MONITOR
NEWS
C
ybersecurity is fashionable but is only one side
of the coin. The other is cyber opportunity.
The objective of the WCIT Security Panel is: to promote
“the City of London” (and the UK Financial Services
sector which it supports and promotes) as “the best place
to go on-line”: not only the safest and most secure, but
also the best at taking remedial action when things do go
wrong”. The means is “to position the Security Panel and
others with which it collaborates as a global hub for
leadership and co-operation in taking action against abuse
rather than focussing on mere awareness, prevention and
protection.”
Each of our meetings is focussed on bringing players
together to turn a common problem into a shared
opportunity and action, which those round the table can
implement. An example is the exercise to work with the
City Values Forum and others to help turn the current
crisis of confidence in the on-line world into an
opportunity for the heirs, of a thousand years’ experience
of organising transactions between those who have never
met, to inform those who believe the Internet is a brave
new world.
From the tally sticks of the Vikings (linking London’s 8 th
century traders with Moscow and the Levant), through
the coded messages of the Knights Templar (from the
Orkneys to Jerusalem and beyond) and through two
centuries of telegraphy (first visual, then electronic) to the
current convergence of digital voice (data and image), the
same core disciplines remain at the heart of security and
trust in global trading networks: a cycle of people,
process and technology.
Balancing Risk and
Reward in the
Cyber-World
The Role of the Information
Security Panel
Contributed by Philip Virgo,
WCIT Liveryman,
Chairman of the Information
Security Panel
The controversies unleashed by Edward Snowden remind
us of the three core security messages:
? People are the biggest risk: culture, discipline and
probity are as important as competence.
? Big data is insecure data: the wider the access, the
greater the risk of abuse.
? You cannot outsource risk: Snowden was a contractor
vetted by another contractor.
Of course we need technology to help us have confidence
that:
? the people we are dealing with are who we think they
are (and are not under duress).
? the agreement between us is what we think it is.
? the agreed goods have arrived and the agreed
payment has been made and received.
But, the technology is in support of people processes and
we also need confidence in the provenance, security and
resilience of the technology and that of the people who
create, maintain and operate it.
Meanwhile cyber is fashionable and every Government
Department, Agency or Regulator must have an initiative.
We spend £billions on technologies and processes which
are bypassed with insider help if the reward (to criminals,
competitors or nation states) is worth the effort. The
spend on co-operating with law enforcement to track and
trace common predators, using civil law (tort and
Page 4