The International Cyber Policy Centre of the Australian Strategic Policy Institute’s (ASPI-ICPC) released its inaugural “Cyber Maturity in the Asia-Pacific Region 2014” report. Like all such endeavours it has its warts, but it should be congratulated for tackling a significant challenge. The report is a mix of quantitative and qualitative approaches and tries to devise simple metrics for a complex issue. It’s a great start that can only get better, and in light of that here are my few comments (mostly on methodology).
Keir Giles’ wrote a good paper that you really should read on the Russian view of the information warfare/operations (cyber warfare) legality. This is a fairly neglected aspect of information warfare studies and is completely ignored by cyber warfare experts in the West, who consider the Western view to be the sole view. It is because they are largely WEIRD. The West is largely in introspection around diversity, where diversity now means that everyone has the same values, shares same culture and is working towards the same goals in the similar fashion.
Spurred by Justine Aitel’s talk at SOURCE Boston where she supposedly (not being there is a bit hard to confirm that) said that IT risk and/or security industry need to use the term “cyber” in order to reach the business audience more effectively. "Who hates the word cyber? You're all wrong! ;) It's an opportunity to talk to the outside world." - @justineaitel #srcbos — Joshua Corman (@joshcorman) April 8, 2014 Yes, security has a problem communicating. No, it is not what you think it is.
Cyber is hot property nowadays. There’s not a “thought leader”, an organisation, a think tank, an industry body, government body, and the list goes on and on and on. There’s only one slight problem: no one agrees what ‘cyber’ actually means and what is and isn’t cyber. Every time I do risk related work I try to make sure everyone uses the same terms to mean the same thing, to reduce the risk of misunderstanding. It is such a simple and obvious step that most people forget about it.
OK, so the title may be a bit insensitive. A bit. But only until you read, yet again, what some of the best and brightest military minds have to say about cyber security: In the early 1980s cyber fiction film, “War Games,” a young hacker played by Matthew Broderick almost managed to start World War III when he accidentally nearly launched nuclear strikes against the Soviet Union. It seemed unlikely in those relatively primitive days before the widespread use of the Internet, but it foreshadowed the emerging era of the profound intersection of national security and the cyber world.
The other existential threat is cyber. The challenge for me and many other leaders is to really understand it. No longer can we delegate this to some part of our organization. Leaders have to understand it because leaders make decisions about investment, about policies and regulations. Management and Career - Interview with ex-Chairman of Joint Chiefs of Staff, Admiral Mike Mullen