Rob Dart­nall on why he uses con­ven­tional in­tel­li­gence tac­tics in a dig­i­tal world

Cy­ber se­cu­rity is a re­lent­less threat – CEO Rob Dart­nall ex­plains how a back­ground in mil­i­tary in­tel­li­gence helps his com­pany fight back

The Wharf - - This Week People - Go to se­cal­liance.com for more in­for­ma­tion. Jon Massey

It’s not the dark art ev­ery­one thinks it is. You can work with peo­ple who have been at­tacked to see how it hap­pened and take that to oth­ers Rob Dart­nall, Se­cu­rity Al­liance

For Se­cu­rity Al­liance CEO Rob Dart­nall the world be­hind the planet’s com­puter screens is a bat­tle­field. Based at Ca­nary Wharf tech ac­cel­er­a­tor Level39, the com­pany he runs is en­gaged in a con­stant strug­gle to an­tic­i­pate cy­ber at­tacks on its clients and pro­tect their pre­cious data and ser­vices.

But de­spite deal­ing with an in­tensely tech­ni­cal bliz­zard of hack­ers and mal­ware, the ap­proach Rob has taken since he joined the firm two years ago is rooted in dis­ci­plines much older than the in­ter­net.

“I’m one of those strange beasts within the cy­ber do­main that comes from a con­ven­tional mil­i­tary in­tel­li­gence back­ground,” he said.

“Cy­ber threat in­tel­li­gence is many things. It used to mostly be highly tech­ni­cal – like mal­ware anal­y­sis. Luck­ily it’s evolved into what it should be.

“In the con­ven­tional world we call it IPB – in­tel­li­gence prepa­ra­tion of the bat­tle­field. We’re try­ing to adapt that to a cy­ber en­vi­ron­ment.

“What is the en­emy do­ing? How are they do­ing it? What do we look like? How good are our de­fences? Where’s all our re­ally cool stuff we don’t want them to get?

“Then, how do we come to­gether in bat­tle? What does that look like and how do we pro­tect our­selves?

“As a mil­i­tary and as a coun­try it’s some­thing we’ve done for a very long time and we’re very good at it.

“Now we’re try­ing to do that for com­pa­nies and groups of peo­ple.”

Se­cu­rity Al­liance’s work means Rob and his team need to main­tain con­stant vig­i­lance as fresh threats emerge.

Rob said: “Pre­dom­i­nantly what we do across the world for gov­ern­ments, reg­u­la­tors and large con­glom­er­ates right now is threa­tled en­gage­ments.

“That’s a lot of who’s at­tack­ing what bank and what coun­try, how they’re do­ing it, why they’re do­ing it and what they’re go­ing to do next.

“It’s not the dark art ev­ery­one thinks it is. You can work with a lot of peo­ple who have been at­tacked, see how it hap­pened and take that to oth­ers.

“We can start get­ting ac­cess to hu­man sources that may be work­ing with some of these peo­ple. We can also gain ac­cess to the mal­ware, see how it works to un­der­stand its ob­jec­tives.

“I think the main dif­fer­ence with Se­cu­rity Al­liance is most of my guys come from an in­tel­li­gence back­ground so they use those method­olo­gies to re­ally run proper analy­ses rather than just go­ing, ‘Oh it was the Rus­sians’.

“We’d run com­pet­ing hy­pothe­ses just to check what we’re ac­tu­ally see­ing. Then we build that out, es­tab­lish what’s hap­pen­ing to some­body, then we go and test it on live bank­ing or gov­ern­ment sys­tems and make sure or­gan­i­sa­tions are re­silient to that par­tic­u­lar at­tack.”

That can be where the adren­a­line starts flow­ing, as testers at­tempt to hack po­ten­tial tar­gets.

“It can be a huge amount of fun, al­though a bit scary as well – some­times we work on fi­nan­cial or­gan­i­sa­tions that are work­ing on var­i­ous dif­fer­ent mar­kets with live bank­ing and stock sys­tems,” said Rob.

“They’re very pre­cious and, if we knock them out, hundreds of millions could be lost in a day. It’s a bit hair rais­ing at times. You have to be very care­ful.

“The ques­tion is how good are firms at de­tect­ing this stuff? How good are they at re­spond­ing to it?

“We take all our re­sults and build strate­gies to fend off these threats.”

With a global client base in­clud­ing busi­ness in Hong Kong, Ja­pan, India, the US and Europe, there’s clearly a grow­ing ap­petite for Se­cu­rity Al­liance’s ser­vices as it pre­pares to open an­other of­fice in Am­s­ter­dam.

Part of that growth, how­ever, is the UK’s pre­em­i­nent po­si­tion in the field, ac­cord­ing to Rob.

He said: “The UK is more ma­ture than the rest of the world and we have some of the best cy­ber threat in­tel­li­gence and pen­e­tra­tion testers in the world work­ing out of Lon­don.

“Let’s be straight about this, the or­gan­i­sa­tions we work with in India, Hong Kong and Ja­pan, for ex­am­ple, would much rather be us­ing lo­cal re­sources than pay­ing for my busi­ness class flights.

“But there is no re­source. They know they need to bring the best in. We’ve been do­ing this work for longer than any­one else and we’ve got such a good frame­work to work from that gets re­ally solid re­sults.

“The fact we do more work in­ter­na­tion­ally than we do in the UK re­ally proves just how good the ca­pa­bil­ity is.

“That’s true of even coun­tries like the US – you’d ex­pect them to be far ahead but they’re re­ally not.

“We’re also one of those or­gan­i­sa­tions that says we do it, and we go off and get cer­ti­fied and reg­u­lated.”

As for the threats them­selves, with the world be­com­ing ever more dig­i­tal, they’re ev­ery­where.

Rob said: “Peo­ple have seen how to do it – es­pe­cially within cy­ber.

“It’s be­come so com­modi­tised, you can buy so many hack­ing ser­vices, rent hack­ers for hire or buy mal­ware.

“Within a few months of do­ing on­line train­ing you can learn to do a lot of that stuff your­self.

“The pic­ture is like a pyra­mid. There’s a mas­sive amount of not very good peo­ple. That’s why we’re try­ing to bring the bar up.

“If we can get the gen­eral pop­u­la­tion and the small busi­nesses just over the threat posed by those guys, then we can start fo­cussing on the re­ally nasty peo­ple and the na­tion state-level stuff. It’s re­ally the or­gan­ised crime groups that are the pain for us.

“Some of them have al­most the same ca­pa­bil­ity as na­tion states. There is a sep­a­ra­tion but we’re talk­ing hundreds of millions of dollars, bil­lions even.

“When the na­tion state you op­er­ate in turns a blind eye and al­lows cer­tain things to hap­pen or doesn’t have the ca­pa­bil­ity to de­tect what you’re do­ing or the le­gal sys­tem to do any­thing about it, it’s only go­ing to leave coun­tries like our own and peo­ple ex­posed.

“It’s not an easy prob­lem to deal with.”

De­spite the pres­sures of Brexit, an eas­ier de­ci­sion for Rob is where to base his busi­ness.

He said: “I was look­ing to move the of­fice when I first came to the com­pany two years ago – I didn’t think it was right to be here. So I went to a lot of these kinds of places and none of them have what this place has.

“I’m not talk­ing about the lo­ca­tion but the way peo­ple com­mu­ni­cate, the en­ergy within the teams and the work Ca­nary Wharf Group does with mar­ket­ing and pub­lic­ity and the peo­ple they bring in – none of the oth­ers do that.Level39 is su­perb.”

Se­cu­rity Al­liance CEO Rob Dart­nall

Rob says some or­gan­ised crime groups have na­tion state-level hack­ing ca­pa­bil­i­ties

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.