The former NCSC chief executive talks of his involvement with the SANS Institute, his observations of the cyber threat landscape today and the importance of data sharing among the cybersecurity community
Ciaran Martin has been a well-respected figure in the cybersecurity world for many years. He was the founding chief executive of the UK’s highly influential and globally renowned National Cyber Security Centre (NCSC), established in 2016.
In January 2023, Martin started a new chapter in his career by joining the SANS Institute as director of its CISO Network and Summits EMEA.
Infosecurity Magazine spoke to Martin during the recent CyberThreat conference to discuss his new role, improving collaboration in the industry and how cyber-threats have evolved since he departed the NCSC in 2020.
Joining SANS Institute
Martin’s role at SANS involves leading the training body’s global CISO network. This network looks to bring together a community of security leaders from all types of industry to discuss ideas and attack trends that they are seeing. Martin highlighted two initial areas of focus for this network.
The first relates to the knock-on cyber threats to organizations in the UK and beyond as a result of the ongoing Russia-Ukraine conflict. Both the UK and US governments have warned organizations prepare for an extended period of elevated cyber-risk following the geopolitical fallout of the war. Therefore, Martin said it is vital that security teams find ways to adapt sustainably to this new threat landscape.
“Last year, the government were rightly warning us to be on high alert, but you can’t stay on high alert forever. So how do you adapt to a longer period of less intensive but still difficult threats?” he outlined.
The second big issue that security leaders need to help each other adapt to is maintaining strong cybersecurity practices in an economic downturn, according to Martin. He pointed out that we are currently in our first major economic crisis since the 2007-2008 banking crash, a time when cyber was a much less significant issue than it is today. As a result, many security teams are likely to see their budgets squeezed in an environment where “more people are seeing cybersecurity as important and there’s more regulation that you have to comply with whether you like it or not.”
Therefore, it is crucial for CISOs to understand how to operate in an economic environment many of whom will not have experienced before while working in the industry.
The interview with Martin was held during the CyberThreat conference in January 2023. Organized by SANS and the NCSC, the event is designed to bring together the UK and Europe’s cybersecurity community to facilitate information sharing and showcase industry best practices.
This goal is in line with the second part of Martin’s role at SANS, which is head of summits for the EMEA region. This is overseeing a series events hosted by practitioners from Europe and beyond, helping “build the capacity of cybersecurity professionals here and in friendly countries.”
A New Approach to Data Sharing
Over the years, Martin said he has found the cybersecurity industry’s approach to data sharing “patchy,” with major variations across sectors and geographies. He would like the industry to develop a similar approach to that of the financial services sector, noting that finance was one of the first to recognize the criticality of cybersecurity.
This was emphasized to Martin when he visited a major Wall Street bank shortly after the NCSC was formed, and discovered that the organization’s cybersecurity budget was twice that of the UK government’s at the time.
“You have a culture in US and UK financial services where they don’t really compete in security, and see the risk to the security of one as a risk to the lot. I think that’s a good way of doing it,” he said.
Unfortunately, this collaborative approach is often missing in other sectors, particularly where competition is rife. Martin highlighted his experiences in protecting the UK’s electoral process during the 2017 General Election, when the two major parties didn’t want to discuss the issue with each other directly, instead liaising only with the NCSC.
“Even though it was about technical stuff, the political parties were really wary of each other,” he explained.
In these situations, it is valuable to have an objective intermediary on hand who can help facilitate the conversations and build trust between the respective parties, he noted.
Martin also discussed the growing intervention of government in cybersecurity, and working closely with industry to understand where and how it needs to regulate. In some instances, the cyber sector has raised concerns about overregulation and its potential unforeseen impacts. However, if there is dialogue around the issue, the industry is more likely to be supportive of government interventions.
Martin highlighted the UK’s Product Security and Telecommunications Infrastructure (PSTI) legislation, signed into law in December 2022, as a good example of this.
“Here, industry was broadly supportive,” he noted. “They said ‘stop asking relevant organizations to implement these cybersecurity measures because it costs a lot of money – put it into the regulations.’”
Evolving Cyber Threat Landscape
During his career in government, Martin observed a more dangerous cyber-threat landscape evolve. Since leaving his post as head of the NCSC in 2020, the scale and sophistication of attacks has increased to a level nobody could have foreseen. This surge has been primarily driven by shift to hybrid working and increased internet usage during COVID-19, significantly expanding the attack surface, and more recently compounded by Russian cyber activity as a fallout from the war in Ukraine.
The growing importance of cybersecurity in keeping society functioning means it “has become a public good as well as something all organizations should do to protect themselves,” said Martin.
He also highlighted the growing boldness of cyber-criminals in this environment, who are “prepared to cause levels of disruption and chaos that nation-states would think twice about.” An example of this is the heavy targeting of healthcare systems with ransomware in the past few years, disrupting services and often putting patients’ lives in danger.
“Criminals have become out of control and reckless,” stated Martin, adding that while there has been encouraging law enforcement actions impacting ransomware groups’ operations in the past year, “they seem to be regrouping now.”
The other notable change in cyberspace observed by Martin is the deployment of cyber as part of military actions in a state-on-state conflict. He said the Russia-Ukraine war was the first time cyber-attacks have been used “to support murderous intent,” and now this threshold has been crossed, other nations must prepare for similar approaches in the event of future conflicts.
While early visions of Russia using cyber-attacks to take out critical national infrastructure, like electricity grids or railway networks, at will, seem to have been gross exaggerations, Russia’s continuous use of cyber activities have been a major additional pressure on Ukraine during the war.
“Just as there’s no magic button they can use against us, there’s no magic button we can press in cyberspace to stop these attacks,” noted Martin.