By: Amit Sheniak
Cyber security is an issue of great importance for governments worldwide. This is reflected in increased budgets for cyber defence: According to World Bank estimates, by 2030 a total of 0.5 percentage of the world GDP will be used on cyber security. This change is driven by increasing digitalization (billions of devices connected by the Internet of Things, autonomous cars, crypto-currency, etc.) that not only improves lives, but also increases vulnerability to cyberattacks e.g. on infra-structure, banks, hospitals, factories, and homes. Today’s estimates of the damage caused by cyberattacks are around $3 trillion annually but by 2021 they will have risen to over $6 trillion. To that end, effective cyber security is about protecting our everyday lives in an increasingly digital world.
The low (and dropping) price of cyber weapons (such as computerized espionage, surveillance and Information warfare tools), as well as the need for more rapid security responses, has led governments to the conclusion that the ability to control and defend cyberspace, demands enhanced collaboration between the government and private actors such as universities, entrepreneurs, large corporations, and risk capital. Indeed traditional approaches to achieving strategic security advantage by government agencies, military industries and intelligence communities is too slow and cumbersome.
We refer to new more multi-stakeholder approaches as the establishment of an innovation ecosystem approach in cyber security. Examples of this new approach include CyberSpark - a joint venture between Israel’s National Cyber Directorate (INCD) in the Prime Minister’s Office, Beer Sheva Municipality, Ben Gurion University of the Negev, and leading local and international companies in the cyber security and software industry. Another can be found in the Strategic Research and Innovation Agenda of the European Cyber Security Organization (ECS) which is an industry-led contractual counterpart to the European Commission for the implementation of Public-Private Partnerships in Cyber Security. We also see national defense agencies engaging more deeply in existing regional innovation ecosystems e.g. Greater Boston/ Kendall Square/MIT, Silicon Valley/Stanford and Tel Aviv. The Danish Innovation Centers, for example, are located in seven regional innovation ecosystems around the globe. These centers are an important part of the government’s mission to assist Denmark in harnessing new technologies for the benefit of Danish companies and governmental agencies. Recently, Denmark has appointed the world’s first TECH Ambassador situated in the Silicon Valley and with teams in Beijing, Tel Aviv, and Copenhagen, with cyber security a prioritized area. The UK has expanded its “Science and Innovation Network” across the globe based in Consulates and Embassies in key innovation ecosystems.
We argue that an innovation ecosystem approach to cyber security is a practice still under development and not yet fully understood. Questions that remain unanswered include: “What are the key policy interventions that characterizes current examples of innovation ecosystem approach in cyber security?”, “what are the success factors of an innovation ecosystem approach in cyber security?”, “what are the key partnering formats in an innovation ecosystem approach?, “what are the key societal drivers making an innovation ecosystem approach the right choice for national or international policy?”, and “how will an innovation ecosystem approach in cyber security shape the international status and power posture of states in the cyber domain?
This project will bring together a group of experts in the fields of cyber security and innovation ecosystems from universities, governments, risk capital, corporations, and entrepreneurs to find answers to these questions. Their “best practice” answers (together with an evaluation of key challenges) will be collected in a joint-publication to form the knowledge base (and a core curriculum) for advising national governments and for the development of advanced training courses in cyber security policy and practice.