How start-ups can make us safer and more prosperous

Dr Tobias Stone, Honorary Research Fellow at ISST, writes on the role of start-ups in a new era of hybrid warfare.

In 2007, I was living in Estonia when Russian disinformation caused major riots in Tallinn, along with the first largescale cyber-attack on a country. It was a precursor of what was to come, and that night was a shock for those of us who found ourselves walking over smashed glass and blood on the pavements of an otherwise very peaceful and beautiful Medieval Old Town. A year later I found myself messaging friends in Georgia as it was being invaded by Russia. More recently, I’ve been messaging with Ukrainian friends hiding in cellars as Russia attacked Kyiv.

Trying to make sense for myself of what was going on, in 2016 I wrote an essay that warned  Brexit, Trump, and the weakening of our post-war alliances could lead to Russia invading a country in Eastern Europe. The article went viral and was viewed over 20 million times around the world. It hit a nerve and I think captured a deep sense of discomfort many people were feeling at the time.

Over the following years I wrote a lot more, including an essay series tracing this conflict from the first cyber-attack on Estonia, through the war in Georgia, the information warfare attacks on the Brexit and Trump votes, to the first invasion of Ukraine. I called this The Great Cyber War, and suggested we need to view it was one single conflict in order to make sense of it and to be able to respond to it.

As someone working in tech, and who lived in Estonia for many years and saw the threat first hand, I began thinking about how this affects the tech sector. We have seen technology companies become targets or collateral damage in major cyber-attacks. Russia’s NotPetya attack on Ukraine used a vulnerability in some Ukrainian accounting software to access Ukrainian government systems.

The software was running on a single computer in a Maersk office in Ukraine which eventually led to the whole of Maersk’s global shipping network being taken down by the attack. I always recommend tech founders read the brilliant account of this attack in Wired magazine to understand why their start-up is at risk. I feel it is important for the tech sector to understand how all tech is a vulnerability in this new era of hybrid warfare.

My argument that the tech sector should become more aware and responsible, in particular in the face of Russian information and cyber warfare, rings more true now that Russia has started a major war in Europe. The tech sector in Ukraine has mobilised to great effect, changing the way war is fought with the use of small drones, improvised tech, and open-source intelligence. We are seeing Russia’s 20^th Century army fighting a 19^th Century war of conquest against a 21^st Century Ukraine.

There is a huge amount to learn from this, and the tech sector has a role in all this. In particular, I think it’s important that:

1. All start-ups in all sectors need to understand their place in the cyber threat. They need to be protected against damage from large scale cyber-attacks, and they need to protect society by not becoming the vulnerability through which attacks spread. How can we achieve this?
2. We need to promote the concept of Dual-Use technologies that can be used in both a civilian and a military/security context. This is not just the obvious defence tech, but also healthcare, biotech, AI, computer vision, quantum, and more. How do we get more start-ups to think about whether they can help, and how do we make it easy for them to do so?
3. We ensure there is more interaction between the defence and national security community and the tech sector. We, in tech, need to learn what they need, but we also have a lot to share both in what we do and how we do it, as Ukraine is demonstrating.
4. Some sources of support or funding for start-ups prohibit their use in defence or security. This is now inappropriate and needs to change fast. We need to ensure provisions in VC funding and grants, and cultural bias against defence and security, are changed to reflect the reality that the security landscape is increasingly serious since Russia invaded Ukraine and the strategic competition between the USA and China gathers pace. To stay safe and prosperous, we need all the innovation and technology we can muster, without constraints.

As my interest in all this develops, I’ve joined the Institute for Security Science and Technology at Imperial College London as an Honorary Research Fellow. My aim is to use this affiliation to address some of the points outlined here. ISST is interested in societal resilience, which goes beyond core security and defence issues into things like climate, health, and infrastructure resilience.

This is a great topic that again should be inspiring innovation in the tech sector. ISST is based at Imperial’s White City campus, which is also home to NATO’s DIANA Accelerator program, the Ministry of Defence’s Defence and Security Accelerator and JHub, as well as the National Security Strategic Investment Fund. This is an amazing ecosystem and I hope to help open it up more to the wider tech sector.

The intersection between National Security, Defence, prosperity, and innovation is an exciting space for startups. Being a prosperous country, protecting that prosperity, and in turn using it to develop the National Security infrastructure is becoming a major part of a wider agenda, and something that creates huge opportunities for the tech sector both to build successful businesses and to contribute to supporting peace and democracy.

At ISST, we will work to convene people and see a greater exchange of ideas between this ecosystem and the wider tech ecosystem. My PhD looked at the underlying social network structures that support innovation, and this remains my passion. I always look at how to break down silos of activity, disrupt closed networks, and build weak tie networks that can bridge out. This is what drives innovation and disruption. I repeatedly come back to the need to focus on people at the edges of social networks, and encouraging them to bridge into other networks.

I would like to see how the tech sector can step up to the challenge created by Russia’s invasion of Ukraine. The Ukrainian tech sector has mobilised and organised – check out their Brave1 MilTech ecosystem - and NATO is starting to engage with startups through DIANA. But we need more, we need it faster, and it needs to include more than Defence tech and cyber.  

The views expressed in this article are my own.