More than a decade ago, I joined an emerging social medium called LinkedIn. I was serving as the Director of the newly created Office of Legislative Affairs at the Science & Technology Directorate for the Department of Homeland Security (DHS). This is where I first came to recognize the value of LinkedIn as a networking tool.
I was responsible for outreach to The Hill, to industry, and to the academic scientific community. I remember searching LinkedIn as a means for finding biographical data for the people I needed to meet, such as the schools they attended, where they worked, and who we knew in common. The information that I culled proved invaluable for cultivating relationships with Congressional staffers whose support for policy and budgets were critical to the success of the DHS S & T Directorate mission.
I recall how being on LinkedIn in the early days of DHS made my job easier, especially with the many challenges I faced that were associated with [starting] a new government agency. The social medium was particularly useful to me for following public policy related issues, because most Hill staffers, government employees, and lobbyists post the latest and greatest happenings.
Now that years have passed, my LinkedIn network has grown exponentially into many thousands of first level connections and has further blossomed into an important vehicle for business and personal outreach. I now own or manage 16 LinkedIn groups, including several devoted to my passions for homeland security, cybersecurity, and emerging technologies.
LinkedIn has become part of the fabric of how I (and a majority of my peers) communicate, operate, and conduct business. For me, the LinkedIn platform and its groups serve as interactive, informative forums. Many of these members are security professionals who have important roles in government or industry, including CISOS, CIOs, CTOs, or members of the C-Suite who possess deep subject matter knowledge.
For instance, during the recent “WannaCry” Ransomware attack that rapidly spread across the globe, I was asked to provide a quick brief on the developments for a couple of organizations and for a media story. From perusing the timely posts and discussions in several of my homeland security and Information security LinkedIn groups, I was able to pull up the latest stats on breached targets, the likely origination of the cyber-attack, and patching remedies to quell the spread of the ransomware.
In my world of working with federal government agencies and private sector companies, LinkedIn has become a great resource. I have found that the security-oriented LinkedIn groups facilitate open discussions that involve current and ex-NSA/DoD/DHS (and law enforcement) professionals who use the platforms regularly. By following and interacting with pertinent posts, I can gain the latest news on topics such as cybersecurity technologies, threats, policies, and trends from a variety of expert sources with exceptional insights.
LinkedIn has also proved invaluable for marketing. As a government relations and marketing executive, I work with and I am on the boards of several security related companies and organizations, and often I help brand a product or service. For marketing, messaging on LinkedIn is immediate, perpetual, and cost-effective.
I have often used the site to InMail prospective clients. Because of my visibility on the platform, I have also been regularly approached to assist companies with homeland security and cybersecurity ventures. As a result of one of these LinkedIn communications, I was able to help a large private German company by introducing some of their unique technical products that were of strong interest to U.S. transportation security efforts.
For thought leadership on homeland security and cybersecurity issues, LinkedIn is a real force for digital influence. It is an effective platform for educating, evangelizing, and promoting discussion of the cutting risk management issues. My posts, shares of my published writings, and original content on LinkedIn often receive several thousand of views. As a result of the exposure, I have been invited to address conferences and events to speak on topics of cybersecurity, physical security, the Internet of Things, and other emerging technologies.
Because of the mix of specialized requirements, partnering with other companies and experts in the security world is often the rule rather than the exception. LinkedIn is an especially useful resource for finding teaming members and potential partners to pursue opportunities. Many small businesses have established profiles on the site where they market their niche capabilities. By being active on LinkedIn, companies can often find partners and clients and reach out to them in areas that may be mutually beneficial. As both industry and government encourage diverse and multiple partners to work together on programs, the importance of having a strong stable of networked partners is becoming a premium.
We are still only in the early era of social media. It will continue to grow and be further fused into all aspects of our lives. Social media’s main purpose is networking and finding those share missions and interests. LinkedIn is a vehicle that already provides the ability to reconnect and touch with people who have been a part of our social lives in the past. It also has great utility in the corporate world and in government for cultivating networks and reaching out to those we can do business. For security professionals, the medium has been hyper-active for those purposes and being on LinkedIn has become an imperative.
Are robots sexist? UN report shows gender bias in talking digital tech
Why do most voice assistants have female names, and why do they have submissive personalities? The answer, says a new report released on Friday by UNESCO, the UN’s Education, Science and Culture agency, is that there are hardly any women working in the technical teams that develop these services and other cutting-edge digital tools.
The publication, produced in collaboration with the Germany Government and the EQUALS Skills Coalition – an alliance of public and private sector partners which encourages the involvement of women and girls in scientific and digital technology sectors – is called “I’d Blush If I Could.”
The title is a reference to the standard answer given by the default female-voice of Apple’s digital assistant, Siri, in response to insults from users. Apart from Siri, other “female” voice assistants also express submissive traits, an expression of the gender bias built in to Artificial Intelligence (AI) products as a result of what UNESCO calls the “stark gender-imbalances in skills, education and the technology sector.”
Several recommendations are made in the study, including advice to stop making digital assistants female by default; programming them to discourage gender-based insults and abusive language; and developing the advanced technical skills of women and girls so they can steer the creation of new technologies alongside men.
Given the explosive growth of voice assistants, says the report, there is an urgent necessity to help more women and girls cultivate strong digital skills.
Bridging the digital gender gap is an issue for all countries
Today, women are extremely under-represented in teams developing AI tools: women make up only 12 percent of AI researchers, six percent of software developers, and are 13 times less likely to file ICT (information and communication technology) patents.
“Obedient and obliging machines that pretend to be women are entering our homes, cars and offices,” says Saniye Gülser Corat, Director of Gender Equality at UNESCO. “Their hardwired subservience influences how people speak to female voices and models how women respond to requests and express themselves. To change course, we need to pay much closer attention to how, when and whether AI technologies are gendered and, crucially, who is gendering them.”
Organisations that embed cybersecurity into their business strategy outperform their peers
Organisations that take a business-driven cybersecurity approach to their digital initiatives achieve better outcomes and outperform their peers, according to PwC’s May 2019 Digital Trust Insights Survey.
The global survey of more than 3,000 executives and IT professionals worldwide found that the top 25% of all respondents – market leaders known as “trailblazers” – are not only leading the way on cybersecurity but also delivering more value and better business outcomes.
Among respondents who say growing revenue is the top value sought from digital transformation efforts, nearly nine in 10 trailblazers say they are getting a payoff that meets or exceeds their expectations (compared to 66% of the other respondents).
Trailblazers are also significantly more optimistic about the potential growth in revenue and profit margin for their companies, with 57% percent expecting revenue to grow by 5% or more, and 53% expecting profit margin to grow by 5% or more.
The survey revealed key demographic information about trailblazers. Many are large companies; 38% of respondents from companies worth at least US$1 billion are trailblazers. The financial services (FS) industry and the technology, media, and telecommunications (TMT) sector are particularly well represented in the leader group. Thirty-three percent of FS respondents and 30% of TMT respondents are trailblazers, compared to roughly a quarter of the survey base in other industries.
Geographically, just 21% of EMEA (Europe, the Middle East and Africa) respondents are trailblazers, compared to 30% in the Americas, and 30% in Asia Pacific.
The leading behaviours that set trailblazers apart from their corporate peers include aligning their business and cybersecurity strategies, taking a risk-based approach, and coordinating their teams that manage risk. Key findings from PwC’s Digital Trust Insights survey illustrate the edge that trailblazers maintain in all three areas:
strategy: 65% of trailblazers strongly
agree their cybersecurity team is embedded in the business, conversant in the
organisation’s business strategy and has a cybersecurity strategy that supports
business imperatives (vs. 15% of others)
Connected on a risk-based approach: 89% of trailblazers say their cybersecurity teams are consistently involved in managing the risks inherent in the organisation’s business transformation or digital initiatives (vs. 41% of others)
Coordinated in execution: 77% percent of trailblazers strongly agree their cybersecurity team has sufficient interaction with senior leaders to develop an understanding of the company’s risk appetite around core business practices (vs. 22% of others)
“By focusing on building digital trust, trailblazers are driving more proactive, pre-emptive and responsive actions to embed these strategies into the business, as opposed to their peers who primarily look to minimise the operational impacts of cyber threats in reactive manner,” comments TR Kane, PwC US Strategy, Transformation & Risk Leader.
More than eight in 10 trailblazers say they have anticipated a new cyber risk to digital initiatives and managed it before it affected their partners or customers (compared to six in 10 of others).
“Organisations that take a proactive approach to cybersecurity and embed it into every corporate action will be best placed to deliver the advantages of digital transformation, manage related risks and build trust,” adds Grant Waterfall, EMEA Cybersecurity and Privacy Leader, PwC UK.
“Our research highlights the need for organisations to embed their cybersecurity teams within the business to support strategic goals. It’s not just about protecting assets – it’s about being a strategic partner in the organisation,” adds Paul O’Rourke, Asia Pacific Cybersecurity and Privacy Leader, PwC Australia.
Business in Need of Cyber Rules
For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements for digital space users. Progress in designing a code of cyber conduct is all the more relevant since digitalization is sweeping the planet at breakneck speed, creating new risks along with new opportunities. Businesses that are confronted with new challenges and threats in the digital space are putting forward their own initiatives, thereby pressing governments to speed up the process of adopting an international cyber code.
Why is the business community interested in setting rules in the cyber environment? There are many reasons for this.
Firstly, the quantity and quality of hacker attacks on the private sector increase every year. Hackers target any enterprises — whether they are small enterprises or technological giants. Attacked by the NotPetya virus, the world largest container carrier Maersk sustained $300 million damage and had to shell out nearly $1 billion for restoration. In total, according to Sberbank’s estimates, the damage to the global economy from hacker attacks in 2019 can reach about $2.5 trillion, and by 2022 — as much as $8–10 trillion.
Secondly, many technology-oriented companies, facing a lack of trust on the part of government agencies, experience severe difficulties in promoting their business projects abroad. At present, the UK, Norway, Poland, and other countries are involved in a debate about whether Huawei should be allowed to build fifth-generation mobile communication networks (5G). Huawei is suspected of stealing intellectual property and espionage. The US, Australia, New Zealand have introduced a ban on the use of 5G equipment from Huawei.
Not only Chinese companies face distrust. Google, Apple, Microsoft, Kaspersky Lab, and many others are often accused of illegally spying on people.
Thirdly, IT companies are forced to pay huge sums to protect their customers against hacker attacks and guarantee information security. Microsoft allocates more than $1 billion for this purpose yearly.
In the absence of a political solution to ensure international information security, private companies, which are keen to safeguard themselves and their customers, have chosen to conduct negotiations with each other on information security cooperation and are launching their own initiatives. Thus, coming into existence is a business information security track running parallel to the government.
In February 2017, Microsoft’s President Brad Smith launched the Digital Geneva Convention initiative. The Convention is expected to oblige governments not to take cyber attacks on private sector companies or the critical infrastructure of other states, and not to use hacker attacks to steal intellectual property.
Overall, the document formulates six basic principles of international cybersecurity:
- No targeting of tech companies, private sector, or critical infrastructure.
- Assist private sector efforts to detect, contain, respond to, and recover from events.
- Report vulnerabilities to vendors rather than to stockpile, sell, or exploit them.
- Exercise restraint in developing cyber weapons and ensure that any developed are limited, precise, and not reusable.
- Commit to non-proliferation activities to cyber weapons.
- Limit offensive operation to avoid a mass event.
However, while the Digital Geneva Convention is still on paper, 34 technology companies, including Microsoft, without waiting for decisions at the government level, signed the Cybersecurity Tech Accord in April 2018. Thus, the largest ever group of companies have become committed to protecting customers around the world from cybercriminals.
Cybersecurity Tech Accord members have called for a ban on any agreements on non-disclosure of vulnerabilities between governments and contractors, brokers, or cybersecurity experts; they also call for more funding for vulnerability detection and research.
Besides, signatories of the agreement have come up with a series of recommendations to strengthen confidence-building measures, which are based on the proposals of the UN and OSCE.
Such measures include:
-Develop shared positions and interpretations of key cybersecurity issues and concepts, which will facilitate productive dialogue and enhance mutual understanding of cyberspace and its characteristics.
-Encourage governments to develop and engage in dialogue around cyber warfare doctrines.
-Develop a list of facilities that are off-limits for cyber-attacks, such as nuclear power plants, air traffic control systems, banking sectors, and so forth.
-Establish mechanisms and channels of communication to respond to requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts (organizing, i.e. tabletop exercises).
By now, Cybersecurity Tech Accord has been signed by 90 companies, including Microsoft, Facebook, Cisco, Panasonic, Dell, Hitachi, and others.
Another initiative was presented in 2018 by Siemens, which came up with the Charter of Trust. The Charter, which was signed by 16 companies, including IBM, AIRBUS, NXP, and Total, urges companies to set up strict rules and standards to foster trust in ICT and contribute to further development of digitalization.
Facebook has become part of the process too. In late March 2019, Mark Zuckerberg — the founder and CEO of Facebook — urged governments to become more actively involved in regulating the Internet. In particular, Zuckerberg spoke in favor of introducing new standards related to the Internet and social networks. These standards would come useful to guarantee the protection of personal data, prevent attempts to influence elections or disseminate unwanted information, and would assist in providing a solution to the problem of data portability.
Another initiative worth mentioning is the creation in 2014 of the Industrial Internet Consortium TM, IIC, which was founded on the initiative of AT & T, Cisco, GE, IBM, and Intel. This is a non-profit open-membership group that seeks to remove barriers between different technologies in order to maximize access to big data and promote the integration of physical and digital environment.
Some initiatives are coming from the Russian private sector. In particular, since 2017, Norilsk Nickel has been active on the international scene promoting the Information Security Charter of critical industrial facilities. The Charter’s main provisions include condemnation of the use of ICT for criminal, terrorist, military purposes; supporting efforts to create warning and detection systems, and assist in the aftermath of network attacks; and sharing best practices in information security.
In turn, Sberbank has launched an initiative to hold the world’s largest International Cybersecurity Congress. Last year, such a congress took place with the participation of 681 companies from 51 countries. The second such Congress is scheduled for this June. The Forum serves as an inter-sectoral platform that promotes global dialogue on the most pressing issues of ensuring information security in the context of globalization and digitalization.
Most business initiatives hinge on the fact that they all call for developing confidence-building measures and rules of conduct in the digital space. Besides, the business community welcomes the need to adjust international law to the new realities of the digital economy.
Private sector initiatives can perfectly be streamlined with initiatives put forward by countries within the framework of the UN. After all, by and large, governments pursue the same goals as business in this area. The use of ICT for peaceful purposes, confidence-building measures, the supply of information about vulnerabilities — all this is significant both for business and for most states.
Fortunately, the global discussion under the aegis of the UN on issues related to International Information Security is getting back on track after a pause of about one year. From now on, it will be attended by representatives of the private sector. According to the resolution (A/RES/73/27), the mandate of the future Open-Ended Working Group (OEWG) allows for the possibility of holding inter-session consultative meetings with representatives of businesses, non-governmental organizations and the scientific community to exchange opinions on issues within the group’s mandate. The first inter-sessional meeting with representatives of global business is scheduled for November 2019.
In conclusion, we would like to remark that the issue of information security is dynamic and for this reason, it can be adequately addressed only with the close cooperation of governments and technology companies, since it is the latter that keep pace with the development of technologies and are the drivers of the digital economy. Governments should keep a close eye on the initiatives of non-state actors and put the most useful proposals on the agenda of discussions at international forums. Moreover, once adopted and approved at the government level, these standards and regulations should have a legal force, rather than be recommendatory — this is the only way to guarantee the order in the cyber environment.
First published in our partner RIAC
Hyatt Regency Brand to Enter the Portuguese Market with Hyatt Regency Lisbon
Hyatt Hotels Corporation announced today that a Hyatt affiliate has entered into a franchise and related agreements with Realtejo –...
Pointless Colonial Massacres and Post-Colonial Wars and Killings on the Indian Subcontinent
Two colonial mass killings from the twentieth century are always remembered: The Qissa Khwani Bazaar massacre on April 23, 1930...
Are robots sexist? UN report shows gender bias in talking digital tech
Why do most voice assistants have female names, and why do they have submissive personalities? The answer, says a new...
WWF Launches Activation Hub to Help Prevent 10 Million Metric Tons of Global Plastic Waste
The global plastic pollution crisis is threatening the natural environment on which we depend – impacting oceans, communities, wildlife, and...
Erasmus+: a turning point in the lives of 5 million European students
New evidence shows that Erasmus+ makes students more successful in their personal and professional lives and helps universities to become...
Iran vs. US: Bracing for war?
On May 8, 2018, President Donald Trump withdrew the United States from the Joint Comprehensive Plan of Action (JCPOA), better...
Turkey is the Guarantor of Peace in the Black Sea region
The wider Black Sea region—which brings together the littoral states plus neighbouring countries—is experiencing a rapidly shifting security environment that...
Science & Technology3 days ago
Organisations that embed cybersecurity into their business strategy outperform their peers
East Asia2 days ago
The origin of the Four Modernizations and President Xi Jinping’s current choices
Economy3 days ago
Convergence Of Competitive Markets And Indian Elections
South Asia3 days ago
Indian Nuclear Explosions of May 98 and Befitting Response
East Asia2 days ago
Power Projection of China
Hotels & Resorts3 days ago
Historic, Storyful, New: Iconic Caribe Hilton Is Officially Open
Energy3 days ago
Four Things You Should Know About Battery Storage
Middle East2 days ago
US-Iran Tension: Avert any big disaster to humanity