This session was focused on cyber and security and related new challenges in a global context.

Benedict Suzan, Senior Prospective Analyst, Airbus Group Corporate, France opened the session by stressing the importance of this topic and the different perspectives coming from different industries and multiple countries.

Shakeel Tufail, the CEO of SecureNinja, started his presentation by asking what are we trying to protect and his answer was all-encompassing from  data, time, money, reputation and brand, to legal issues and government. Some of these translate into money and lives. Data is the new currency. Many of the previous forums focused on BYOD (Bring Your Own Device or Disaster), that provided a dialogue to address solutions for the previously listed challenges. Some other cyber security challenges include: increased connectivity to the world, increased complexity of systems, risk of external vendors/third party software, too much reliance on compliance and standards, and lack of experience and knowledge. Privacy can’t be controlled in this day because there are no global standards. To catch a thief you have to think like a thief.

Colin Williams the director of SBL; Honorary Fellow at University of Warwick; visiting p professor at De Montfort University, UK, stated that “the future war is not with blood but with bits and bytes” and this war on cyber security is not fought with blood but rebuilding the democracy with bits and bytes. Citizens and state should not be living fear of each other with open or closed data, when there is nothing to hide there is nothing to fear.

According to Juha Röning Professor Department of Computer Science & Engineering, University of Oulu, Finland, cybersecurity is about cybertrust, vigilance and reducing vulnerabilities. It’s a serious game of hunting, but we realize that the bucks are hunting us, not us hunting them. US Government (White House) invited University of Oulu to brief on cyber security and trust, and US leadership was impressed by Oulu’s pioneering role in this domain. Research on cyber trust has gained nation-wide prominence and was set as a priority, but government’s plans for budget cuts may affect this effort. New strides are being made to maintain Finland’s status of a trusted digital services provider, and building its brand of integrity.

Mike Ahmadi, Global Director of Business Development, Synopsis, Inc USA, used the term 0-day vulnerability to address the time gap from the moment a vulnerability happened until it detected. Unknown vulnerabilities are bad. Known vulnerabilities are a big problem. Even with known vulnerabilities, we are delayed or negligent in solving these problems.  For example, Java has identified 374 known vulnerabilities in java runtime (of the 374, over 150 vulnerabilities in Java scored critical), but no solutions to prevent this were identified or implemented. It’s very important that you pay attention to the vulnerabilities, especially deal with those known ones before new products and services are launched to the market.

Today we can’t live without software, so we have to put pressure on the software industry, and require organizations to provide us as consumers with secure products and provisions ensuring security, such as the Cybersecurity Bill of Rights.

Lasantha De Alwis is the Director/Head of Operations Department & Corporate Secretary, CTO – Commonwealth Telecommunications Organization which helps developing countries and economies with online trade of goods and service (such as eBay) in a context where cyberspace is viewed by governments as a channel for development. The government’s priority to engage in the main stream cyberspace; and balancing this with people’s concerns about privacy in cyberspace is an illustration of conflicting objectives in the field of cybersecurity. More commonwealth countries are working on cybersecurity than on data protection and privacy. In national cyber-policy making, the engagement of civil society is limited.

Additionally, there are future  cybersecurity challenges and trends that have been predicted, such as:

• Increasing demand for greater degree of privacy and the control of own data
• Continuous friction between security and liberty, which takes precedence will be determined by the scale of economic development
• Practice of democracy will change due to cyberspace, vastly increased civil society engagement in the democratic process
• Global cyber-policy making may not be as broadband as is required, due to resource, knowledge and commitment constraints

According to Philippe Wolf, Cybersecurity Progect Manager, IRT System X – Institut de Recherche Technologique, France, there is nothing private anymore about privacy. As of 2010, public data and information is the new social law, so there is nothing to hide. There has been a clash of managing public information, dignity and liberty. Google is the largest data cruncher, and smart phones are the largest collectors of geolocation services. There are also various efforts in cyber surveillance. Four privacy functions/methods of cyber deception, which include: anonymity, pseudonymity, unlinkability, and unobservability. We are facing a Privacy Paradox, so in conclusion – we have to comeback to human rights.

According to Louis Granboulan, Senior cybersecurity expert, Airbus Group Innovations, a new approach may be needed for ensuring data privacy. a new approach may be needed for ensuring data privacy. The goal is to protect sensitive personal data but this concept is tricky to define and may for example include IP address and voice template. The privacy you want to protect is not your info on your ID card but who you really are. Medical data has been the first concern for personal data protection.

Data analysis is progressing faster than regulation and anonymization techniques. People usually give away some privacy for lower services or better services. Personal data will leak everywhere, e.g. finger print is not a secret because we leave it everywhere. The proposed new approach entails empowering people to enforce the right for anyone to know what can be deduced from using that data.

In conclusion:

• Fighting against the availability of the data will fail
• Fighting against the misuse of the data may succeed: misuse is the risk that people should really be afraid of.

Petri Vilander, Cyber Security Manager, Corporate Customer, Elisa Corporation, Finland, opines that technology is not the solution of cyber, but it is the process which we should look at including cyber risk prevention, preparedness, and threat protection. We should focus more on technology procedures than technology itself to address cyber vs. information security. He also pointed out some new security challenges which include the following:

• Threat diversity will increase: “Due to the variety of objects adversaries can target, many of which are in insecure locations, attackers are able to devise new methods the cybersecurity industry has yet to face and blend sophisticated techniques to accomplish their mission.“
• Remediation will become more urgent and more complex: “When an attack does happen organizations can’t necessarily isolate a system because the cost and implications of shutting it down may be greater than the cost of an infection, presenting serious tradeoffs between protection and continuity of operations.”
• The attack surface will expand: “Case IoT, with billions of new devices connected to the IoT (including smart meters, heating and air conditioning systems, health monitoring devices, remote sensors for gas and oil lines, etc.) and more devices connecting all the time, the ability to gain visibility into these attack vectors, let alone close them to malicious actors, is increasingly ”