What does Alexis de Tocqueville, a mid-nineteenth century historian and political scientist, have to do with the WannaCry ransomware outbreak last May and cyber-commerce?
Well, in 1831 Alexis was sent by the French Government to examine the American penal system. In a way that all managers will find familiar, the 26 year old spent nine months mainly travelling around and enjoying himself.
Unusually, however, on his return Alexis began writing, publishing two volumes of what would become known as ‘[On] Democracy in America’. His described the concept of ‘enlightened self-interest’, which he saw as a predictor of future American economic success. At heart, it means working together and assisting others because by doing so we help ourselves. Or as, with rather more elegance, Alexis put it “….an enlightened regard for themselves [Americans] constantly prompts them to assist one another….”.
It’s a concept which is very relevant to cyber-security and -commerce.
Many IT infrastructures make use of similar building blocks, and a successful attack on one company might very soon be replicated across many. This ‘domino theory’ analysis of cyber attacks can be clearly seen across a vast range of examples, perhaps most famously in last year’s WannaCry outbreak.
Likewise, a successful strategy for dealing with an attack can very soon be deployed elsewhere and, if the flow of information is quick enough, systems can be secured long before they are compromised.
If the flow of information is quick and accurate enough, the response can beat the contagion, helping to minimising the effects of the attack well before the harm spreads too far.
But it requires an infrastructure and a culture that facilitate that sharing.
In terms of cyber-security, the National Cyber Security Centre (‘NCSC’), working with trusted partners such as the British Retail Consortium, have stepped in to create that infrastructure. It is called the Cyber Information Sharing Partnership – known as ‘CiSP’. It provides its members with a platform to collaborate in a trusted, confidential, environment. CiSP members are experts drawn from leading-edge retailers and other businesses, academia and the UK’s critical national infrastructure. Part of the value is from learning across sectors.
Take up of CiSP has been strong, and there are now 4,000 visitors per month, a 43% increase in just over a year. The WannaCry outbreak is a great example of when CiSP came into its own: there were more than 23,000 visitors to the online platform, including 15,000 during the first weekend. CiSP was invaluable in providing up-to-the-minute mitigation advice and, as crucially, debunking false rumours.
There is clearly a case for looking at how that approach can move beyond cyber-security, enabling the UK’s technology and retailing ecosystems to better realise shared opportunities. Retail has scale, reach and many of the raw materials for making AI work, and is already innovating fast. Online sales are growing at a startling rate, making use of a much wider range of technologies, whilst traditional sales falter. UK technology firms can deploy cutting edge capabilities and draw on learning from across sectors to do things better and cheaper.
The work of tech UK and BRC on events like the ‘Cyber in the Digital Economy’ conference can help sustain a community of enlightened self-interest; the end result can only be good for both.
Crime and Security Adviser, British Retail Consortium