Story image

Interview: BT on securing cooperation between government and industry

05 Dec 17

Rajiv Shah is the new Director of Government Cybersecurity for BT, Australia. Coming from BAE Systems, he has been tasked to grow the BT Security business across A/NZ.

“What attracted me to BT is the scope and capability of their security apparatus. BT runs international telecommunications networks, and protects those networks from attack in more than 180 different countries. In terms of observing the evolving threat landscape, and staying one step ahead, BT has an unprecedented amount of information and visibility. That ringside view, combined with our technical capabilities gives us the opportunity to make a substantial difference in the industry.”

BT is one of the world's largest telecommunications firms. In October, they announced a data-sharing agreement with INTERPOL to aid the combat of international cyber-crime — the first agreement of its kind. MitchelLake’s Robin Block sat down with Rajiv to understand how BT is partnering with the Australian Government, discuss their Australian R&D initiatives and gain insight into the future of the industry.   

What are BT’s ambitions in cybersecurity and Australia?

Rajiv: Collaboration and threat sharing, particularly between government and industry, is a major focus for BT — such as the information sharing agreement we just signed with INTERPOL. Our goal is to understand our customers, understand their challenges, and help them find solutions.

Whether our clients are government or commercial, our goal is to help them improve security. Cybersecurity is a journey — there is no destination where you can declare victory. It is key for any organisation to understand where they are on that journey to be able to correctly diagnose their problems. There is only ever a finite security budget, so we need to understand the likely targets and methods, and use that information to invest efficiently.

BT has recently announced the creation of an R&D cybersecurity centre here in Sydney — aiming to recruit 170+ people over the next few years. A significant attraction of that programme is that it gives people an opportunity to work in the commercial sphere and with government, delivering solutions and engaging in R&D.

Bringing together that range of people to work alongside each other, and providing opportunities for people to move between different parts of the company, not only encourages cross vertical innovation, it can be an attraction compared to working for an organisation that only makes one main product.

This will allow us to build our own talent pool in Australia, and is a great opportunity for both the company and Australian workers. ‘Great’ looks like BT being known in Australia as a key player in the security market and a supporting partner of the Australian Government.

What do you think of the Australian market — how does it compare to Europe and the US?

Rajiv: Australia is a smaller market than the US or UK. However, that means it can be easier to make an impact and cut through the noise. The publishing of the Government cybersecurity strategy last year was a big step. It laid out a blueprint for how government and industry can work together.

The new mandatory breach notification legislation is a significant change in the Australian regulatory market that will, at the very least, set a common standard to which everyone will be held. That will allow the people that need to know about a breach to gain that information without single companies putting their market value at risk by coming forward .

There is an educated and skilled talent pool here. Our Chief Engineer of Cybersecurity is based in Sydney. The experience I have had building teams in Australia is that is can be difficult to recruit — but, the people with the right skills are here, you simply have to go out and find them.  

What do you see as the main changes in cybersecurity — does market hype get in the way of development?

Rajiv: Hype always gets in the way, and there is a lot of noise in the marketplace. However, I am inclined to say that the industry is finally moving past ‘peak hype’. I see a lot of maturity in the conversations being had — people know how to ask the right questions. Effective cybersecurity is the key to enabling change and transformation in a business. I think that the days of security being the department of ‘no’ are gone — it is now about how.

Artificial intelligence and machine learning are the big changes taking place. It won't create something that can magically solve all security problems — but, there is a huge amount of data out there. If we can understand and analyse that data, it will be vital to preempting threats. If you look further afield, the massively disruptive technology on the horizon is quantum computing. Fundamentally, if people start to deliver on the proposed capabilities, it is going to disrupt the entire area of cryptography from both a threat and security standpoint.

There is always something of an arms race occurring in cybersecurity. I would never say anyone is moving fast enough. Pooling information allows for the aggregation of a big-picture and an understanding of broad vulnerabilities. I think BT is in a great position to help identify and respond to the developments that will continue to take place.  

Article by Robin Block.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.