In his keynote speech today at the Homeland & Border Security Conference 2009 in London, Martin Sutherland, Managing Director of Detica, the information intelligence specialist, calls on all those involved in homeland and border security to embrace innovation and re-use in the effort to maintain national security.

“There is a clear and present threat from those who threaten the safety of the public, the security of the state or who seek to commit serious and organised crime,” says Sutherland.  “This has resulted in a raft of new security measures which seek to protect us whilst attempting to do so in a proportionate manner.  The government’s recent release of its Cyber Security Strategy, launched last week during a visit by the Prime Minister Gordon Brown to Detica’s London office, highlights how cyberspace makes border protection even more challenging in the 21st century.  “Because cyberspace is essentially borderless,” says Sutherland, “the traditional concept of a physical border or boundary becomes increasingly difficult to define, control and protect.  The conventions of ‘national’ or ‘homeland’ security are fast eroding. 

This is a situation, according to Sutherland, that serious organised criminals are only too eager to exploit.  “As habitual ‘early adopters’ of new technology, they are quick to exploit the digital revolution for their own purposes.  What we now term ‘the new front line’ — the collision between the physical world and cyberspace — has created a new threat environment where ‘borderless’ terrorists and criminals, acting in a more agile and unpredictable manner, can threaten national security, corporate safety and individual well-being on a scale and with a reach that was simply not possible in the past.”

This increased complexity, combined with the economic imperative to “achieve more with less” means scarce resources must be targeted at the most significant threats — which themselves are very difficult to identify — and all in a proportionate manner.  Sutherland comments: “This is the classic ‘needle in the haystack’ problem, except we do not know what we are looking for until we find it — we effectively hunt for needles as they are being prepared for the haystack.  Fortunately there are now highly innovative and proven methods for achieving this task which have very strong potential for re-use across the security industry.”

The answer, according to Sutherland lies in digital footprints.  “As we go about our daily lives we leave behind digital footprints — but so too do terrorists and criminals when they plan and execute their crimes.  By looking for unusual patterns of behaviour in data and investigating them more fully we can find the criminals and thus turn their digital footprints against them.”  Central to Detica’s proposed solution is an approach called ‘network risk targeting’.  This means targeting, at a high level, the key entities involved in a criminal network rather than traditional risk-based targeting which works at a lower level of detail and takes no account of the network context.  According to Sutherland: “The beauty of network risk targeting is that investigators can quickly identify the source of the problem and tackle it there.  Rather than expending effort in tackling the peripheral, we can go straight to the heart of the network of activity.  This enables agencies to target scarce investigative resource more effectively and thus do more with less.”

Having applied these techniques in physical and physical/virtual threat environments, the next big challenge, according to Sutherland, is applying them in the purely virtual environment of cyberspace.  “In the virtual environment we are thinking of threats like cyber attacks, online identity theft and digital piracy.  But while technology, policy and intent are now emerging, no single agent is able to act in isolation.  In this scenario we need a response that is joined-up across government, the private sector and individuals.  The launch of the UK Cyber Security Strategy last week endorses the fact that we now need to turn our attention urgently to the virtual threat scenario.”

In his presentation today, Sutherland also addresses the issue of balancing security against privacy concerns. “Security in the modern world is a careful balance between liberty and proportionality.  Where investigations are directed in a more focussed way, using network risk targeting, it means that members of the public will not be investigated unnecessarily.  By identifying identify potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns.  It is our belief that re-using innovative approaches like this across the industry will help reduce the risk to the UK from international terrorism and organised crime and enable us all to go about our lives freely and with confidence.”

Further conference details can be found at: http://www.govnet.co.uk/security.