Brigadier Alan Hill is head of Operate and Defend, Information Systems and Services for the UK Ministry of Defence. He was previously the Army's head of Information Superiority with CIO responsibilities for the military branch. He was commanding officer of the 3rd Division Signal Regiment and the commander of the 11th Signal Brigade. It’s fair to say that when it comes to running a tight IT ship, Brigadier Hill knows a thing or two.
There were many parallels between military cybersecurity and the private sector, said Brigadier Hill, speaking to a capacity crowd at Interop London.
“Cyberdefence in the UK is surprisingly similar to what you face on a daily basis in your industry,” he said. “Defensive capabilities are often the same. It’s essential we preserve our freedom to operate despite cyberthreats. That applies to the commercial world, just as it does in the military.”
“Our response to threats will be equally familiar to you,” the Brigadier continued. “We plan, we train, we exercise, and we operate in a way that integrates our cyberactivities with our physical activities.”
While the head of operate and defend was able to draw many parallels, he also stressed that there were a significant number of differences, primarily those around the breadth and depth of his operations. For example, units in the battlefield don’t have 4G or Wi-Fi – and must create networks in real time.
“The challenges in the deployed space are really quite considerable compared to the commercial fixed area,” he said.
Another significant difference is in the area of data sensitivity. Most private organisations consider data to be either sensitive or non-sensitive, but in the military, there are varying levels of sensitivity, the Brigadier explained: Internet level, official, secret, top secret, and coalition secret.
The Brigadier candidly admitted that it was impossible to protect all of cyber all of the time.
“It’s perhaps notable that defensive measures will never be the complete answer, especially when looking at the attackers, who are criminals, foreign intelligence services, and other malicious actors,” he said. “Accepting that you are not going to stop everything, all of the time, and planning recovery operations is absolutely paramount. “
Another commonality that will resonate with IT leaders was the need to remain agile when the wider “business” was, perhaps, a little more cumbersome.
“We need to take innovative approaches,” the Brigadier said. “When you are buying something like a battleship, that might be a 20-year process – it’s really complicated business. I wonder if there is anyone here that would like to sell me cyberservices, which will be valid in 20 years, or even two years? Our ability to buy services, to move, to respond is vital.”
Recruiting and retaining the right talent was another parallel. “We’ve got to get the right people, with the aptitude, and we have to provide appropriate career paths to keep them here.”
The Brigadier concluded that the Ministry of Defence faces the same challenges as other private and public sector organisations.
“Our ability to respond to changing threats is vital if we are to stay ahead of the game. The threats are continually changing in scope and complexity, and so we constantly view and adjust our measures and adopt new approaches to deal with more sophisticated threats.”Sean McGrath is a freelance IT writer, researcher, and journalist. He has written for PC Pro, the BBC, and TechWeekEurope, and has produced content for a range of private organizations. Although he holds a first class degree in investigative journalism, his dreams of being a ... View Full Bio