Digital technology is transforming our world. Miniaturisation and instrumentation, automation and machine learning, the collection and analysis of massive amounts of data are changing every aspect of our lives. The impact on our economy has long been recognised.
The impact on social and political discourse has become more apparent over the last year or two. And we can see big changes coming in the physical world, particularly in sectors such as transport and healthcare. All this is undoing assumptions that have been the basis for our security thinking for decades.
How people think about security
Security has worked on a clear division of responsibility that is best understood in physical terms. As organisations and individuals, we protect our property using risk management (often informally). We decide how much to spend based on the value of assets and the threat we perceive where they are sited. When criminals break through these protections, we seek help from law enforcement.
This is the world that most people live in and understand. But there is another world, that of national security. We expect governments to maintain the intelligence and surveillance capability to know what is going on in the world and the military capability to deter or deal with aggression.
We rely on physical distance to keep these two worlds apart and on governments to manage global threats. Individuals and businesses have concentrated on local protection and this thinking persists in much cyber security.
Now the increasing prevalence of digital technology is making physical distance irrelevant. Security still relies on protection, enforcement, intelligence and military domains. But the barriers are dissolving and the domains increasingly overlap.
Implications for businesses and government
This has three implications. Firstly, it changes the division of responsibility between businesses and government. There is increasing willingness by government to undertake protection activities where they can do this most effectively by working on core infrastructure.
Conversely, financial services organisations and e-commerce businesses are sometimes better placed than police forces to help the victims of online fraud. And major security companies can use digital technology to provide significant intelligence, often identifying developments in the activity of criminal groups and nation states.
Secondly, we need a way to defend global business networks and technology platforms that does not trip over the national focus of government agencies. Major efforts are improving international collaboration, especially in law enforcement, but government fundamentally works at right angles to much of the digital world.
And finally, businesses can no longer rely on distance and governments to insulate them from international risk. We need active business defence that uses intelligence to focus on specific risks, engineers organisations to be robust and is operationally ready to identify and deal with attacks. This way, we can ensure we are defending our organisations effectively in the changing digital world.
Related stories
Showing 340 results