Cyber Defense: The Industry point of view Asgeir Myhre Managing director Teleplan Globe AS (Norway)
We're Only in it for the Money (Frank Zappa & Mothers of Invention 1967)
Defensive Protect our own business against Cyber espionage and Cyber crime -> to secure future earnings for the company
Offensive Sell products and services that can assist others in their Cyber Defense activities -> generate income for the company
How to monetize Cyber Defense
1.Join a law firm (The term «cyber warfare lawyer» returned 1,95 million hits on Google this morning)
How to monetize Cyber Defense 2. Start an Internet Service Provider (ISP) (ISPs are mentioned as key players in most of the 15 «National Strategies for Cyber Security» linked on the web-page of CCDCOE. Example from Australian strategy: “… recognises that ISPs, in particular, occupy a unique position at the gateway to Australians’ access to the Internet and therefore need to be a key partner in the Australian Government’s efforts to maximise the cyber security of all Australians”
How to monetize Cyber Defense 3. Become a world leading COTS software or hardware supplier
How to monetize Cyber Defense 4. Qualify for «the golden role» Become part of the «inner circle», governments’ clandestine professional network, to supply advice, products and bespoke solutions, a front runner in Cyber Defense.
«The Golden Role» “Very few organizations offer our holistic portfolio of cyber security products, support and managed services. None combine this breadth with our unique 50-year heritage of acting as strategic advisor to the UK Government at critical national security levels.” … our world-class intrusion and IT experts have invented a portfolio of intrusion products called FinFisher. The FinFisher product portfolio is solely offered to Law Enforce- ment and Intelligence Agencies. ….provides advanced technical surveillance and monitoring solutions and international consultancy to National and State Intelligence Departments and Law Enforcement Agencies.
Many nations have developed and published a cyber defense strategy The cooperation between government and industry is often highlighted: Canada: «We will collaborate with our private sector and academic partners to enhance information sharing activities.» Australia: «… facilitating access for industry representatives, including those working with critical systems…» United Kingdom: «This strategy outlines how we will cement a real and meaningful partnership between the Government and private sector in the fight against cyber attacks.»
France: «…the possibility of creating a cyber defense research center in collaboration with industrial partners is currently being examined. Industrial strengthening will be promoted using the various resources of the State, in particular through strategic investment funds (e.g. to invest in SMEs)» Czech Republic: «…highly desirable to network all initiatives, be they of the state or of commercial or academic sectors» Germany: «The public and the private sector must create an enhanced strategic and organizational basis for closer coordination based on intensified information sharing. … has set up a task force on IT security in industry».
The Netherlands: «The Government wants to consult with ICT vendors to seek ways of improving the security of hardware and software.» Poland: «The development of the information society in Poland requires co-ordinated efforts and the harmonious co- operation of the public and private sectors…». South Africa: «…foster cooperation and coordination between government, private sector and citizens».
In summary – 4 different roles Industry as a target for cyber attacks Industry as a supplier of commercial products and services for cyber defense Industry as a national resource, (somewhat vaguely defined) Industry in «the golden role»