When it comes to software - is it Location, Location, Location?

#AwenAsks

We will be releasing 5 pairs of questions on LinkedIn about a whole variety of things including cyber security, software, industry 4.0 and much more. We are tagging it with #AwenAsks, or you can view the questions directly via our Awen Collective LinkedIn company page. This post talks about the 2nd pair of questions.

2nd Pair of #AwenAsks Questions - Geopolitical Cyber Security

The second pair of #AwenAsks questions was:

  1. Does the geographic origin of software matter to you?

  2. How much do you think politics plays a role in cyber security?

The purpose of asking these two questions was to begin an open discussion on the geopolitics of cyber security.

Quite often geopolitics plays a role in offensive cyber security - for example, we quite often hear about “state-sponsored cyber attacks.”

However, geopolitics also plays a role in understanding defensive cyber security - for example, it’s important to national security to understand exactly where data is flowing to and from, and what other nations could have access to sensitive information and networks. One example is the debate over whether certain technology providers should be providing technology for building public 5G connectivity, as the worry is that other nations could then use that technology as a medium for spying or perhaps even to cause damage.

Both questions received significantly more attention than our first pair of questions, and we suspect that this is because everyone has an opinion when it comes to politics!

What were the results?

Does the geographic origin of software matter to you?

76% said “Yes” 

5% said “No”

19% said “Maybe”

0% said “I don’t know”

We also had some comments such as one from Ryan who says “Absolutely it does - geographic location determines the regulatory environment in which the company resides, the risk of hostile government snooping, etc.”

Nicola Lumb from Prosys Computing also shares the sentiment: “From a business perspective it impacts the decision. If I was reviewing similar options and one was from the UK, Wales or even better, local, then that would be preferred, particularly when it comes to time differences and accessing support.”

We also had a comment directly to us, who wishes to remain anonymous - “I honestly lately have become suspicious of some software depending on its country of origin, in particular China and Russia. It seems that these countries’ software gets considerably more attention in the media when it comes to cybersecurity (and privacy in general). TikTok is an example that comes to mind.”

However, one recent comment was sent to us which said that many organisations already use software from nations which we (at least) suspect engage in state-sponsored cyber attacks, and so it may not be an issue when considering purchasing other technologies from that same nation.

How much do you think politics plays a role in cyber security?

76% said “Significantly”

18% said “A little”

0% said “None”

6% said “Don’t know / Maybe”

That’s quite a significant lean towards people believing that politics plays a role in cyber security.

We can tell you that these were actually different people that answered (i.e. it wasn’t the same 76% that answered “yes” in question 1 that answered “significantly” in question 2).

We certainly know that politics influences cyber security. Here in the UK the UK Government shaped the National Cyber Security Strategy of 2016-2021, and there is a new strategy in development for release in 2021. This strategy is politically driven, led by the political party in charge, although understandably shaped by:

  • Political cross-party interest/working groups

  • Public sector experience, such as from the MOD, GCHQ, DCMS and BEIS.

  • Private sector experience, largely through influencers such as the techUK and ADS trade associations.

Politics also makes a decision in large scale infrastructure projects, such as the on-again-off-again relationship that many western governments have with Huawei and its connection with China.

We also have regulation in place, in the UK and EU we have regulations such as GDPR and the NIS Directive, which are incredibly important for the privacy, safety and security of our communities but are ultimately driven by political decisions.

Our second question can also be flipped on its head - does cyber security play a role in the shape of politics? While the UK government has focused on securing and defending our networks and data with the GDPR and NIS regulations, it was recently confirmed that the UK has also invested in a new organisation, the National Cyber Force, whose purpose is to "counter threats from terrorists, criminals and hostile states" [quote from a BBC news article] through offensive cyber operations. The fact that this organisation has been made public shows that the UK believes that cyber security or lack of, poses a serious threat to the country. 

From a slightly different angle, it is known that states and malicious organisations have used technology and social media platforms to interfere with election or referendum results, or spread misinformation on the platforms, which is becoming a growing problem in politics. This is a very effective and divisive tactic used to divide a country politically. It uses a concept called the "filter bubble" [from The Filter Bubble: What The Internet Is Hiding From You - Eli Pariser 2011]. This is the concept that social media algorithms turn user interactions from posts into recommendations for other similar posts. And the more the user interacts with similar posts the more similar posts they see. That is why it is possible to reinforce misinformation, so that people believe it is fact. For example, recently with news that Coronavirus vaccines have been successful in trials and are now being rolled out, anti-vaccination misinformation has been seen spreading across social media. This has also been used to spread misinformation about political candidates in elections. 

These events demonstrate that cyber security and politics are interdependent, meaning that they can affect each other, politics plays a role in cyber security and vice versa. This is why it is extremely important to strengthen cyber security and privacy mechanisms.

Clarification & Summary

We should clarify that as a business, as Awen Collective, we do our best to take a neutral position, and leave it up to the authorities in various parts of government to discover exactly what is going on in the international geopolitical sphere. Public opinion seems to strongly indicate that geopolitics does play a role in cyber security, and the decisions that organisations make when purchasing software (whether that is knowingly or unknowingly).

At Awen Collective we made the decision very early on to be understanding over geopolitical sensitivities. We decided to create our software ourselves (rather than outsource it), and so we understand what every line of code does. This provides us with a very in-depth understanding on the security of our own software from a “white-box” perspective, and this should help us to build a good trust relationship with our partners and clients. Our development team live and work in the United Kingdom, and our prime office is in Wales. 

We do not only see ourselves as investing in local, but we position ourselves as being globally relevant. We participate in programmes which are Wales focused, UK focused, Europe focused and International focused. Plus, we give flexibility to our partners and clients to use our software in a geopolitically sensitive manner - if you want to run Profile or Dot in a region such as the EU or ASEAN then that is fine, if you want to have a version in running on a server in your country then we can arrange that too, if you want to lock a version down on a hardened system on-premise then we can work with you on that too.

If this sounds interesting to you, and would like to continue the conversation please do feel free to contact us.

This blog post was assembled by Awen Team Members: Daniel Lewis, Seren Corbett and James Sandrone.