SAN FRANCISCO – The future might be rich, with poverty and famine eliminated. Or it might be lost because of tensions we see today – people losing faith in democratic institutions and businesses, and unwilling to believe in what they see and read in the media.
Those two stark pictures were painted at the outset of the annual RSA Conference on security.
What will influence the future, argued RSA president Rohit Ghai and entrepreneur Niloofar Razi Howe in the show’s opening keynote, will be how we deal with trust.
And trust, they argued, is a matter of risk management. “Trust is to the economy what water is to life,” said Ghai.
The picture they painted of the year 2049 is idyllic: It’s the ‘biodigital era,’ when technology is embedded into biology to help bodies fight disease, among other things.
In this almost perfect world (“people are probably still losing money on bitcoin,” Ghai said to laughter) poverty is a thing of the past, as are water shortages.
But he and Howe said, it nearly didn’t come to be for things we see emerging today: Trust in organizations and institutions plummets as people realize the extent of misinformation on them in government and corporate databases; interference in elections causes people to lose faith in their political and social institutions; individuals are targeted in nation-state attacks; fake and biased news combined with ‘deep fakes’ in cyberspace causes such polarization that fact-based discourse between people is impossible.
“The trust crisis threatened to shake the foundation of human progress,” said Ghai, “as organizations fail to reassure the privacy, integrity and reliability of data. Regulators take “draconian” action, a global trade war leads to the balkanization of the Internet, and, well, things get bad.
So if some of this looks prescient – if not current– there’s a way to prevent it, Ghai and Howe said: Restore trust by managing risk.
It can be done in a number of ways, some non-technical – like teaching information literacy so citizens can no longer be targeted and manipulated and misled. Other ways include using technology to root out fake video on social media and ensuring reliability and resiliency of networks through risk management.
In fact, they argued, cybersecurity and risk management need to converge. In addition, technology (“machines”) and humans have to learn to work together. And organizations learning that reputation – defined as doing the right thing – is vital.
“Trust doesn’t require perfection,” noted Howe, “but it requires honesty, accountability and transparency.”
So the almost-perfect world of 2049 came to be because security became a risk management problem focusing on minimizing the impact of cyber problems and not breaches.
“What we protect,” Ghai told the infosec pros, “is not just applications or critical infrastructure or data … We are in the business of protecting trust.”
Cisco keynote on IT working with OT
In their keynote, officials from Cisco Systems urged infosec pros – who today largely are on the IT side of business – to learn to work with the operational technology (OT) side, which runs factories, pipelines and critical infrastructure. This is because OT networks are increasingly becoming Internet-enabled. And, warned Matt Watchinski, Cisco’s vice-president of global threat intelligent, attackers have noticed.
Malware called VPN Filter is already targeting IoT devices and network routers to pivot into IT networks, he said, and seeking out industrial control traffic to get onto OT networks.
Meanwhile, OT network operators aren’t up to the cyber security standards of their IT counterparts, added Liz Centomi, senior vice-president of Cisco’s IoT division.
She urged IT infosec pros to “lean in and learn about OT environments.”
“Make new friends … learn how to ask the right questions about what is important to them even before thinking about how to secure it,” she added. “Adapt your success to this world .. be the bridge between IT and OT.”
McAfee keynote on AI
Another view of the future came in a keynote from officials at McAfee, who looked at the promise and pitfalls artificial intelligence.
AI will be the “new foundation of our industry, able to better defend our environments, to detect threats, to out-innovate our adversaries,” said CTO Steve Grobman.
But, he warned infosec pros to look at the problems that AI and machine learning may cause, starting with the fact that criminals and nation-states are just as likely to take advantage of it.
In fact, McAfee used publicly available technology to put together a model that would predict which San Francisco neighborhoods are least likely for a criminal to be caught committing certain crimes.
“The model has no idea whether it’s learning to detect cancer or optimize a crime spree,” said McAfee chief data scientist Celeste Fralick. “It’s just math.”
“We must embrace AI but not forget its limitations,” said Grobman. “It’s fragile and there is a cost of both false positives and false negatives. But when we collaborate to invest in the right technology and deploy it with our eyes wide open … we will shape the 21st century technologies that reshape the human experience.”