Since its inception around the 1970s, cybersecurity has evolved. It has traditionally been defined as implementing tools, processes, and technology to protect computers, networks, electronic devices, systems, and data against cyberattacks. The main aim has been to protect individuals and enterprises to limit the risks of theft, attack, damage, and unauthorised access to computer systems, networks, and sensitive user data.
Today, cybersecurity’s mission is not only about protecting computers to defend sensitive data while simultaneously ensuring resilience in response and recovery from cyberattacks. The ubiquitous nature of technology has extended cybersecurity to the cognitive space, defending individuals against malicious cyberattacks, mental harms, and manipulation. The rise in disinformation campaigns across a range of domains, from health to politics, has heightened the need for educated, agile and professional cybersecurity leaders.
While there is much hype about a metaverse of multiple emerging technologies[1] — it is too early to which are viable in the long term — there is no doubt these technologies will usher in the next level of interaction between humanity and technology. Gartner expects that by 2026, 25% of people will spend at least one hour a day in a metaverse for work, shopping, education, social media and/or entertainment. No doubt, this shift will lead to innovative opportunities and new business models. It will also see new opportunities for criminals, hostile governments, terrorists, and bad actors of all stripes. It is usually the bad actors who are quickest to put new technology to work, while existing organisations grapple with how best to adapt to such opportunities to pre-existing bureaucracies.
If we are to benefit, especially in western societies where propaganda has eroded faith in democratic institutions and bred distrust of experts, we need a new breed of cybersecurity leadership to defend against all forms of cyber threats — criminal, malicious and violent.
No single entity has all the answers. Enhanced collaboration is needed to connect cyber and technological expertise in the public, private and academic sectors.
Victor Zhora, vice president of the State Special Communications Service in Kyiv, credits sharing intelligence with reducing response time. He says, international collaboration, public and private partnerships, are crucial when it comes to cyber-attacks. He also warns another type of attack is just as harmful, that of marshalling public opinion, which has long been a weapon of war.
"Disinformation! (...) The Russians are attacking people's brains. Governments must help fight propaganda,” says Zhora.[2]
A new mindset is now ‘mission critical’ in developing new work methods, processes and product leveraging social technologies across different domains improve security, ease of use, and resilience.
Such a mindset is demonstrably different from the command and control structures still favoured by many organisations. The security domain needs Trusted Information Sharing Network (TISNs) to balance security demands and privacy requirements with the nature of the environment in which we are now operating, where, for many, social media has made sharing a norm.
Some TISNs have been formed by government bodies [3] and some law enforcement and intelligence agencies, such as INTERPOL also attempt to build public-private partnerships, all with varying degrees of success. There are, however, inherent weaknesses in government-led initiatives. For example:
· People wary of being seen as an extension of government intelligence agencies, many matters, while potentially offensive are not a crime, yet still attract police or intelligence interest.
· Government agencies are notorious for preferring to hoard information, rather than sharing, even within their own organisations, and prefer information flowing to them rather than engaging with authentic two-way traffic.
· There is also a tendency to want to build bureaucracies and approval processes to maintain power and control over what is essentially conversations between trusted partners operating with agreed upon norms.
Since much of the information is open-source intelligence (OSINT), there is no reason why a TISN could not be independent and many reasons why it should be, if it is to be lean, agile, and responsive to dynamic exchange based on engagement and transparency.
The key challenge for Digintel is developing norms to allow people to embrace and cultivate a spirit of collaboration based on open communications within the network. Essentially, a TISN should aspire to be a ‘Wikibusiness’[4] or ‘social business’, which Social Business Forum[5], defines as:
An organization that has put in place the strategies, technologies and processes to systematically engage all the individuals of its ecosystem (employees, customers, partners, suppliers) to maximize the co-created value.
A TISN based on a social business model, among other qualities, would:
· Break down walls between the inside and outside environments and adopt an ‘outside-in’ rather than ‘inside-out’ approach to innovation.
· Emphasise engagement and conversation — not communication — to make two-way flow possible.
· Exist to solely to maximise exchange values throughout its ecosystem.
· Behave like an organism which adapts to its environment and capable of iterative recalibration to current circumstances.
[1] https://www.gartner.com/en/articles/what-s-new-in-the-2022-gartner-hype-cycle-for-emerging-technologies (Accessed 23FEB2023)
[2] https://www.lemonde.fr/en/pixels/article/2023/02/22/the-war-in-ukraine-is-tipping-the-world-into-the-age-of-cyberattacks_6016816_13.html Accessed 23FEB2023
[3] https://www.cisc.gov.au/engagement/trusted-information-sharing-network
[4] https://www.amazon.co.uk/Wikinomics-Don-Tapscott/dp/184354637X/ref=sr_1_4?s=books&ie=UTF8&qid=1339945387&sr=1-4 (Accessed 23FEB2023)
[5] http://www.socialbusinessforum.com/what-is-social-business (Accessed 21FEB2023)