Cybersecurity and The United States - Global Leadership through Innovation by Dr IIesh Dattani, Assentian Limited
Posted on 23/06/2020
The blogs follow on from Cybersecurity Global Expert Missions and the outcomes will be presented and shared on our webinar in July.
We hope you can join us! Details are below.
Strengthening Cybersecurity Collaborations – Outcomes from missions to Singapore, Israel & USA, Online Webinar, 7 July 2020, 11am (UK time)
Between June 2018 and October 2019, three Global Expert Missions took place to Singapore, the USA and Israel to better understand their research and innovation landscapes and to establish potential opportunities for collaboration in the cyber security sector. This webinar will present the findings and insights from delegates and allow attendees to pose questions to a panel. It will provide a holistic and wide viewpoint of the capabilities identified during the Global Expert Missions and will showcase key opportunities for UK businesses who may be interested in international collaboration. We hope you can join us for this fantastic networking opportunity.
For more information and to register, click here.
Following the Expert Missions, Dr Ilesh Dattani discusses the contrasting UK and USA cyber security landscape:
In September 2019 Innovate UK lead a Global Expert Mission (GEM) on Cyber Security to the United States with a focus on the cluster of activity in the Washington DC Metropolitan area and the State of Maryland. The UK delegation met with representatives from Federal Government Agencies, Policy Makers, Investors and Academia to gain a better understanding of the cyber security activity in the country, seek out opportunities for collaboration with the UK and to identify what the UK could learn from the US in order to advance its own capabilities and market position.
The US, now for the first time since the 19th century, finds itself forced to aggressively defend its position as a world-leader in innovation. Countries like China can now afford to invest, develop long term transformational R&D Strategies and build partnerships and education programmes. This has meant that Asia and China specifically have led global growth in R&D year on year since 2003.
Along with the competition from these other countries, the US faces many internal barriers to innovation. For example, basic research and STEM education, continues to lag behind policymakers’ targets. A review of triadic patent applications, an indicator of mid-term innovation opportunities, shows that the US has already been passed by the European Union and Japan .
When considering the innovation traits, strategies and policies in the US in comparison to the UK, the following distinctions are noteworthy:
- Innovation is driven more by the private sector than government and, as such, is primarily addressed to meet its needs.
- There is no one single federal government department or agency that is in charge of innovation per se (all federal departments fund innovation to meet strategic goals). This is significantly different from the approach taken by the UK, where the majority of the innovation is funded via and managed by Innovate UK. The UK Research Councils and the National Science Foundation (NSF) in the US perform a similar role. The NSF has a focus on fundamental research, which they hope will have a transformational impact within the respective area in the future.
- There is a growing uneasiness/perception that others are commercialising fundamental research better than the US.
- Cyber security in the US has considerable effort and money targeted at it and there is considerable government investment for the long-term to keep improving the protection of critical national infrastructure and meeting the goals of national security.
- All federal agencies cite the importance of collaboration. However, cyber security at the federal level is fragmented and lacks any one coherent overarching strategy and policy. Numerous federal departments have a documented cyber security strategy that is updated at regular intervals with their own priorities and research and innovation agenda. There is some attempt at bringing all this together through an intra-agency working group and via the coordination from the OSTP, which also oversees the federal R&D implementation plan for cyber security published annually. It is unclear how effective this coordination has been from the meetings and dialogue held during this expert mission.
- R&D funded by the federal agencies is strategic and responsive to national security and infrastructure risks and challenges. This is not necessarily focused on the long-term. Driven by the need to tackle adversaries, the time horizon is always two years or less. Incremental innovation that allows them to “do things better than we have now…” is the main aim.
- The UK has tried to create cyber security centres (Cheltenham/South Wales, Herefordshire, LORCA) but the successful centres such as Maryland seem to develop more organically and have a very unique set of circumstances – namely a large federal customer (NSA), a very willing and organised state-level sponsor (Maryland Chamber of Commerce), a significant academic base (17 Academic Centres of Excellence in Maryland) and proximity to large urban areas for customers and finance (Washington DC and Baltimore).
- US public sector support tends to focus on rapid response, be it immediate or within 6 to 24 months. The creation of DreamPort is a perfect example of how the federal government has gone about delivering the necessary innovation and foresight for complex technical challenges rapidly in short strict timespans.
- DreamPort’s activity and approach demonstrates that efficiency and effectiveness can be gained through collaboration. DreamPort is all about collaboration and it is exactly that approach that appears to have served them so well in their aim to respond to the technical challenges with the best solution within the rigorous timeframes laid down.
However, the US and the UK cyber security communities share many common characteristics, as well as common priorities. The US and the UK suffer from the same workforce capability and capacity problems. There is a shortage of skilled people, against an ever-increasing demand. The US has adopted a number of approaches in order to try and overcome the challenges posed by this and to try and solve the problem. These include:
- Providing international students studying STEM subjects the opportunity to stay for two years after their studies, which would temporarily boost the available capabilities but is not a long-term solution. The UK has just recently proposed from April 2020 that international students would have the right to live and work similarly for two years.
- Lowering barriers to entry. This is demonstrated in some cases by a relaxation of the need for an undergraduate degree in computer science. Instead, the emphasis is on enthusiasm, aptitude and willingness to learn.
- Dedicated Cyber Apprenticeships aimed at solving the problem in the longer term. The UK has a similar programme which is showing some initial positive results.
- Automation through Artificial Intelligence (AI) and Machine Learning to remove the need for the same numbers of personnel with very specific technical skills.
Artificial Intelligence and Machine Learning
Both the UK and the US see AI and machine learning as critical enablers for better protection against the increasingly complex threats from increasingly complex interconnected systems. Companies such as Darktrace (UK) and Cylance (US) are just two examples of successful companies using AI and machine learning to provide solutions. As indicated before, it may also help to bring down the burden on the growing need for highly skilled expertise in cyber security to work at the operational end. However, it is important to note that the use of AI and machine learning also requires highly skilled personnel and the same shortage is manifested here as well. It is as yet unclear what strategic undertakings or public policy initiatives either country has declared in response. Initiatives undertaken by both provincial and the federal government in Canada in 2017 provide some indication of what can be done and what is necessary.
Like UK Research and Innovation, the NSF and the Defence Advanced Research Projects Agency (DARPA) both fund fundamental and long-term research. However, this is still strategic with the ambition of having a future transformational impact within the respective area. Pure curiosity driven work outside the remit of the strategic areas of interest appears to be harder to realise through the traditional funding routes.
The US does appear to have to date taken a more non-interventionist approach when it comes to the public funding of cyber security. There is a strong belief in the market and its dynamics and, as such, much public funding for cyber security innovation is provided within the context of Government procurement (e.g. via US Cyber Command). Market failures are not seen in the same way as they are in the UK. It is a widely held view that industry should be left, and are better placed, to resolve certain challenges be they technical or commercial.
A most compelling final observation is that the culture for innovation and entrepreneurship in the US remains strong and both the UK Government and British companies are viewed as attractive and desirable collaboration partners.
About Global Expert Missions
Innovate UK’s Global Missions Programme is one of its most important tools to support the UK’s Industrial Strategy’s ambition for the UK to be the international partner of choice for science and innovation. Global collaborations are crucial in meeting the Industrial Strategy’s Grand Challenges and will be further supported by the launch of a new International Research and Innovation Strategy. The Global Expert Missions, led by the Knowledge Transfer Network (KTN), play an important role in building strategic partnerships, providing deep insight into the opportunities for UK innovation and shaping future programmes.