Story image

Interview: BT on securing cooperation between government and industry

05 Dec 2017

Rajiv Shah is the new Director of Government Cybersecurity for BT, Australia. Coming from BAE Systems, he has been tasked to grow the BT Security business across A/NZ.

“What attracted me to BT is the scope and capability of their security apparatus. BT runs international telecommunications networks, and protects those networks from attack in more than 180 different countries. In terms of observing the evolving threat landscape, and staying one step ahead, BT has an unprecedented amount of information and visibility. That ringside view, combined with our technical capabilities gives us the opportunity to make a substantial difference in the industry.”

BT is one of the world's largest telecommunications firms. In October, they announced a data-sharing agreement with INTERPOL to aid the combat of international cyber-crime — the first agreement of its kind. MitchelLake’s Robin Block sat down with Rajiv to understand how BT is partnering with the Australian Government, discuss their Australian R&D initiatives and gain insight into the future of the industry.   

What are BT’s ambitions in cybersecurity and Australia?

Rajiv: Collaboration and threat sharing, particularly between government and industry, is a major focus for BT — such as the information sharing agreement we just signed with INTERPOL. Our goal is to understand our customers, understand their challenges, and help them find solutions.

Whether our clients are government or commercial, our goal is to help them improve security. Cybersecurity is a journey — there is no destination where you can declare victory. It is key for any organisation to understand where they are on that journey to be able to correctly diagnose their problems. There is only ever a finite security budget, so we need to understand the likely targets and methods, and use that information to invest efficiently.

BT has recently announced the creation of an R&D cybersecurity centre here in Sydney — aiming to recruit 170+ people over the next few years. A significant attraction of that programme is that it gives people an opportunity to work in the commercial sphere and with government, delivering solutions and engaging in R&D.

Bringing together that range of people to work alongside each other, and providing opportunities for people to move between different parts of the company, not only encourages cross vertical innovation, it can be an attraction compared to working for an organisation that only makes one main product.

This will allow us to build our own talent pool in Australia, and is a great opportunity for both the company and Australian workers. ‘Great’ looks like BT being known in Australia as a key player in the security market and a supporting partner of the Australian Government.

What do you think of the Australian market — how does it compare to Europe and the US?

Rajiv: Australia is a smaller market than the US or UK. However, that means it can be easier to make an impact and cut through the noise. The publishing of the Government cybersecurity strategy last year was a big step. It laid out a blueprint for how government and industry can work together.

The new mandatory breach notification legislation is a significant change in the Australian regulatory market that will, at the very least, set a common standard to which everyone will be held. That will allow the people that need to know about a breach to gain that information without single companies putting their market value at risk by coming forward .

There is an educated and skilled talent pool here. Our Chief Engineer of Cybersecurity is based in Sydney. The experience I have had building teams in Australia is that is can be difficult to recruit — but, the people with the right skills are here, you simply have to go out and find them.  

What do you see as the main changes in cybersecurity — does market hype get in the way of development?

Rajiv: Hype always gets in the way, and there is a lot of noise in the marketplace. However, I am inclined to say that the industry is finally moving past ‘peak hype’. I see a lot of maturity in the conversations being had — people know how to ask the right questions. Effective cybersecurity is the key to enabling change and transformation in a business. I think that the days of security being the department of ‘no’ are gone — it is now about how.

Artificial intelligence and machine learning are the big changes taking place. It won't create something that can magically solve all security problems — but, there is a huge amount of data out there. If we can understand and analyse that data, it will be vital to preempting threats. If you look further afield, the massively disruptive technology on the horizon is quantum computing. Fundamentally, if people start to deliver on the proposed capabilities, it is going to disrupt the entire area of cryptography from both a threat and security standpoint.

There is always something of an arms race occurring in cybersecurity. I would never say anyone is moving fast enough. Pooling information allows for the aggregation of a big-picture and an understanding of broad vulnerabilities. I think BT is in a great position to help identify and respond to the developments that will continue to take place.  

Article by Robin Block.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.