This week I’ve been looking at the news that NATO’s set to ratify a new cyber policy which first made public back in June. So far, so boring you might think.
Well, actually this one is pretty significant in that it seeks to extend Article 5 – the collective defence clause that if someone strikes at one NATO member they strike at them all – to the cyber world.
In doing so NATO is going further than individual governments in trying to establish international principles that a cyber attack can be considered the same as a traditional military strike.
However, the chances of the alliance actually invoking Article 5 are pretty slim – as KPMG cyber security partner Stephen Bonner told me it has only happened once before, after 9/11.
“The reality is that few cyber attacks are likely to be of sufficient scale and impact to justify invoking Article 5 – and they would not happen in isolation from a broader deterioration in international security. In other words, if there was a state attack then it would have a broader context,” he added.
“This announcement is primarily a rhetorical point which is possibly aimed at having a deterrent effect.”
That said, I think it’s still an important step.
Some might argue that the lack of clarity around what would be considered an act of cyber war kind of diminishes its value, but as McAfee director of cybersecurity, Jarno Limnéll, told me, this is the right thing to do tactically.
“I think this is wise policy, spelling out a clear threshold would encourage adversaries to calibrate their attacks to inflict just enough damage to avoid retaliation,” he argued.
Elsewhere, consultancy BAE Systems Applied Intelligence also welcomed the news.
“Cyber criminals do not respect national boundaries so protecting national interests will require increasing international cooperation,” a spokesperson told me by email.
“It is therefore encouraging to see the increasing priority which cyber is being given in NATO’s agenda. This complements multiple other initiatives nationally and internationally to address a growing security risk and help secure the systems we are increasingly reliant on.”
The new policy will not just concentrate on collective defence clause, of course, and BAE also welcomed the increasing focus on intelligence sharing between member countries and with the private sector.
Whatever the efficacy of NATO’s move, it once again underscores the increasing importance being attached to cyber channels by politicians and military leaders.
As Limnéll said, these are necessary steps given the relative immaturity of the industry.
“We have to remember that we are just living the dawn of the cyber warfare era and the ‘cyber warfare playbook’ is pretty empty,” he told me.
“Most of the destructive cyber tools being developed haven’t been actively deployed. Capabilities to do real damage via cyber attacks are a reality but fortunately there has not been the will to use these yet. However, that is one option, as a continuation of politics, for countries nowadays.”
I was in Singapore this week for a big Intel announcement, ably covered by my Reg colleague Timothy Prickett Morgan here. That left me with no news but a bit of wriggle room to consider the bigger picture: just where is Big Data headed, what’s the big deal with Hadoop and is Intel really a software company now?
Well, let’s take the last question first. Yup, Intel has been a software company for several years now actually. It was the $7.6bn acquisition of security giant McAfee which really sealed the deal though and its roadmap for taking security capabilities down to the OS and chip level is taking shape nicely. This week’s big news was that Intel is getting into the Hadoop game with its own distribution of the open source Big Data management framework.
It’s a smart move for Chipzilla, helping to drive extra revenue and boost take-up of its Xeon chips. According to global director of Enterprise Computing, Pat Buddenbaum, however, there was another reason for the move, namely “to instill confidence that Hadoop will remain open”.
“One of the concerns was that its primarily driven by start-ups with venture backed direction, which may fork from the 100 per cent standardised open source path,” he told me.
Intel as open source saviour? Well you can be sure that commercial interests were probably its primary motivator here, and it has no plans to make similar moves for other open source frameworks which may be at risk of forking.
So what about Big Data? Should you believe the hype? Well, although even Buddenbaum admitted it was a bit of a buzz word, the premise behind it is sound. It’s about organisations making sense of the vast quantity of data – be it internal or external, customer-related data – literally inundating their datacentres, in order to drive business growth and improve agility in realtime. Analysts I spoke to are in agreement that the Big Data trend is a positive one and Intel’s move will benefit the industry. Now it’s up to the OEMs, SIs, and ISVs to play their part and enable the democratisation of Big Data by pushing Hadoop down to the mass market via their products and services.
Don’t hold your breath though. The industry is at such a nascent stage that, according to Intel’s APAC Datacentre Products GM Jason Fedder, it’s not even clear which region if any is ahead of the curve. In the meantime the hype will continue as long as IT vendors (excluding Intel, of course) think they can flog some extra units on the back of this latest buzz word. But I’m pretty confident that in a few years’ time we won’t be talking about Big Data anymore – not because it will have fallen from favour but because it will be ubiquitous.