An interview with Uroš Svete
Cyberspace is becoming increasingly more important and integrated in all spheres of our lives. More and more critical services are related to information and communication sector, which means that financial, transportation, health care systems, systems for support for water and food, various industries and energy are interrelated and interdependent.
This critical infrastructure is mostly associated with the World Wide Web, automated functions and the ability to modify and control remotely. All this can allow intruders in most systems that are essential to our lives. More importantly, the question is how to protect ourselves against intentional and unintentional threats to the area dominated by decentralization, without clear borders and anonymity. We become aware of cyber threats only when there arouse problems, but unfortunately usually only temporary. It is also very difficult to evaluate our dependence on ICT (information communication technology).
Cyber power is playing important role and is based on Economist Intelligence Unit defined as the ability to withstand cyber-attacks and to deploy the digital infrastructure necessary for a productive and secure economy. It is a double-edged sword. On one hand is a key to progress and on the other due to dependence it creates new vulnerabilities and risks. Cybersecurity focuses on protecting computers, mobile devices, tablets, networks, programs and data from unauthorized access or manipulation. The number of internet users is growing and it had increased from year 2000 to 2014 for 741%. In a year 2014 42, 3% (3,036,749,340) of world population was active in cyberspace. Understanding cybersecurity is the first step to protecting yourself, your family and your organization. We talked with head of Defense Studies at Faculty of Social Sciences in Ljubljana Uroš Svete about cyber security and the effects it has on real life.
What does term cyber space mean and which are the main actors and most important organizations in this field?
I understand cyber space as a tie between electromagnetic sphere, interconnected devices (including Internet of thinks) and users. Without any doubts main actors are technological companies (like Apple, MS, Google), influenced IT experts (hackers), NATO, OECD, intelligence services (NSA, GCHQ, China). Supranational organizations can contribute to political awareness, technical standards, information and knowledge exchange (important for technologically less developed member states). Important are joint boards like ENISA or Cyber security Centre of Excellence as well.
Which are top cyber threats and how does and can cyber space affect real life?
Top cyber threats are threats to individual privacy, economic espionage, and critical infrastructure. The internet of things is the answer to the second question. With internet of things there will be no border between cyber space and real life anymore. The main targets of cyber-attacks are individuals (as part of BOTNET, phishing), private companies (in sense of espionage), Critical infrastructure. Cyber threat that made the most damage in real life so far is Stuxnet, Estonia under cyber-attack in 2007.
Does development in information communication technology and its’ greeter usage means also more vulnerabilities and threats? Is cyber war real or just a fiction?
Not necessary. Vulnerabilities and threats depend on technical mistakes and (intentional) misuse. We cannot stop technological development. So have to adapt to new reality. And one think more, technology is not good or bad. The human being is. At the moment cyber war is neither real nor fiction. It is possible but demands actors technologically developed at the same level. Today’s cyber war is more likely to the propaganda (psychological war) waging on the Internet. It is important part of modern conflicts but absolutely not decisive.
What can we expect in 2015 in realm of cyberspace and cybersecurity? What trends will be shown in the future and what are security predictions for years ahead?
Internetisation of conventional technology (Internet of things) Cars, refrigerators, and heat systems will become a part of cyber space. Physical money will disappear probably. But much more security relevant is 3D printing which will be expanded. It will change global production and state control over it.
According to ENISA (The European Union Agency for Network and Information Security) Threat Landscape report web web-based attacks are increasing and with it also number of data breaches, loss of tens of millions of data records, exposed identities and with cyber-crime and espionage big monetary annual global losses. The key recommendations for better protection from more and more sophisticated and numerous cyber-attacks that are occurring on daily bases based on Uroš Svete are better information security awareness of employees, a question of outsourcing (Apple decides to fire outsourcing company responsible for physical security), penetration tests and technological standards development. Since we cannot reach 100% security we need with comprehensive cyber policies, clear cybersecurity plans, laws, cybercrime response and enforcement authorities such as CERTs (computer emergency response team)minimize threats to cybersecurity. It is importantto encourage development of technical skills, education, awareness, innovations, government commitments and cooperation between public and private sphere.
Are robots sexist? UN report shows gender bias in talking digital tech
Why do most voice assistants have female names, and why do they have submissive personalities? The answer, says a new report released on Friday by UNESCO, the UN’s Education, Science and Culture agency, is that there are hardly any women working in the technical teams that develop these services and other cutting-edge digital tools.
The publication, produced in collaboration with the Germany Government and the EQUALS Skills Coalition – an alliance of public and private sector partners which encourages the involvement of women and girls in scientific and digital technology sectors – is called “I’d Blush If I Could.”
The title is a reference to the standard answer given by the default female-voice of Apple’s digital assistant, Siri, in response to insults from users. Apart from Siri, other “female” voice assistants also express submissive traits, an expression of the gender bias built in to Artificial Intelligence (AI) products as a result of what UNESCO calls the “stark gender-imbalances in skills, education and the technology sector.”
Several recommendations are made in the study, including advice to stop making digital assistants female by default; programming them to discourage gender-based insults and abusive language; and developing the advanced technical skills of women and girls so they can steer the creation of new technologies alongside men.
Given the explosive growth of voice assistants, says the report, there is an urgent necessity to help more women and girls cultivate strong digital skills.
Bridging the digital gender gap is an issue for all countries
Today, women are extremely under-represented in teams developing AI tools: women make up only 12 percent of AI researchers, six percent of software developers, and are 13 times less likely to file ICT (information and communication technology) patents.
“Obedient and obliging machines that pretend to be women are entering our homes, cars and offices,” says Saniye Gülser Corat, Director of Gender Equality at UNESCO. “Their hardwired subservience influences how people speak to female voices and models how women respond to requests and express themselves. To change course, we need to pay much closer attention to how, when and whether AI technologies are gendered and, crucially, who is gendering them.”
Organisations that embed cybersecurity into their business strategy outperform their peers
Organisations that take a business-driven cybersecurity approach to their digital initiatives achieve better outcomes and outperform their peers, according to PwC’s May 2019 Digital Trust Insights Survey.
The global survey of more than 3,000 executives and IT professionals worldwide found that the top 25% of all respondents – market leaders known as “trailblazers” – are not only leading the way on cybersecurity but also delivering more value and better business outcomes.
Among respondents who say growing revenue is the top value sought from digital transformation efforts, nearly nine in 10 trailblazers say they are getting a payoff that meets or exceeds their expectations (compared to 66% of the other respondents).
Trailblazers are also significantly more optimistic about the potential growth in revenue and profit margin for their companies, with 57% percent expecting revenue to grow by 5% or more, and 53% expecting profit margin to grow by 5% or more.
The survey revealed key demographic information about trailblazers. Many are large companies; 38% of respondents from companies worth at least US$1 billion are trailblazers. The financial services (FS) industry and the technology, media, and telecommunications (TMT) sector are particularly well represented in the leader group. Thirty-three percent of FS respondents and 30% of TMT respondents are trailblazers, compared to roughly a quarter of the survey base in other industries.
Geographically, just 21% of EMEA (Europe, the Middle East and Africa) respondents are trailblazers, compared to 30% in the Americas, and 30% in Asia Pacific.
The leading behaviours that set trailblazers apart from their corporate peers include aligning their business and cybersecurity strategies, taking a risk-based approach, and coordinating their teams that manage risk. Key findings from PwC’s Digital Trust Insights survey illustrate the edge that trailblazers maintain in all three areas:
strategy: 65% of trailblazers strongly
agree their cybersecurity team is embedded in the business, conversant in the
organisation’s business strategy and has a cybersecurity strategy that supports
business imperatives (vs. 15% of others)
Connected on a risk-based approach: 89% of trailblazers say their cybersecurity teams are consistently involved in managing the risks inherent in the organisation’s business transformation or digital initiatives (vs. 41% of others)
Coordinated in execution: 77% percent of trailblazers strongly agree their cybersecurity team has sufficient interaction with senior leaders to develop an understanding of the company’s risk appetite around core business practices (vs. 22% of others)
“By focusing on building digital trust, trailblazers are driving more proactive, pre-emptive and responsive actions to embed these strategies into the business, as opposed to their peers who primarily look to minimise the operational impacts of cyber threats in reactive manner,” comments TR Kane, PwC US Strategy, Transformation & Risk Leader.
More than eight in 10 trailblazers say they have anticipated a new cyber risk to digital initiatives and managed it before it affected their partners or customers (compared to six in 10 of others).
“Organisations that take a proactive approach to cybersecurity and embed it into every corporate action will be best placed to deliver the advantages of digital transformation, manage related risks and build trust,” adds Grant Waterfall, EMEA Cybersecurity and Privacy Leader, PwC UK.
“Our research highlights the need for organisations to embed their cybersecurity teams within the business to support strategic goals. It’s not just about protecting assets – it’s about being a strategic partner in the organisation,” adds Paul O’Rourke, Asia Pacific Cybersecurity and Privacy Leader, PwC Australia.
Business in Need of Cyber Rules
For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements for digital space users. Progress in designing a code of cyber conduct is all the more relevant since digitalization is sweeping the planet at breakneck speed, creating new risks along with new opportunities. Businesses that are confronted with new challenges and threats in the digital space are putting forward their own initiatives, thereby pressing governments to speed up the process of adopting an international cyber code.
Why is the business community interested in setting rules in the cyber environment? There are many reasons for this.
Firstly, the quantity and quality of hacker attacks on the private sector increase every year. Hackers target any enterprises — whether they are small enterprises or technological giants. Attacked by the NotPetya virus, the world largest container carrier Maersk sustained $300 million damage and had to shell out nearly $1 billion for restoration. In total, according to Sberbank’s estimates, the damage to the global economy from hacker attacks in 2019 can reach about $2.5 trillion, and by 2022 — as much as $8–10 trillion.
Secondly, many technology-oriented companies, facing a lack of trust on the part of government agencies, experience severe difficulties in promoting their business projects abroad. At present, the UK, Norway, Poland, and other countries are involved in a debate about whether Huawei should be allowed to build fifth-generation mobile communication networks (5G). Huawei is suspected of stealing intellectual property and espionage. The US, Australia, New Zealand have introduced a ban on the use of 5G equipment from Huawei.
Not only Chinese companies face distrust. Google, Apple, Microsoft, Kaspersky Lab, and many others are often accused of illegally spying on people.
Thirdly, IT companies are forced to pay huge sums to protect their customers against hacker attacks and guarantee information security. Microsoft allocates more than $1 billion for this purpose yearly.
In the absence of a political solution to ensure international information security, private companies, which are keen to safeguard themselves and their customers, have chosen to conduct negotiations with each other on information security cooperation and are launching their own initiatives. Thus, coming into existence is a business information security track running parallel to the government.
In February 2017, Microsoft’s President Brad Smith launched the Digital Geneva Convention initiative. The Convention is expected to oblige governments not to take cyber attacks on private sector companies or the critical infrastructure of other states, and not to use hacker attacks to steal intellectual property.
Overall, the document formulates six basic principles of international cybersecurity:
- No targeting of tech companies, private sector, or critical infrastructure.
- Assist private sector efforts to detect, contain, respond to, and recover from events.
- Report vulnerabilities to vendors rather than to stockpile, sell, or exploit them.
- Exercise restraint in developing cyber weapons and ensure that any developed are limited, precise, and not reusable.
- Commit to non-proliferation activities to cyber weapons.
- Limit offensive operation to avoid a mass event.
However, while the Digital Geneva Convention is still on paper, 34 technology companies, including Microsoft, without waiting for decisions at the government level, signed the Cybersecurity Tech Accord in April 2018. Thus, the largest ever group of companies have become committed to protecting customers around the world from cybercriminals.
Cybersecurity Tech Accord members have called for a ban on any agreements on non-disclosure of vulnerabilities between governments and contractors, brokers, or cybersecurity experts; they also call for more funding for vulnerability detection and research.
Besides, signatories of the agreement have come up with a series of recommendations to strengthen confidence-building measures, which are based on the proposals of the UN and OSCE.
Such measures include:
-Develop shared positions and interpretations of key cybersecurity issues and concepts, which will facilitate productive dialogue and enhance mutual understanding of cyberspace and its characteristics.
-Encourage governments to develop and engage in dialogue around cyber warfare doctrines.
-Develop a list of facilities that are off-limits for cyber-attacks, such as nuclear power plants, air traffic control systems, banking sectors, and so forth.
-Establish mechanisms and channels of communication to respond to requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts (organizing, i.e. tabletop exercises).
By now, Cybersecurity Tech Accord has been signed by 90 companies, including Microsoft, Facebook, Cisco, Panasonic, Dell, Hitachi, and others.
Another initiative was presented in 2018 by Siemens, which came up with the Charter of Trust. The Charter, which was signed by 16 companies, including IBM, AIRBUS, NXP, and Total, urges companies to set up strict rules and standards to foster trust in ICT and contribute to further development of digitalization.
Facebook has become part of the process too. In late March 2019, Mark Zuckerberg — the founder and CEO of Facebook — urged governments to become more actively involved in regulating the Internet. In particular, Zuckerberg spoke in favor of introducing new standards related to the Internet and social networks. These standards would come useful to guarantee the protection of personal data, prevent attempts to influence elections or disseminate unwanted information, and would assist in providing a solution to the problem of data portability.
Another initiative worth mentioning is the creation in 2014 of the Industrial Internet Consortium TM, IIC, which was founded on the initiative of AT & T, Cisco, GE, IBM, and Intel. This is a non-profit open-membership group that seeks to remove barriers between different technologies in order to maximize access to big data and promote the integration of physical and digital environment.
Some initiatives are coming from the Russian private sector. In particular, since 2017, Norilsk Nickel has been active on the international scene promoting the Information Security Charter of critical industrial facilities. The Charter’s main provisions include condemnation of the use of ICT for criminal, terrorist, military purposes; supporting efforts to create warning and detection systems, and assist in the aftermath of network attacks; and sharing best practices in information security.
In turn, Sberbank has launched an initiative to hold the world’s largest International Cybersecurity Congress. Last year, such a congress took place with the participation of 681 companies from 51 countries. The second such Congress is scheduled for this June. The Forum serves as an inter-sectoral platform that promotes global dialogue on the most pressing issues of ensuring information security in the context of globalization and digitalization.
Most business initiatives hinge on the fact that they all call for developing confidence-building measures and rules of conduct in the digital space. Besides, the business community welcomes the need to adjust international law to the new realities of the digital economy.
Private sector initiatives can perfectly be streamlined with initiatives put forward by countries within the framework of the UN. After all, by and large, governments pursue the same goals as business in this area. The use of ICT for peaceful purposes, confidence-building measures, the supply of information about vulnerabilities — all this is significant both for business and for most states.
Fortunately, the global discussion under the aegis of the UN on issues related to International Information Security is getting back on track after a pause of about one year. From now on, it will be attended by representatives of the private sector. According to the resolution (A/RES/73/27), the mandate of the future Open-Ended Working Group (OEWG) allows for the possibility of holding inter-session consultative meetings with representatives of businesses, non-governmental organizations and the scientific community to exchange opinions on issues within the group’s mandate. The first inter-sessional meeting with representatives of global business is scheduled for November 2019.
In conclusion, we would like to remark that the issue of information security is dynamic and for this reason, it can be adequately addressed only with the close cooperation of governments and technology companies, since it is the latter that keep pace with the development of technologies and are the drivers of the digital economy. Governments should keep a close eye on the initiatives of non-state actors and put the most useful proposals on the agenda of discussions at international forums. Moreover, once adopted and approved at the government level, these standards and regulations should have a legal force, rather than be recommendatory — this is the only way to guarantee the order in the cyber environment.
First published in our partner RIAC
Hyatt Regency Brand to Enter the Portuguese Market with Hyatt Regency Lisbon
Hyatt Hotels Corporation announced today that a Hyatt affiliate has entered into a franchise and related agreements with Realtejo –...
Pointless Colonial Massacres and Post-Colonial Wars and Killings on the Indian Subcontinent
Two colonial mass killings from the twentieth century are always remembered: The Qissa Khwani Bazaar massacre on April 23, 1930...
Are robots sexist? UN report shows gender bias in talking digital tech
Why do most voice assistants have female names, and why do they have submissive personalities? The answer, says a new...
WWF Launches Activation Hub to Help Prevent 10 Million Metric Tons of Global Plastic Waste
The global plastic pollution crisis is threatening the natural environment on which we depend – impacting oceans, communities, wildlife, and...
Erasmus+: a turning point in the lives of 5 million European students
New evidence shows that Erasmus+ makes students more successful in their personal and professional lives and helps universities to become...
Iran vs. US: Bracing for war?
On May 8, 2018, President Donald Trump withdrew the United States from the Joint Comprehensive Plan of Action (JCPOA), better...
Turkey is the Guarantor of Peace in the Black Sea region
The wider Black Sea region—which brings together the littoral states plus neighbouring countries—is experiencing a rapidly shifting security environment that...
East Asia2 days ago
The origin of the Four Modernizations and President Xi Jinping’s current choices
Science & Technology3 days ago
Organisations that embed cybersecurity into their business strategy outperform their peers
Economy3 days ago
Convergence Of Competitive Markets And Indian Elections
South Asia3 days ago
Indian Nuclear Explosions of May 98 and Befitting Response
East Asia2 days ago
Power Projection of China
Hotels & Resorts3 days ago
Historic, Storyful, New: Iconic Caribe Hilton Is Officially Open
Energy3 days ago
Four Things You Should Know About Battery Storage
Middle East2 days ago
US-Iran Tension: Avert any big disaster to humanity