Last month, we held our second annual Responsible Cyber Power Forum at the Royal Society of Arts in London, bringing together key stakeholders from across the UK Cyber Power ecosystem for a day of networking, workshops and speaker sessions.
The theme of this year’s event was ‘partnering for operational impact’, highlighting how the entire ecosystem can work together in order to develop impactful strategies and approaches. Cyber Power is a topic that benefits from multi-stakeholder perspectives, and it’s only by collaborating and drawing on diversity of thought that we’ll be able to solve the various challenges facing us today.
We were joined by delegates from multiple UK government organisations – including the FCDO, DBT, NCSC, DSIT, MOD and the Home Office – along with representatives from several academic and industry partners.
From Cyber Diplomacy to Capacity Building
The day started with a refreshing and insightful talk from the FCDO about cyber diplomacy, covering the history of international cyber diplomacy – starting with the first cyber resolution presented to the UN in 1988 – all the way to the recent rise of technology diplomacy.
There was consensus that the UK should be fostering discussions around tech diplomacy in the same way as we’ve done for cyber diplomacy, with the two becoming increasingly interlinked. Emerging technology discussions provide an advance indication of future cyber issues, which are often about more than just the technical detail. Complexities include the current geopolitical context, the overlap between cyber security and information security, and the interdependencies with various sensitive issues such as free speech, human rights, and sovereign control.
We then heard from Mary Haigh, CISO at BAE Systems, about the role of industry in national cyber defence. She outlined the need for stakeholders to challenge each other to drive innovation, and the combination of hard and soft power that is required to project global power effectively.
At the core of her session was the importance of government-industry alignment. As a collective, we are custodians of some of the UK’s most important tools of power. That’s a big responsibility and one that requires partnership – whether involving multiple commercial partners, multiple nations, or a combination of both. Prioritising resources so that partnerships can flourish is vital, along with addressing several key considerations including data sharing, risk management and incident reporting.
Read more about the role of industry in supporting national cyber defence objectives in our blog here.
Next came a panel session on Cyber Capacity Building (CCB), featuring representatives from the FCDO, PGI, TAG International, and BAE Systems’ Nina Luckmann. The panellists discussed the importance of CCB for establishing alliances on the international stage and helping to build the type of world we want to live in, along with the role of developing shared norms and considering the values that CCB work signals alongside traditional hard and soft power components.
The group also tackled the diversity issuein cyber and how solving it is about addressing core technology and process biases rather than just bringing more women into the room. Finally, everyone agreed that demonstrating the long-term impact of CCB interventions is a real challenge, highlighting the need to uncover new avenues of data collection and build trusted relationships. Indeed, measuring value and outcomes is a common challenge across the defence and security domains.
Spotlight on Hunt Forward and Secure by Design
Our morning sessions were rounded off by our International Cybersecurity Lead Nick Beecroft, who analysed the benefits and challenges associated with the US ‘Hunt Forward’ operations and alternatives that could be adopted by nations that don’t have the resources and political power of the US.
He argued that the Hunt Forward model could be adapted for broader missions and more flexible delivery, with a focus on overseas threat investigation in pursuit of three key objectives: sharing threat intelligence, providing network assurance, and building diplomatic partnerships. Download our paper to learn more.
This was followed after lunch by a group exercise led by academic partners from Royal Holloway and Chatham House. The workshop involved rainbow teams analysing Responsible Cyber Power case studies for two fictitious countries and discussing the risks, opportunities, and potential approaches. This covered four themes: Cyber Capacity Building, Responsible Cyber Operations, Cyber Defence and Incident Response, and Hunt Forward Operations. There was plenty of lively discussion throughout the exercise and some insightful feedback delivered to the wider group.
Next came a panel discussion on the topic of Future Combat Air Systems (FCAS) as a study of Cyber Power. CISO Mary Haigh and Head of Security for FCAS Andy Fell, both of BAE Systems, were joined on stage by representatives from the MOD and NCSC for a fascinating conversation that largely focused on the importance of people and process.
In terms of people, the panel discussed how every individual across the ecosystem is part of the UK’s national defence cyber team, and that people are both the greatest strength and the greatest weakness when defending against cyber threats. But the process element drove the majority of the discussion within the context of Secure by Design. Specifically, the need to build cyber security into the heart of products and programmes rather than adding it in at the end. This is vital as defence systems and platforms are in a contested space from their inception, not from their operational implementation. In terms of FCAS specifically, despite the platform aiming to be in service by 2035, the cyber security battle is already underway to protect the development phase and subsequent ability to have an advantage into the future.
Secure by Design ensures that security is a core building block rather than an afterthought. After all, if we don’t get the cyber security element right, any system will be fundamentally undermined from the start. The key is to see security as an underpinning narrative, while making sure that it is balanced against other priorities. This highlights how Secure by Design is as much about mindset and behaviours as it is about technical development.
Next, we heard from DSIT about the key takeaways from the recent AI Safety Summit – a relevant topic for this forum given that ‘responsible behaviour’ has been one of the core themes across Cyber Power pursuits in 2023. Generative AI, for example, has been a high volume topic over the last 12 months, and the principle of Secure by Design is a vehicle to protect consumers’ privacy and the integrity of our decision-making. This also set the stage for our final panel examining the role of multilateral commitments and looking out to the future for UK cyber power.
Looking to 2024
I was proud to host an all-female panel for the event’s closing session, joined by senior representatives from the Cabinet Office, DSE and FCDO to discuss ‘A Strategic Outlook on UK Cyber Power’. The conversation covered several areas, starting with the evolving threat and implications of hacktivists and non-state actors acting on their own behalf but in support of state activity, before moving on to the need for government to develop playbooks for working with industry. The importance of this has been demonstrated in Ukraine over the last 18 months, particularly in terms of strengthening responses to crisis management.
We also discussed the effectiveness of multilateral agreements, and that efforts to tackle issues such as ransomware and the irresponsible proliferation of commercial hacking tools should be focused on breaking the business model. A contrast was drawn between preparation (long-term) and innovation (in the moment) in terms of technology focus – with industry able to support government in both areas. We finished by highlighting the need for the UK to demonstrate greater action and intent behind our initiatives, which continue to be world-leading in many areas.
This session was a positive discussion to round off an engaging and stimulating day. Thank you to all our speakers, moderators and attendees. We look forward to continuing these discussions throughout 2024 and maintaining our contribution across the UK’s Cyber Power ecosystem.
Visit our Responsible Cyber Power page to catch up on all the content created by our industry experts.