Have we moved to a war footing in cyberspace?
Last week, the UK Government brought together cyber leaders from around the world to Birmingham for its flagship annual cyber security conference – CYBERUK.
In NCC Group’s ninth consecutive year sponsoring the conference – this year as technical masterclass sponsors – here are our key takeaways:
Geopolitical issues are increasingly playing a role cyberspace
In the week that UK Prime Minister Rishi Sunak warned that “the next few years will be some of the most dangerous yet the most transformational our country has ever known,” CYBERUK was awash with discussion about what the changing threat and technological landscape means for the UK and its allies.
In a rare public speech, Director of GCHQ Anne Keast-Butler detailed the future threats she sees on the horizon – namely the continued evolution of ransomware, immediate state and non-state threats from Russia and Iran, and the longer-term, epoch-defining challenge from China. We heard from speakers on the fringes that, taken together, these threats are putting the UK and its allies on a war footing in cyberspace.
Anne also highlighted that technology and security are more tightly coupled than ever before, whether that’s advancements in AI generating new security risks and opportunities, quantum reshaping computing, or advanced telecoms opening up new threat vectors. Emerging technologies are presenting opportunities for cyber defenders and attackers alike to enhance their capabilities; it’s critical that defenders work quickly and cohesively to get on the front foot.
A united public-private front
Despite the evolving technology and threat landscape, there is reason to be optimistic.
While the importance of the public-private partnership is not a new concept to those gathered in Birmingham, many conveyed their hope that the challenges we face in cyberspace – particularly those emerging from the war in Ukraine – are bringing together allied nations, industry and government in an unprecedented way.
“Out-cooperating and out-innovating” our adversaries on key cyber challenges was front of mind for delegates. This includes in areas like tackling the proliferation of commercial spyware (e.g. through the Pall Mall process) and utilising AI to enhance defensive capabilities. Indeed, NCSC CEO Felicity Oswald told the conference that she’s positive the “net benefit of AI cyber security will far outstretch any adversary’s gain in their offensive capability.”
Fixing the ‘thousand band-aid’ approach to cyber security
Our recent Digital Dawn report found that governments around the world are shifting responsibility for cyber security away from end-users onto the providers of the technology, infrastructure and services we all rely on.
We saw this approach in action when UK Tech Minister Saqib Bhatti took to the CYBERUK stage to tell delegates that it is “unreasonable to expect people to be able to protect themselves against every threat” and that technology must be “developed with security built in from the start.” The Minister announced a new Code of Practice for software vendors and an AI Cyber Security Code of Practice – developed in conjunction with industry experts like NCC Group – that will help to ensure secure-by-design principles are embedded in software and AI from the outset.
NCSC’s CTO (and NCC Group alumni) Ollie Whitehouse used his keynote address to say that while companies globally know how to build secure technology, the market does not incentivise them to do so. Technical debt – highlighted during our CYBERUK panel on secure-by-design – remains a significant security challenge across the software supply chain.
With a view to moving away from a “thousand band-aid” approach to addressing this risk, Ollie called on providers to shift market incentives and design and build resilient, secure technologies. This came a week after US agency CISA secured pledges from nearly 70 software vendors to incorporate secure-by-design principles into their products.
See you in Manchester in 2025
So, that’s a wrap on CYBERUK for another year! We couldn’t be more excited for next year’s conference that is due to be hosted in NCC Group’s birthplace – Manchester, UK. In the meantime, we look forward to continuing to work closely with our clients and partners to put into practice the lessons we learned from last week’s gathering in Birmingham.
Watch out for a further reflections piece on our technical masterclass titled “Detecting & Investigating Threats in Cloud Environments.” Our global practice lead, Nigel Gibbons, will elaborate on why organisations need to adapt their incident response strategies and digital forensic approaches to effectively address the unique challenges posed by cloud environments.