ThreatQ: NIAS 2016 and beyond!
NIAS is NATO’s annual cyber security conference, which was held in Mons, Belgium over two days in September and brings together leading figures within security. Mid-managers, security specialists and directors, to product developers and front-line IT staff all converge to gain valuable knowledge and implement their security initiatives and share real-world experiences. Like last year, the learnings are vast and NIAS this year has addressed further innovations and trends in cyber security, as well as provided valuable business critical insight, best practice, and practical case studies.
NIAS 2016 focussed on four specific themes: Building resilience from inside; Moving from Information Assurance to Mission Assurance; Next generation cyber-security challenges and solutions; and Securely enabling the mobile user. The first day of the conference opened on the next steps for NATO’s cyber defence from political, operational and technological perspectives, whilst day two saw cyber leaders from the UK, US and France discuss their unique national perspective on cyber security.
As one of the speakers hosting a session at the event, I learnt a lot over the two days. Here are my six key takeaways:
- Partnerships are essential. Ambassador Sorin Ducaru, NATO Assistant Secretary General for Emerging Security Challenges started the conference with the quote “None of us alone is better equipped to fight cyber threats than all of us together” The building of resilience to combat everyday threats is more effective when developing partnerships and building knowledgeable think tanks.
- Communication is and will be a very important element. The challenges I heard from speakers and attendees and the technologies that are in the market right now require a lot of communication and collaboration across teams within security organisations. You need people, process, and technology that will work across traditional silos and allow each team to provide their perspective and apply their expertise toward the challenges and solutions that are needed.
- People power. Technology is progressing, automation is improving, machine-learning and “artificial intelligence” are becoming real capabilities: but at the end of the day, the need to train and motivate people to operate these technologies, make smart decisions, and make it all work. Make sure you have a pipeline for talent to support your organisational requirements that plans for three to five+ years out.
- The scope of the problem and complexity of solutions that cyber defenders face is immense and growing exponentially. From the number of vendors offering comprehensive or niche solutions to the adversaries we face to the skillsets of personnel we need to defend military and enterprise networks - the sheer volume of information, data, and choices is overwhelming.
- Agility is key. Our ability to adapt our technology, personnel, organisations, and processes to the threat landscape will define our success. Procurement processes that take 12 to 18 months to acquire capabilities to fight against new threats don’t support an agile model.
- Shift towards Cyber as its own identity. Militaries have traditionally been organised around sea (Navy), air (Air Force), and land (Army), with “Cyber” (both offence and defence) as a capability within each service. The monumental change in how wars are fought, defences of military and national infrastructures mean national security is consolidating this into a single military branch: Cyber. In the United States, U.S. Cyber Command operated in coordination between the army, navy and air force. Efficiencies can be found by consolidating cyber forces into a single military service by recruiting, training and equipping cyber forces together.