The need for entrepreneurs to think globally has become so necessary that assessing an innovator’s GQ – Globality Quotient – has become a standard market test. In our contemporary world, where in unison, the media contributes to a culture of fear, a mysterious mistress; the cyber security is, in reality, more spoken about than understood.
After my recent article: Take the Lead. The Tango and The Tech strong support from industry leaders made me realise that technically and strategically speaking; cyber security was the topic I wanted to know more about. Unsurprisingly, it's no longer a ‘Why?’ question anymore.
Notwithstanding, the flow of capital, technologies, and skills in the field of security, including the cyber security attracts ‘white’ and ‘black’ players – ‘Lords of Order’ and ‘Lords of Chaos’. Multiplied by wild ambitions of the world’s military superpowers, here we are, standing in front of the Apocalypses at its best!
A sensitive place of the worldwide integration of current and future of security industries. More often than not – undetectable; unseen and invisible for a non-professional; indistinguishable; hidden; unknown.
While the idea is somewhat extreme, there is no disagreement that it is happening. The condensing of the artificial intelligence worldwide that affects lives of billions of people around the globe can also mean the rapid increase of cyber threats.
Foundation of a universal culture of cyber security is marked by the initiatives and ongoing processes at the world’s most influential decision-making international forums. The United Nations General Assembly Resolution 57/239 regarding the “creation of a global culture of cybersecurity” was first adopted on January 31, 2003. Followed by numerous amendments, including the ‘UN General Assembly resolution mandating the creation of a Group of Governmental Experts (GGE) for 2016-2017. The Groups of Governmental Experts have become a known mechanism by which the General Assembly advances the international debate on norms, rules, and principles of state behavior in cyberspace.’ **
Cybersecurity. What it is not?
With this and a few more questions I am proud and honored to invite Mr. Chuck Brooks – one of the world’s most known experts and the industry guru to my weekly Global Macro Roundtable. Chuck Brooks – the person – legend and reference for the theme’s most competent and comprehensive quest and analysis.
Q: How would you define the intersection of the three pillars of future stability in the World Wide Web and the Internet of Things (Services): Cyber Security, Strategy and the International Law?
First of all let me congratulate you for your many contributions to the intellectual social medium, for your posts on entrepreneurship, and for the weekly Global Macro Roundtable. It is an honor to be interviewed.
I sincerely believe that stability in the international cyber and IoT arena must be driven via an adaptive global framework. According to the think tank Center for Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445-billion every year. That may be underestimated with the recent spree of breaches that have affected almost every industry vertical including banking, energy, transportation, and retail commerce. For example, British Petroleum (BP) faces 50,000 attempts at cyberintrusion every day. Global crime does not respect sovereign boundaries.
A real challenge in cybersecurity has been to get governments, agencies, associations, and industry to cooperate in an open and shared manner. Results have been mixed at best. Perhaps enactment of a general working framework, global (at least among Western allies) under pinned with a willingness for cooperation can serve as a catalyst for action.
The new reality is that almost all of our critical infrastructures operate in a digital environment, including the health care, transportation, communications, financial, and energy industries. This environment is dynamic and will be connected in what we call the Internet of Things (IoT). Cisco, who terms the “Internet of Things” as “The Internet of Everything,” predicts that 50 billion devices (including our smartphones, appliances, and office equipment) will be wirelessly connected via a network of sensors to the internet by 2020. While the information technology landscape has greatly evolved, so have the vulnerabilities. We are all reliant on the Internet’s connectivity for vital human services in almost every aspect of our daily lives.
To address the connectivity associated with IoT and stand-alone cybersecurity threats, our economic and security interests require collaboration and a decisive plan of action. The security measures and technologies do already exist and can be integrated and continually enhanced. The bottom line is that waiting and reacting will no longer suffice as a strategy. Detection, authentication, and sharing of threats relating personal devices (laptops, smartphones, and tablets) and to IoT devices have become an imperative.
The global cybersecurity community’s posture/strategy must change to one of “wait and react” to that of being proactive and holistic. It is not really a question of which policies, processes and technologies are ready and best, that will always be debatable. Being proactive means adopting a working Industry and Government Global Cybersecurity Framework that would include measures for encryption, authentication, biometrics, analytics, automated network security, and a whole host of other topics related to cyber threats.
An added ingredient to the equation is information-sharing and international cooperation. As everything is more and more connected, it is in the interest of nations to establish formal cooperative international legal protocols to share data of threat elements, many of which are criminal in nature. The US has established promising cooperative cybersecurity arrangements with India, Israel, the UK, Germany and others in recent months. This is expected with allies and should be expanded. In addition, the United States and Russia, and the United States and China have initiated discussions on such cooperation. The realization that cyber threats to industrial ecosystems are not isolated and can bring economic ruination to everyone simultaneously is a compelling reason to create a workable global framework to address cybersecurity.
One final thought on stability. Training of a next generation of global cybersecurity technicians and SMEs must also be a priority. The risk environment is growing every day and there has not been enough resources dedicated to keeping up from governments, and from the private sector. A great deal of cybersecurity can be automated with emerging technologies, however, it is still the human element that directs policy and whom must participate in any global framework.
Q: Edward Snowden’s revelations on cyber security.
What are your thoughts about it in general?
When Edward Snowden was on the run and landed in Russia, I happen to be speaking on a panel on cybersecurity at the MIT Open Innovations Forum. A question was asked about what I thought about his revelations. My answer was that Snowden broke laws, betrayed his service to country, and if he was sincere in being a whistle blower. In fact, he had plenty of proper government avenues to express his concerns, especially via congressional committees.
For those in the cybersecurity world, his revelations were not news. All governments use digital exploitation means in what they perceive to be their security interests, and cyber spying is assumed, even by friendly countries. The revelations, did however, call attention to the ongoing debate between private sector industries and government on data privacy issues. More specifically, what are the boundaries of activities in pursuit of national security and counter-terrorism?
In the international arena obviously not every nation-state plays by the same rules. Data privacy will continue to be a hot debate topic on what should be authorized access to private data information.
The INDUSTRIE 4.0 – the German strategic initiative to take up a pioneering role in Industrial Internet of Things. It might be argued that because Germany, German companies were not among the global very few first runners and winners from Internet-based initiatives and reality, it is now the frontrunner in Industrial Internet of Things. The triumph of reason and predictable rationality is here. To stay, to develop and to trend up the “Made in Germany” brands widely around the globe, as referenced below:
Q: What would be your futurecast of the Industry 4.0 potential cyber threats consequences?
First of all, having done homeland security consulting work for the German company, Rohde & Schwarz, I am very impressed with the industrial cybersecurity capabilities of Germany. Germany is indeed a forerunner of Industry 4.0.
As the capabilities and connectivity of cyber devices has grown exponentially, so have the cyber intrusions and threats from malware and hackers requiring restructuring of priorities and missions. The cyber threat includes various criminal enterprises and adversarial nation states. A change in the cyber risk environment has corresponded with a heightened investments in technologies and information-sharing with private sector stakeholders who owns most of the critical infrastructure in the United States, and Europe.
A successful 4.0 cyber threat consequences strategy requires stepping up assessing situational awareness, information sharing, and especially resilience. Cyber resilience is an area that must be further developed both in processes and technologies, because no matter what, breaches will happen.
Currently Ransomware mostly via Phishing activities, is the top threat. In the recent past, 2014 code vulnerabilities such as Heartbleed, Shellshock, Wirelurke, POODLE and other open source repositories caused chaos and harm. There is a growing understanding the seriousness and sophistication of the threats, especially denial of service and the adversarial actors that include states, organized crimes, and loosely affiliated hackers.
In the US, most (approximately 85%) of the cybersecurity critical infrastructure including defense, oil and gas, electric power grids, healthcare, utilities, communications, transportation, banking and finance is owned by the private sector and regulated by the public sector. DHS has recognized the importance for private sector input into cybersecurity requirements across these verticals and along with NIST in developing a strategy to ameliorate shortcomings
The Strategic Grid, in the US and in Europe, is in great need for enhanced security. An accelerated effort to fund and design new technologies to protect the utilities from natural or man-made electromagnetic surges; further harden hardware and software in SCADA networks from cyber-attack; and provide enhanced physical security for the grid.
Mobile management that involves securing millions of BYOD devices is currently a challenge for information security both in government and in the private sector. Cloud computing has also taken center stage and securing cloud applications. There is always a need for better encryption, biometrics, smarter analytics and automated network security in all categories.
My own master list of future cybersecurity 4.0 priorities includes:
Internet of Things (society on new verge of exponential interconnectivity)
Drones and Robots
Super computing, machine learning, and quantum computing technologies are an exciting area of current exploration that may remedy many of the threats.
Q: Smart cities. Which are the most unrealistic expectations of / from the ‘Smart cities’ projects in India? In other countries? The most unthought-of potential threats?
In the past few years, cities have migrated from analog to digital and have become increasingly “smarter.” A smart city uses digital technologies for information and communication technologies to enhance quality and performance of urban services, to reduce costs and resource consumption, and to engage more effectively and actively with its citizens.
A smart city is indeed a laboratory for applied innovation. A smart city and its accompanying ecosystem can influence and impact the industrial verticals including transportation, energy, power generation and agriculture. Frost & Sullivan estimates the combined global market potential of these smart city segments to be $1.5 trillion ($20 billion on sensors alone by 2050, according to Navigant Technology.)
The term “smart city” connotes creating a public/private infrastructure to conduct activities that protect and secure citizens. This includes shared situational awareness and enabling integrated operational actions to prevent, mitigate, respond to, and recover from cyber incidents as well as crime, terrorism and natural disasters. It also signifies the betterment of public services, conduct of commerce, and meeting the expanding logistical health, financial, transportation, and communication requirements for those who choose to live in an urban setting. Many companies are becoming proactive in preparing for the expansion of IoT.
The Smart city projects in India and other parts of the globe are quite interesting. The success relies on primarily three elements: power generation, sensor chips, and connectivity. Of course the latter is vulnerable to cybersecurity threats, especially since there is no existing protocols on protecting the Internet of Things yet. Also, from a technical perspective, Smart Cities may incorporate many different types of sensors made by many different types of manufactures. Building an IoT protocol for these various devices and sensors could be as challenging as herding cats.
In terms of security and threats, there are a variety of key areas of IT, Smart Cities — or perhaps what more appropriately should be termed “secure cities” — component roles:
Physical and cyber security;
Public safety services (first responders);
Sensors, detectors, biometrics, wearables;
Data analytics, urban informatics;
Command & control centers;
Social media monitoring.
New risks, privacy issues, and unforeseen issues will no doubt confront us as the Internet of Things and Smart Cities continue to evolve and expand. We are approaching a virtual world of avatars, cognitive intelligence and quantum reasoning. The only limits are human imagination.
*The World Economic Forum: Why the best entrepreneurs think globally
**Cybersecurity at the UN: Another Year, Another GG