There's an emerging consensus among Europe's technocrats that, for practical policy purposes, World War III is already underway.
The language of global war has been edging into the mainstream for a while now when it comes to Russia, with a former head of the UK's MI6 using it on TV in November before a sitting UK defence head started talking about the need for war preparation in late January. Bit by bit, it has become not hyperbole that is ignored, but something serious people say even in public.
Now it is showing up in thinking that goes beyond Russia.
Policy advisors who focus on trade have suggested that America has proven a new battle in a now ongoing trade war can break out at any time and economies need to be ready to react, fast, pivoting to different markets and rapidly shutting down or ramping up on some types of production as required.
Policy advisors with a focus on climate change have suggested that the increase in the number and severity of extreme weather events needs a militaristic approach, complete with distributed depots of materials and rapid-deployment forces of engineers and artisans to respond to destruction.
Those of us worried about misinformation can bore you all day long on how state-sponsored campaigns constitute an attack on the fabric of society, with every society under threat from such a large number of bad actors that it can only be considered a global conflict.
And then there are the cyber security types who have a growing menu of ransomware attacks to choose from as evidence that there is a worldwide, asymmetrical war underway with criminal gangs that are (when not actually working at the behest of a nation state) indistinguishable from terrorists.
So, increasingly, wherever nations meet on issues of common interest, there is talk about the need to be on a war footing. That idea is spreading much as did the idea of COVID-19 lockdowns: in fits and starts, with some places holding out and others giving it their own twist, but with South Africa sure to follow the herd eventually.
It won't be long before that filters through into regulation, to if not bring the civilian world into the war effort, then at least prepare it for the consequences – and I reckon the ICT sector will be at the top of the list as usual.
It's not like the IT space isn't prepared for this stuff; disaster recovery and threat detection has been part of the thinking since the first time one computer was plugged into another computer. Outside of the military, no other sector approaches its everyday work with possible adversaries in mind.
But voters and politicians, perhaps fairly, perhaps because of a lingering Y2K hangover, perhaps because security vendors are professional fearmongers, see IT systems as uniquely vulnerable in a world at war.
At least one industry group is gearing up to counter that with arguments on the strength of self-regulation and the sufficiency of pressure from auditors and shareholders and insurers to build up defences. It's actually kinda cute how they think they can counter visceral fear with rational argument when supermarket shelves stand empty or hospitals shut down.
Still, after the politicians have frothed about how Something Must Be Done, regulatory intervention must meet a rationality test. Were I a betting type, I would bet South African lawmakers will reach first for the National Key Points Act, which is in dire need of an update anyway, but will eventually settle on broadening the scope of something such as the Joint Standard on Cyber Security and Cyber Resilience Requirements instead.
That standard, which has been around in draft form since late 2021, is mandatory in the financial services space and makes some related assumptions. For instance, it assumes every organisation has compliance teams and incident response teams, which may be true for banks but is not true for, say, a mid-sized light engineer works. An engineer works that may not be entirely thrilled to finally be recognised as a crucial part of the economy when that comes with demands such as regular penetration testing and training on security hygiene.
It won't be easy, it won't be cheap, and it won't be fast to impose a higher degree of security and resilience by central diktat. It won't be popular among those who have to spend the money either. Listening to the rumblings among diplomats, however, it is as grimly inevitable even while seeming impossible as once were black empowerment rules, universal health and safety standards.
This, after all, is war.
Share