Cybersecurity in Practice (Introduction): Outside the Mainstream

By: Cheng Lai Ki

‘In theory, theory and practice are the same. In practice, they are not.’ – Anonymous (not the hacktivist group)
‘In theory, theory and practice are the same. In practice, they are not.’
– Anonymous (not the hacktivist group)

Over the last century, human experiences have progressively benefited from continuously advancing information technology (IT) systems. Within civilian domains, advanced IT services have facilitated the globalized sharing of commercial and financial information critical to the prosperity of private conglomerates. Within governmental domains, IT enabled technologies have supported the distribution and transference of essential diplomatic intelligence critical in the function of national security and international relationships. Collectively, the nexus of civilian and governmental IT systems forms a new spatial environment known as ‘cyberspace’.[1] Like other dimensions of Land, Sea, Air, and Space; cyberspace has progressively been recognized as a new domain of warfare, conflict and thus securitization.[2]

As global commercial and military dependencies on advanced IT systems increase, humankind has witnessed the rise of several new high-function sensory and reconnaissance platforms (i.e. Unmanned Aerial Vehicles) that are critically dependent effective IT systems interacting with geosynchronous space-based platforms (i.e. Satellites). As such, cybersecurity has become the centrepiece of security sector discussions within both commercial and state domains. Nations and non-state actors are accumulating cyberspace enabled tactics and strategies for offensive and defensive operations.  Guided by these broad considerations, most contemporary literature regarding cybersecurity often focus on the technical elements of computer network exploitations (CNEs), the implications for national level topics (i.e. Political Security; Economic Stability) and technical advisories.[3]

While it is important to understand the technical and national security implications, it is also equally important to understand the vulnerabilities and security implications in more specified sectors, such as maritime security as well. These areas remain relatively under-researched and receive minimal media coverage. This four-part series attempts to illuminate and provide insight into these areas within the cybersecurity studies by drawing upon the knowledge of practitioners and academics from cybersecurity and military sectors. This Strife Series analyses these topics from a practitioner’s perspective. What does the cyber landscape mean to them – does it differ from security-scholars? What concerns and issues are faced by practitioners from the various (i.e. commercial; security) sectors? The objective of this article is to illuminate the reality of cybersecurity considerations beyond the theoretical and provide readers with an insight into its practice.

First in the series is Marcelo Malagutti who is the founder and former Projects Director from Fóton Informática, a Brazilian software company specializing in banking automation. Marcelo will kick off the series by presenting ‘software power’ as a complement and alternative to the processing power of supercomputers. Utilizing various practical examples, Marcelo illuminates the software-hardware relationship and the vitality of effective software platforms running on clusters of ‘commodity hardware’ in processing large amounts of information.

Secondly, we have Arthur Laudrain from the French Military who will be exploring cyber-related vulnerabilities of unmanned remote-control and autonomous platforms. The article explores the cybersecurity vulnerabilities of drones and other aerospace platforms. He specifically relates his discoveries to C4ISR (Command, Control, Communication, Cyber for Intelligence, Surveillance and Reconnaissance) platforms and the ever evolving landscape of cyber-augmented platforms utilized by intelligence and military organizations.

The third author in the series is Cheng Lai Ki who will be examining the cybersecurity vulnerabilities of maritime platforms, ranging from seafaring vessels (i.e. Naval Frigates; Cargo Freighters) to oceanic installations (i.e. Oil Rigs). The globalized maritime sector is critical to state expansion, global economies, and national naval capabilities.[4] Here, he specifically explores how navigational systems could be exploited by attackers and the ramifications for maritime operations.

The fourth article is written by Nicolas Castellon, a cybersecurity specialist with the CGI Group who will be discussing the importance of understanding and developing a comprehensive crisis-management infrastructure for cyber incidents. As commercial and national infrastructures are progressively brought online, we need to cultivate effective and rapidly deployable teams for scenarios where entire computerised systems are compromised. As a practitioner himself, Nicolas’ article provides an incredible insight into the operational sides of cybersecurity within the commercial world today.

The fifth article, also contributed by Cheng Lai Ki, concludes the series by examining and outlining the current cybersecurity landscape within professional sectors. In this final article, he aims to firstly addresses emerging threats that are simultaneously affecting the government, commercial and civilian sectors. Subsequently, he will reveal emerging security development trends currently being developed by various companies within the cybersecurity sector utilizinging information gathered from his experiences at the IP Expo Europe 2016[5].

According to Jason Healey, the future of cyberspace ‘is a jump ball, undecided, and it may be more sensitive to state-sponsored technological disruptions than many governments currently understand’.[6] Equipped with new cyber-enabled tools, criminals, militaries and grand-spymasters are potentially able to exploit computer network vulnerabilities in an unrestrained fashion. This could lead to systematic disruptions within critical national infrastructures or obstruct kinetic operations that could have disastrous implications on our physical security. Therein lies the importance to understand practical aspects of cybersecurity outside the general technical and generalized cybersecurity narratives.


About the Author:

Cheng is a graduate from the MA Intelligence and International Security program at King’s College London, his Master’s thesis examined the characteristics and trends defining China’s emerging cybersecurity and cyberwarfare capabilities. He was a finalist at the 2016 Cyber 9/12 Student Challenge in Geneva, contributed to other security journals such as IHSJane’s Intelligence Review and was a Former Managing Editor (Blog) at Strife.


[1] Byrant, R. ‘What kind of space is Cyberspace’, MinervaAn Internet Journal of Philisophy, 5, (2001); 138 – 155.

[2] Even, S. & Siman-Tov, D. Cyber Warfare: Concepts and Strategic Trends, (Tel Aviv: Institute for National Security Studies), May 2012.

[3] Anderson, R. J. Security Engineering: A Guide to Building Dependable Distributed Systems, (2nd Eds.), (Indianapolis, IN: Wiley), 2008.

[4] Dutta, S. ‘Securing the Sea Frontier: China’s Pursuit of Sovereignty Claims in the South China Sea’, Strategic Analysis, 29(2), 2015 pp. 269 – 294.

[5] The IP Expo Europe 2016 was an event held in at the London Expo Centre near Greenwich (LDN) that featured multiple tech companies within the areas of Cybersecurity, DevOps and InfoSec. Although fundamentally a sales environment, the event hosted several discussions and keynote speeches by experts within the sector and thus providing valuable insight into the workings of the cybersecurity industry today.

[6] Healey, J. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, (Vienna:VA, Cyber Conflict Studies Association), 2013; ISNB-10: 0-9893274-0-X; pp. 11.

Image Credit: (Accessed 28 October 2016)

Share this

Copyright © 2019 Strife Blog. All Rights Reserved.

Designed by Kris Chan