John Colley
Governments must draw on the experience of information security professionals
The realisation among political leaders that a concerted international effort is needed to deal with the growing global threat landscape was evident at the 4th annual MEDays event in November. Attended by political and business leaders from the Mediterranean, African and Arab countries in Tangiers, Morocco, it was encouraging to find a panel focused on cyber threats included on an agenda that included climate change, economic decline and the Arab Spring.
On the panel, I was joined by experts in forensics, incident response, cyber warfare and cyber crime, representing European, Arab and south Mediterranean countries. While it resonated clearly that there is a need for international co-operation, there were few clear thoughts on how that co-operation can be facilitated. The discussion focused on the lack of international cyber law, and the poor compatibility and ineffectiveness of national laws.
There was little recognition of the effort that has already been made to establish internationally recognised skills, principles and practices in the professional and business world. Political leaders and policy makers now turning their attention to driving the cyber security agenda must build on this effort.
For over two decades, information security professionals have already had to transcend national boundaries to amass experience and knowledge that is wide and deep and which they are keen to share both for personal development and the benefit of society.
In Morocco, the panel and audience agreed that part of the requirement is to ensure enough people with the right skills are available to tackle the issues. Here the opportunity to draw on the profession as a resource is obvious. There is, for example, a real gap across the EMEA region, with most academic programmes targeting the lucrative working student with graduate MSc programmes. Public and professional effort can come together to encourage career interest and unearth instincts at an earlier stage.
Many countries are examining the capacity and competencies required for national security, but there is a risk of too much focus on national politics rather than a real understanding of what is required. They should be careful not to work in isolation.
The threat landscape requires the ability to communicate and operate across borders. International professional organisations that have harnessed the collective experience of subject matter experts, have put a great deal of effort into establishing the foundations for a common understanding of cyber security-related issues across the globe. Their experience must be called upon.
John Colley CISSP, managing director, (ISC)2
