Insights
ISRS publishes an assessment of the job creation impact of Lebanon's Circular 331 programme, focusing on the UK Lebanon Tech Hub
June 18, 2019
Entitled "Circular 331: Job Creation Impact", the report is a case study of the UK Lebanon Tech Hub, a private-sector joint initiative by Banque du Liban, Lebanon’s Central Bank, and the UK government through the British Embassy in Beirut.
The Institute for Strategy, Resilience and Security was commissioned by the UK Lebanon Tech Hub (UKLTH) in November 2017, to follow the progress of companies that it had supported.
Faced with the cumulative burden of 37% youth unemployment and the highest proportion of refugees per capita in the world, Lebanon is under considerable pressure to create jobs.
This study reports our independent early assessment of the direct and indirect impact of UKLTH on these companies and also offer insights into the job creation effects of the Banque du Liban’s (BDL) Circular 331 initiative, which was launched in 2013 to provide financial stimulus for the funding of early-stage companies.
The UK Lebanon Tech Hub (UKLTH), was launched in April 2015 as a joint initiative of the Banque du Liban and the UK government’s Department for International Trade. Although very early to assess job creation impact, the UKLTH has provided assistance to 88 companies over a three-year period, representing the single largest cohort of Circular 331 supported companies. Of 49 companies that responded to our survey about three-quarters were based in Lebanon, and half were incorporated from 2015 onwards.
Quantitative, empirical and supporting anecdotal information data were gathered from introductory interviews and web-form based questionnaires with the founders, CEOs and senior leadership of 49 companies that had participated in the UK Lebanon Tech Hub’s Accelerator and Nucleus programmes during the period 2015-2017. In addition, feedback was collected on opportunities to improve the current approaches being adopted by both the Lebanese Central Bank and UK Lebanon Tech Hub.
Addressing human vulnerabilities in the digitally resilient organisation
October 31, 2018
By David Levinger, Senior Fellow, ISRS
Published in CIISEC Pulse Magazine
Within the evolving cyber threat and countermeasure landscape, human behavioural weakness persists as a key challenge for the security of enterprises. Corporate risk policies increasingly emphasise the importance of identifying emerging threats and dealing with them before they become crises. Yet despite recognition of the complexity of challenges presented by the milieu of asymmetric, covert and highly networked enemies, involving insider, lone, group and state actors, adoption of the appropriate assessment and mitigation methodologies continues to lag. These remain largely likelihood-impact based and rarely address the weakest security link: human behaviour.
While technical threats continue to evolve, the techniques of persuasion used to exfiltrate information from and recruit the cooperation of humans remain variations of those earlier deployed as mentalism, propaganda, high-pressure sales, and boiler-room scams. The constant target is the human brain as they rely on universal traits, such as curiosity, distraction, naivety, fear and greed, that exist to varying degrees within all individuals, and may be further amplified by organisational and personal drivers.
Organisations first need to examine how passive vulnerabilities, which may enable their enrolment as unwitting participants, are being generated within their human resources. To do this requires assessment of how incentives, mental states intrinsic to its corporate culture and the situational pressures to which each set of actors or agents are exposed, may contribute towards hackable traits. These factors will vary across roles and the corporate hierarchy, with leaders equally vulnerable to compromise. A single tweet by a CEO, gamed to an imprudent response by trolls, may be as damaging as a data breach.
Second, the corporate policies, cultural factors and incentives that generate active behavioural vulnerabilities must be recognised. Perceived injustice may seed motives of revenge. Extreme pressure to achieve delivery deadlines may, in turn, open up individuals to the bait of phishing that offers an alluring fix. The lure of excessive reward may cause inappropriate risk-taking or deliberate breaches of company policy.
Recognising active and passive vulnerabilities, there is much that organisations can do to assess these, as well as related gaps in capabilities, processes and control structures. Self-awareness training can help to alert individuals to when they are being targeted and to build physical, logical and emotional resistance to those exploits. The use of ongoing evaluation and interview methods can reveal underlying factors such as exceptionally low or high self-esteem. An active focus on leadership behaviour can lessen fear and resentment during times of change, and assist individuals and teams to diffuse issues before they materialise.
To achieve persistent digital resilience in the face of changing cyber threats requires that companies and individuals achieve hyper-awareness of behaviour, and self-inoculation with a natural state of amber alert to potential deception and attack by both internal and external actors. As non-deterministic software agents based on machine learning are granted increasingly powerful, autonomous and opaque roles as process controllers and interfaces within organisations, analogous assessments will be needed to ensure that their goal-functions and behaviours are not generating biases and vulnerabilities that can be easily gamed.
Digital Resilience - Understanding the Challenges of Resilience in Digital Environments
July 31, 2018
ISRS in association with Shearwater Group plc
As we head towards a future operating environment where virtually every business model and process is fully digitally dependent, we observe that many organisations have yet to accept and internalise the degree to which their operational resilience is coincident with digital resilience.
The paper argues that digital resilience is about acquiring a dynamic state of continual evolution and learning within the digital environment. When fully understood and implemented, digital resilience should enable an organisation to use new challenges not merely to rebound but to bounce forward, with crises becoming pointers towards opportunity and catalysts for evolution. It proposes an assessment framework of key questions for leaders to define, identify and address digital resilience issues within their organisations and outlines the principles of a strategic process to identify digital resilience issues both from a business and technology perspective and address them through the development of organisational capabilities.
Towards Trustable Software
October 16, 2017
ISRS in association with CodeThink
While software has become critical to virtually all aspects of modern life, processes for determining whether we can trust it are conspicuously absent.
The goal of this paper is to stimulate discussion of the urgent need, potential solutions and proposed next steps to address the systemic risks posed by that gap.Among stakeholder groups – vendors, purchasers, software engineers, computer scientists, government and regulators – there exists little, if any, consensus as to how software should be designed, constructed and operated to achieve this.
We examine current approaches and deficiencies within the software industry towards the issue of trust and propose the concept of a trustable software engineering process as a necessary and appropriate underpinning platform to ensure solid foundations for the trust of software going forward.
The principles of how that process might work are outlined, by establishing software engineering practices that generate audit information at all stages of creation, deployment, change and use, to enable the continual assessment of trust, just as this is done in other industries.
Click here to download the Executive Summary
Unlocking the Potential of UK Life Sciences
June 30, 2017
Despite a glowing foreword in the Office of Life Science’s Life Science Competitiveness Indicators report:
-
UK government spend on health R&D is 1/10th of that of the US, 50% on a per capita basis, and has remained flat at $3bn for the past five years
-
In exports of medtech the UK is ranked only 10th out of 12 comparative countries in the value of products, with levels remaining flat or in decline
-
The UK employs less than 1/4 of the people that Germany does in medtech manufacturing and 1/3 of the people in pharma products and preparations
-
The UK exports only 50% of the dollar value of pharmaceutical products that Germany does
-
The UK share of global life science IPOs is only 4% - surprisingly small, considering London’s role as a global financial center
-
Private equity investment in the sector is lower than France and Germany
-
The UK is sixth out of the G7 nations for investment in the NHS
Cyber Insider Risk Mitigation Maturity Matrix
December 01, 2016
By Chris Hurran, OBE, Senior Associate Fellow, ISRS
Cyber security is increasingly recognised to be a people issue as much as a technical one. Boards now understand that their own employees may be the weak link in an organisation’s cyber defences. This article provides a self-assessment matrix to help organisations understand how effectively they are mitigating cyber insider risk and thus enable them to embark on a programme of improvement.
Publication: http://www.cybersecurity-review.com/articles/cyber-insider-risk-mitigation-maturity-matrix/
Decision Making under Radical Uncertainty: An Interpretation of Keynes’ Treatise
June 15, 2015
By Dave Marsay, Senior Associate Fellow, ISRS
Keynes’ mathematical Treatise addresses what some call ‘radical uncertainty’, which he thought endemic in world affairs and whose appreciation underpinned much of his later work. In contrast, the mainstream view in economics, as elsewhere, has been that even if radical uncertainty exists, either there is in principle nothing that can ever be done about it, or that even if one could in theory do something about it then the institutions required would be unreliable, and one would be better off without them. Thus the mainstream has worked as if it were realistic to ignore even the possibility of radical uncertainty. But one needs some conceptualisation of radical uncertainty, such as Keynes’, before one can make such judgments. This paper presents an interpretation, to inform debate. The viewpoint taken here is mathematical, but this is not to deny the value of other views.
Citation: David Marsay (2016). Decision-Making under Radical Uncertainty: An Interpretation of Keynes’ Treatise.Economics: The Open-Access, Open-Assessment E-Journal, 10 (2016-1): 1–31.http://dx.doi.org/10.5018/economics-ejournal.ja.2016-1
Publication: http://www.economics-ejournal.org/economics/discussionpapers/2015-43
Cyber Doctrine
September 30, 2011
Cyberspace is a manufactured environment, comprised of ones and zeros, not bodies and mass. Its infrastructure depends on nano-scale innovation, not industrial-scale production. The rules of engagement - both civilian and military - developed for land, sea and air, over the centuries and millennia, require unprecedented adaptation.
Drawing on work and with input from cybersecurity practi- tioners, technology specialists, legal experts, policy makers, entrepreneurs and academics, ISRS has identified the major challenges faced by anyone seeking to ensure the security, exploitation and exploration of cyberspace. Whether a sover- eign body, corporation or citizen, surviving and thriving will depend upon embracing an ethos of delivery, innovation and growth to ensure that the UK becomes a (or possibly the) trust- ed hub for global ventures.
The proposed Doctrine is founded on the recognition that resilience is competitiveness. It should be synonymous with entrepreneurship. At its centre is the vital principle of the easy integration of competent authorities and capabilities with the capacity to manage and innovate. Sustainable resilience in cyberspace will derive from open sources and standards, driving an internationally coordinated approach to Research & Development.