Disruptive technology in national security – the right kind of risk

Cyber Security SME, BAE Systems Applied Intelligence Read time: 3 mins
Is national security really the right place for technological innovation and disruption? Actually, yes, suggests Miriam Howe. We’ve just got to tread carefully…
Disruptive technology in national security – the right kind of risk image Towards the end of last year I attended a round table at RUSI to debate the tricky business of technology innovation in the context of national security: the concerns and challenges, and the opportunities for UK national security.
The discussion was led by a Venture Capitalist (VC) who specialises in innovation and small businesses in technology (in fact a co-founder of CyLon), and was considering how VCs and technology innovation could better benefit national security. Being located in London, we took a UK-centric position; naturally the tech industry, VCs and their relationships with national security vary between countries.

Looking beyond the tried and tested 

We talked about some of the disruptive technologies – machine learning, quantum computing and so on – that are contributing to this continued evolution of technology influencing our world and where they originate. 
Small and Medium Enterprises (SMEs), for example, are a crucial provider of technology innovation, taking risks, chasing rapid progress and working flexibly to achieve it. SMEs are therefore characteristically disruptive and agile. Government departments, however, are much more inclined to procure from known, well-established corporates, and both the government buyers and their suppliers stick to defined requirements and solution approach, which appear the low risk option. 
VCs, on the other hand, are in the role of ‘buying risk’; they expect to lose half of their investment, but balance the loss with a handful of investments that deliver disproportionate returns.
Hackathons and accelerators represent a similar investment of time and effort – there is no defined product or target, but an environment for creating and producing some potentially great Intellectual Property (IP).  
We recognise a need to break down the barrier which exists between national security organisations and the tech industry – especially SMEs. After all, how will industry come up with innovative solutions to problems that they don’t know exist?
The good news is there are some initiatives already underway. As well as government sponsored accelerators, there are funds such as those curated by the Defence and Security Accelerator, and the National Security Strategic Investment Fund has defined technology areas it wants to address.

Maturity matters

Speaking as someone with a long background in information and cybersecurity, I believe we should be able to learn lessons from the way that cybersecurity has matured in the UK. We started with a centralised government policy and set of rules, and with centralised control, coupled with a fear of any security breach – which drove an aversion to risk. 
But with maturity over the last two decades, and the need to expand the remit of cybersecurity in line with the ever-growing digital footprint, we have learned to be more proportional and pragmatic, which better enables risks to be taken to allow for other benefits – such as innovation.
Similarly, we may decide that we want to enable tech innovators to be thinking about the national security implications of what they are developing (and how they are working). This shouldn’t be impossible for them. In the same way as cybersecurity gets so much more press coverage than it did 20 years ago, we should be able to raise self-awareness of unintended outcomes, 'helped' by the scare stories that emerge in the media. Facebook’s language algorithm that became unintelligible to humans or the Black Mirror fictional series on digital dystopia are just two examples.
Part of our cybersecurity maturity is about equipping and enabling companies to measure and apply their own checks and balances. Similarly, perhaps the concern about tech innovators placing national security interests at risk through not appreciating the implications of what they are developing is addressed through championing ethics and best practices such as change control, test and assurance for innovative technologies – so we foster sufficient visibility to be comfortable, but without automatically restricting the possibilities.

Risk to reward

So perhaps the key questions should be how much do those who work in and around government want to try and control, rather than enable, the way that technology evolves? And how should technical innovation and risk be introduced into tightly controlled business domains such as national security?  
We can learn from the evolution of cybersecurity that the road to a mature industry may entail setting frameworks rather than rules, as well as raising awareness of unintended outcomes. 
And finally, taking pragmatic decisions about what type of assurance and change control will be proportional to this industry sub-sector, both enabling innovation as well as protecting our most critical assets, will open the door towards a secure, yet ground-breaking, future.

Learn about opportunities for Women in Cybersecurity at BAE Systems:

Women in Cyber Security (WiCS)

Women in Cyber Security

Working to support, develop and network with talented women in the cyber security industry. Here at Applied Intelligence, we are committed to helping our staff grow, develop and excel within the cyber security industry. We are also committed to improving the proportion of females within the wider industry.
Find out more
About the author  
Miriam Howe is a Cyber Security Consultant at BAE Systems Applied Intelligence

Miriam Howe Cyber Security SME, BAE Systems Applied Intelligence 22 January 2020