Henry Collis
Background
- Trooper Henry Collis, 34, has joined the Honourable Artillery Company in City Road, the oldest Regiment in the British Army. Born close to Pirbright and coming from a military family, Henry always wanted to join the Reserve Forces and follow in his family footsteps. “The training course has been great”. He said “The highlight was the field exercise and ‘live’ firing. It was great preparation ahead of the Patrols Course with the Honourable Artillery Company”. Prior to joining the Cabinet Office as a Senior Policy Adviser, where he now works, Henry spent three years as a civilian assessment analyst working at Headquarters ISAF in Afghanistan; a post he thoroughly enjoyed alongside volunteering outside of his day job to teach skiing to Afghan youths. “I’m sure I’ll take back to work many lessons in leadership, formulating plans and communicating them quickly to gain momentum – all very useful skills in the civilian workplace”.[1]
Talks
In Ukraine - 2018
Collis attended: “The Hybrid War Decade: Lessons Learned to Move Forward Successfully,” which was held during 7-8 November 2018 in Kyiv. He reportedly said:
- It is now ten years since the UK started to change its approach to cybersecurity, driven by the attacks on Eastern Europe, said Henry Collis, Deputy Director for Security and Defence Projects in the Prime Minister’s Office and Cabinet Office Communications Team. Our mantra: skills, not tools. Over this time, the UK’s approach has evolutionized into a “Fusion doctrine” which uses cybersecurity with other tools to deliver security objectives together with sanctions and diplomacy, strategic communication. According to Mr. Collis, it brings together levers of influence, economic levers, and hard security elements coordinated by a National Security Secretariat.
- What matters most for the government is being equally flexible and adaptable as the adversary, which is not constrained by the same considerations as most responsible states. The UK launched its first cybersecurity strategy in 2011, and the second one in 2015, with 1.9 billion pounds allocated. In Mr. Collin’s words, the root of their success was in improving their governance and overcoming the state inertia. This took a long time, and was focused around three considerations: coordination, cooperation, capability.
- Collaboration. As it is now in Ukraine, the United Kingdom started out with a mess of overlapping government institutions and responsibilities. “There was a time when we saw what was happening in Eastern Europe, but nothing was done because capabilities and responsibilities were distributed around different government departments and it took time rallying them together and creating a senior responsible officer at a senior level in government who was responsible for writing and delivering our first strategy. But to be effective in any government, you need to have a mandate. That’s why we created a cybersecurity program to encourage collaboration, to fund interdepartment activities which would normally fall between the cracks. We were talking to nations which had created their own national cybersecurity centers and we created one as well. That launched in 2016; it had dealt with 1,100 attacks on its 2nd birthday, most of which were attributed to hostile state actors. We now have a public face which goes on TV and explains to your grandmother that she should update her antivirus,” said Mr. Collin.
- Cooperation means working better beyond government, extensive working with the cybersector. This needs to be done at scale, with direct industry engagement, to be working with those who hold the greatest risk, with prioritized sectors of the economy. The solutions are probably already there in business; so the government needs to enable sharing of threat intelligence and data on the motivation of cybercriminals so that the partners can defend their networks – and the government can multiply the solutions. For this, the UK government created an online platform called Threat-o-Matic, which allows firms to share information on threats anonymously, without fear of financial or reputational loss. The reason was that firms were reluctant to share information and patching information so that it could be done at scale across the whole economy.
- “Build trust to allow anonymous profiles to share information and to become more resilient as a result. That’s a simple fix, but that’s representative for the type of hurdle that needs to be overcome for this sort of cooperation. Finding the technological solutions isn’t the challenge, it’s building the trust for effective cooperation,” stressed Mr. Collin. Capability. According to Henry Collis, the great technological solutions already exist, but the problem is having the right people to select the right tool and use it in the right way: “Long-term, enduring capability at an age of rapid technology means having the right people, not having the right things. Our mantra: skills, not tools. The technology to defend against cyberattacks isn’t expensive. But having the right people to select the right tool and use it in the right way – for this, we need a comprehensive approach across government. Something that depends on the department of education. You need to prescribe a set of education across all parts of the curriculum, so that they can start building skills at an early age. University funds need to create master’s programs in cybersecurity.”[2]