Rob Dartnall on why he uses conventional intelligence tactics in a digital world
Cyber security is a relentless threat – CEO Rob Dartnall explains how a background in military intelligence helps his company fight back
It’s not the dark art everyone thinks it is. You can work with people who have been attacked to see how it happened and take that to others Rob Dartnall, Security Alliance
For Security Alliance CEO Rob Dartnall the world behind the planet’s computer screens is a battlefield. Based at Canary Wharf tech accelerator Level39, the company he runs is engaged in a constant struggle to anticipate cyber attacks on its clients and protect their precious data and services.
But despite dealing with an intensely technical blizzard of hackers and malware, the approach Rob has taken since he joined the firm two years ago is rooted in disciplines much older than the internet.
“I’m one of those strange beasts within the cyber domain that comes from a conventional military intelligence background,” he said.
“Cyber threat intelligence is many things. It used to mostly be highly technical – like malware analysis. Luckily it’s evolved into what it should be.
“In the conventional world we call it IPB – intelligence preparation of the battlefield. We’re trying to adapt that to a cyber environment.
“What is the enemy doing? How are they doing it? What do we look like? How good are our defences? Where’s all our really cool stuff we don’t want them to get?
“Then, how do we come together in battle? What does that look like and how do we protect ourselves?
“As a military and as a country it’s something we’ve done for a very long time and we’re very good at it.
“Now we’re trying to do that for companies and groups of people.”
Security Alliance’s work means Rob and his team need to maintain constant vigilance as fresh threats emerge.
Rob said: “Predominantly what we do across the world for governments, regulators and large conglomerates right now is threatled engagements.
“That’s a lot of who’s attacking what bank and what country, how they’re doing it, why they’re doing it and what they’re going to do next.
“It’s not the dark art everyone thinks it is. You can work with a lot of people who have been attacked, see how it happened and take that to others.
“We can start getting access to human sources that may be working with some of these people. We can also gain access to the malware, see how it works to understand its objectives.
“I think the main difference with Security Alliance is most of my guys come from an intelligence background so they use those methodologies to really run proper analyses rather than just going, ‘Oh it was the Russians’.
“We’d run competing hypotheses just to check what we’re actually seeing. Then we build that out, establish what’s happening to somebody, then we go and test it on live banking or government systems and make sure organisations are resilient to that particular attack.”
That can be where the adrenaline starts flowing, as testers attempt to hack potential targets.
“It can be a huge amount of fun, although a bit scary as well – sometimes we work on financial organisations that are working on various different markets with live banking and stock systems,” said Rob.
“They’re very precious and, if we knock them out, hundreds of millions could be lost in a day. It’s a bit hair raising at times. You have to be very careful.
“The question is how good are firms at detecting this stuff? How good are they at responding to it?
“We take all our results and build strategies to fend off these threats.”
With a global client base including business in Hong Kong, Japan, India, the US and Europe, there’s clearly a growing appetite for Security Alliance’s services as it prepares to open another office in Amsterdam.
Part of that growth, however, is the UK’s preeminent position in the field, according to Rob.
He said: “The UK is more mature than the rest of the world and we have some of the best cyber threat intelligence and penetration testers in the world working out of London.
“Let’s be straight about this, the organisations we work with in India, Hong Kong and Japan, for example, would much rather be using local resources than paying for my business class flights.
“But there is no resource. They know they need to bring the best in. We’ve been doing this work for longer than anyone else and we’ve got such a good framework to work from that gets really solid results.
“The fact we do more work internationally than we do in the UK really proves just how good the capability is.
“That’s true of even countries like the US – you’d expect them to be far ahead but they’re really not.
“We’re also one of those organisations that says we do it, and we go off and get certified and regulated.”
As for the threats themselves, with the world becoming ever more digital, they’re everywhere.
Rob said: “People have seen how to do it – especially within cyber.
“It’s become so commoditised, you can buy so many hacking services, rent hackers for hire or buy malware.
“Within a few months of doing online training you can learn to do a lot of that stuff yourself.
“The picture is like a pyramid. There’s a massive amount of not very good people. That’s why we’re trying to bring the bar up.
“If we can get the general population and the small businesses just over the threat posed by those guys, then we can start focussing on the really nasty people and the nation state-level stuff. It’s really the organised crime groups that are the pain for us.
“Some of them have almost the same capability as nation states. There is a separation but we’re talking hundreds of millions of dollars, billions even.
“When the nation state you operate in turns a blind eye and allows certain things to happen or doesn’t have the capability to detect what you’re doing or the legal system to do anything about it, it’s only going to leave countries like our own and people exposed.
“It’s not an easy problem to deal with.”
Despite the pressures of Brexit, an easier decision for Rob is where to base his business.
He said: “I was looking to move the office when I first came to the company two years ago – I didn’t think it was right to be here. So I went to a lot of these kinds of places and none of them have what this place has.
“I’m not talking about the location but the way people communicate, the energy within the teams and the work Canary Wharf Group does with marketing and publicity and the people they bring in – none of the others do that.Level39 is superb.”
Security Alliance CEO Rob Dartnall
Rob says some organised crime groups have nation state-level hacking capabilities