Why BT's Security Chief Is Attacking His Own Network
It's often said in sport that the best form of defense is attack, and that's a maxim that Mark Hughes, the head of security at BT Group, has taken on board. Except his modus operandi is to attack the very network he's responsible for protecting.
Hughes, a highly enthusiastic and open character, has an incredibly broad role as the CEO of BT Security: He is responsible for all security matters at BT (physical at 10,000 buildings as well as digital and virtual) and also for developing the telco's security services offerings, which are proving increasingly popular with enterprises and, according to Hughes, even whole countries. "In the past few years we have aggressively gone after security services business, driven largely by demand from enterprise customers, who realized they needed help," he noted during a media briefing about a new security report BT has published in partnership with KPMG LLP. (See Cybersecurity: More a People Than a Tech Challenge?)
The provision of security tools and services is a large and growing business: According to Gartner, as enterprises shift their security spending away from prevention-only solutions and more towards detect and response options, global spending on information security is set to increase by 7.6% year-on-year to hit $90 billion in 2017 and $113 billion by 2020.
Revenues from BT's security services grew by 24% year-on-year in the financial year that ended in March 2017, with the telco noting in its presentation to investors that all large network deals had security elements incorporated. Those elements can range from the straightforward provision and management of a firewall to the provision of full cybersecurity management services, where the telco would compete against the likes of Raytheon and Lockheed Martin.
And there are plenty of additional security services opportunities coming down the pipe. Hughes notes that security capabilities can be offered as part of SD-WAN and NFV-based services, while the IoT sector offers a great deal beyond secure smart meter services. The IoT opportunity "is not so much in providing a security wrap around devices but in the secure management and brokering of the information gathered [from IoT deployments]. The devices are important but it's the security of the information that is the big issue."
Hughes believes BT has gone further than other telcos in developing security services, though he notes that NTT Communications Corp. (NYSE: NTT) and Deutsche Telekom AG (NYSE: DT) (T-Systems) are two examples of other telcos that have built service offerings on top of their own network security capabilities. "We have built a services business based on our network knowledge and skills, and I haven't seen others go as far as us, but that doesn't mean they're not trying!"
So there's a helluva lot to do! But Hughes appears to have energy to burn and, unlike many other heads of security at enterprises around the world, he has a large team working for him -- about 3,000 people globally.
And they're doing a lot of really interesting things. Part of Hughes's team is tasked with performing "ethical attacks" on BT's security defenses to identify weaknesses and help bolster the company's defenses before less friendly hackers encounter any chinks in BT's armor.
That process is called "red teaming" because, well, it's undertaken by BT Security's Red Team. And, naturally, it has a counterpart, the Blue Team, which defends the network in these cybersecurity war games. "It's a big overhead but it's worth it. The Red Team finds stuff and then they work with the Blue Team to fix it." Hughes points out that the Red Team doesn't wait until the completion of the attack exercises, which can last months in some cases, to point out any identified weaknesses -- that would be too risky. So the Red and Blue teams work together constantly in an ongoing "agile" manner in a process Hughes calls "Purple-Teaming."
Such processes mean the BT security team is constantly updating and strengthening its defenses to guard against Hughes's biggest headache -- the ability to respond in a suitable and efficient way. "Because we have such a large global network -- the biggest MPLS network in the world -- my main concern is that we need to be able to flex and react" in response to any breach and be able "to isolate the network" when necessary.
So have there been any major breaches? Hughes thinks for a moment… "No… we are extremely careful and vigilant," he says, adding that response times have improved dramatically in recent years, down to milliseconds in some cases.
Next page: Cybersecurity tech, AI and collaboration