to plan, this can only be a good thing.

Yet the trial has come under intense scrutiny, primarily for using what critics regard as an ‘unproven technology.’ In 2001 Super Bowl officials deployed facial recognition technology to try and match faces of the crowd with those of sought-after suspects. It all resulted in a spectacular failure, with the system identifying more than a dozen potential matches, all of which turned out to be false. Deploying the same technology in airports could be catastrophic, critics say, and will result in security breaches putting the public at risk.

While this appears to be a knockdown argument, perception differs from reality. There are two reasons why the Government’s facial recognition trial is worth undertaking. Firstly, the system involves ‘one-to-one’ rather than ‘one-to-many’ verification. Unlike the Super Bowl scenario, the person’s facial characteristics are matched against their passport photo alone, not a watch-list of wanted criminals. Secondly and on a related point, ‘one-to-one’ facial recognition is in fact a proven technology. Faro airport in Portugal, for example, has been using it successfully for over a year now, enabling holders of British biometric passports to skip the queues and make it though immigration in about 20 seconds.

Surely that is why a trial can only be a good thing. As biometric technologies become a more prominent feature of border control, it will be important to take them through the rigorous testing procedures that ensure success in the long run. I for one am excited by the prospect of a speedy return through border security after a long and tiring journey. Biometric technology is improving all the time, and with this so will security and ease of passage at our borders.

By Sebastian Fox, Programme Executive.

The UN on Friday rapped the UK Government for creating security laws that erode the basic human rights of liberty and freedom of speech. In the UN’s view, the Government has embraced technology to try and protect national security, but in the process has restricted personal liberty.

How to retain individual freedoms whilst protecting national security is a problem the UK – and many other countries - have been agonising over for a while now. The attacks on London's transport system in July 2005 and at Glasgow airport in July 2007 instilled fear into the daily lives of thousands of ordinary British people. Government responded to the changed national security context with the publication of the UK's first National Security Strategy and the amendment of various laws - including the contentious introduction of powers to hold terror suspects without charge for extended periods of time, and the introduction of a grand database to hold details of citizens’ emails and phone calls.

In July, Gordon Brown delivered a speech on liberty and security calling for the use of modern methods and technologies to effectively counter threats to national security. True, globalisation through the unprecedented advancement of technological change has enriched the lives of many people across the world. Conversely, technology has also increased the reach of people bent on waging a war on the west. Extremist groups, through modern means of communication and transport, are now spread across international borders.

This is the age of the internet, where almost anyone can have their 15MBs of fame. The internet has projected the voices of millions of people - some have harmful intent, but most of us just want to keep in touch with friends and express our views on our rich culture.

The Government must be more savvy in its use of technology to protect national security if it is to counter its critics. Technology can be used to detect weapons and bombs at airports, counter cyber attacks and identify international crime rings - there should be no need to restrict the voices of individuals in the process.

By Rachel Wrathall, Defence and Security Programme Executive

The Prime Minister addressed industry and stakeholders at the IPPR this week with a speech on balancing security and liberty. His focus on the need for modern, interoperable solutions to constantly changing modern threats was warmly welcomed by industry. Intellect’s members believe that whilst globalisation and the proliferation of information, communications and digital technology have been a boon for the UK, they have also created new dependencies and vulnerabilities which must be addressed.

Instantaneous communications and information technologies underpin our economy’s ability to generate wealth in sectors like financial services, and make possible the sharing of inconceivable amounts of information on almost any subject via the internet. Once again, however, this progress comes at a cost – that of a minority who use it for subversion, radicalisation and to commit crime. The globalised nature of contemporary organised crime and terrorism is a grisly monument to the all-pervasive nature of our industry’s capabilities.

Nor has technology’s impact been merely to extend the reach of existing threats – it has also created whole new arenas for conflict. Cyber warfare is a relatively new phenomena in its modern form, made possible by the widespread adoption of high speed internet infrastructure. Critical national skeletons of power, water and healthcare utilities are increasingly reliant on massive networks of ICT, which are now susceptible to cyber attack – whether from shady terrorist groups or more traditional state foes.

Computing readers will recall the widespread power failure that hit New York and dozens of other major cities in Eastern US States in 2003. A leading American policy journal recently suggested that the outages originated in overenthusiastic hacking by Chinese Government agents. UK policymakers are alive to these new theatres of war – the Ministry of Defence is to dedicate increased time and resources to the combat of cyber warfare .

The picture, as Gordon Brown pointed out, isn’t all doom and gloom. Technology has created and influenced threats to national security, but it also makes fighting and resolving them more effective and more efficient. Criminal detection at all levels has benefited from the use of CCTV and DNA technology, and the ability to follow criminals’ electronic and digital trail as easily as Poirot followed footprints by the conservatory. Early warning systems for natural disasters and improved communication systems for response coordination mean that in the face of natural disaster, responders are better linked and better informed than ever before. 

Technology has changed our economy, altered our civil society and as we are now seeing is changing our security. The UK isn’t alone in recognising it – this week the French publicised a long awaited strategic review of Defence & Security , whose themes of international interdependence and the prioritisation of information and intelligence are encouragingly familiar to those who’ve been following this debate in the UK. Western security strategies are starting to agree on common challenges, and industry will play a major role in helping to implement the sort of flexible, coordinated and cohesive responses needed to face them.

By Joel Grundy, Defence and Security Programme Manager

Alas. Once again, we are invited to mourn the loss of hundreds of thousands of peoples'  personal data. The culprit? HSBC. The ramifications? Unknown.

Given the data losses of recent months – each with essentially unquantifiable yet potentially grave consequences (financial and identity fraud spring to mind) – is it really too much to insist on the proper, safe and secure handling of data?

This catalogue of errors makes two things especially clear. Firstly, that information is crucial to the operation of society and our everyday lives. Secondly, that information, despite this impact, continues to be both undervalued and underrated in comparison to the conventional triad of people, property and pounds. In other words, government, industry and the wider public have still to learn to regard information as precious rather than to treat it as a trivial commodity.

In this sense, recent developments should not be interpreted as a refutation of technology as much as the need to better align people, processes and technology on the organisational level. In practice, it simply cannot be allowed for organisations to transfer masses of data without taking the necessary precautions.

In order to effect organisational change, responsibility must be the key word. It is the responsibility of management to educate its staff around the handling and use of personal data and to ensure that appropriate rules, regulations and guidelines are put in place. These steps will be essential if technology is to be used effectively and to the benefit of the consumer.

Sebastian Fox - Programme Executive