Cyberattacks are increasing in volume and sophistication, affecting an ever-greater number of people and institutions. Through artificial intelligence (AI), the Internet of Things (IoT) and other new technologies, the threat surface and vulnerability are growing, spinning out in new threat areas facing citizens, consumers, companies and countries. To fight increasing cybercrime, the global community needs to overcome three major challenges: lack of trust, lack of cooperation and a lack of adequate skills.
The first Annual Gathering of the World Economic Forum’s Centre for Cybersecurity ended today with calls to action and the launch of several new initiatives by the more than 140 cybersecurity experts from government, business, academia and law enforcement to address these three challenges.
Klaus Schwab, Founder and Executive Chairman of the World Economic Forum, stressed the need to ensure a cyberspace that serves as a trusted and secure backbone for the Fourth Industrial Revolution if its opportunities are to be realized. “Cybersecurity is an absolute priority for the Forum,” he added.
“Cybercrime has no borders. It affects every company, every industry and every country – therefore, we can’t fight it alone. The World Economic Forum is one of very few international organizations that understands the scale of the growing cyberthreat,” said Herman Gref, Chief Executive Officer and Chairman of the Board of Sberbank. “The Forum’s efforts in connecting leaders from various countries and industries in times of the Fourth Industrial Revolution are absolutely invaluable. As a Founding Partner of the Centre for Cybersecurity, we believe that this initiative represents a huge leap forward in the global fight against cybercrime – by pooling resources with all the stakeholders, we can stop the proliferation of cyberthreats and make the digital world a safer place,” he added.
“What happens to the rule of law when rule of law cannot be enforced,” asked Troels Oerting Jorgensen, Head of the Centre for Cybersecurity. Participants acknowledged the need for information exchange between the private and public sectors and law enforcement. While companies collect extensive data on threats they have neither the power nor the mandate to pursue cyber criminals. The public sector and law enforcement, on the other hand, would benefit from access to that data to more effectively combat cybercrime.
“Fortinet firmly believes in the importance of collaboration and information-sharing to combat cybercrime. Being named a Founding Partner of the new Centre for Cybersecurity is important for global multistakeholder collaboration and yet another step forward for our own mission to secure the largest enterprises, service providers and government organizations in the world,” said Ken Xie, Founder, President and Chief Executive Officer of Fortinet.
Senior law enforcement officers shared information on existing and emerging cyberthreats with the multistakholder meeting. They identified ransomware, social engineering, Darknet markets and – despite the security potential of blockchain – threats related to cryptocurrency as persisting concerns. Physical convergence of IoT, offensive AI, cloud computing, data security and online channel threats will be “growth” areas for cybercrime in 2019.
Business executives that had recently experienced data breaches and cyber incidents shared their experience, highlighting the importance of direct access for CISOs to CEOs of the affected company. Other companies introduced a security metric for all employees indexed to a quantitative score in their performance evaluations.
“To defend against cyber threats, we need to act collectively to make the internet a safer place. The World Economic Forum is bringing together major cybersecurity leaders from all over the world to collaborate on some of the most pressing cyber issues facing our society. As a leading provider of security consulting services globally, Accenture is looking forward to the opportunity to work with other companies to help drive innovations across our connected world,” said Kelly Bissell, Senior Managing Director of Accenture Security.
Experts from the investment community warned that as the cyberattack surface expands, incentivizing and measuring cybersecurity becomes more difficult and important. Investors needed clear parameters and benchmarks to evaluate whether a company and its practices are cybersecure – an increasingly important step of due diligence. Meeting participants agreed to take initial steps towards developing a viable tool for the investment community to incentivize secure and responsible innovation. The results will be presented in New York in spring 2019.
Participants from the public and private sectors discussed the importance of clear and enforceable principles to guide behavior on our shared networks. In light of the many alliances and accords being developed in recent years, most recently the Paris Call for Trust and Security, participants focused on the importance of developing effective operational steps to solve for trust-building and standards challenges.
Chief information security officers (CISO), government and law enforcement officials from 26 countries identified the lack of a sufficiently large and diverse talent pool as a major challenge to improve cybersecurity across sectors. A dedicated working group on diversity and inclusion at the Centre for Cybersecurity highlighted significant discrepancies among the numbers of men and women in the cybersecurity workforce. In North America, for example, women represent a mere 14% of those involved with cybersecurity. In Europe, female inclusion is 7% while in the Middle East, 5%. Attempts to create a more inclusive cyber workforce should not stop at gender but also make the field more welcoming and attractive for professionals of more diverse backgrounds and cultures.
The Centre for Cybersecurity also announced today that Accenture, Fortinet and Sberbank will be the Founding Partners of the Centre. Checkpoint Software, Deloitte and Equifax extend their support to the Centre for Cybersecurity as Partners.
The Centre also signed agreements with Europol, Interpol, the Israel National Cyber Directorate, the Organization of American States, the UK National Cyber Security Centre, the UC Berkeley Center for Long-Term Cybersecurity, as well as with the Global Cyber Alliance.
US Blacklist of Chinese Surveillance Companies Creates Supply Chain Confusion
The United States Department of Commerce’s decision to blacklist 28 Chinese public safety organizations and commercial entities hit at some of China’s most dominant vendors within the security industry. Of the eight commercial entities added to the blacklist, six of them are some of China’s most successful digital forensics, facial recognition, and AI companies. However, the two surveillance manufacturers who made this blacklist could have a significant impact on the global market at large—Dahua and Hikvision.
Putting geopolitics aside, Dahua’s and Hikvision’s positions within the overall global digital surveillance market makes their blacklisting somewhat of a shock, with the immediate effects touching off significant questions among U.S. partners, end users, and supply chain partners.
Frost & Sullivan’s research finds that, currently, Hikvision and Dahua rank second and third in total global sales among the $20.48 billion global surveillance market but are fast-tracking to become the top two vendors among IP surveillance camera manufacturers. Their insurgent rise among IP surveillance camera providers came about due to both companies’ aggressive growth pipelines, significant product libraries of high-quality surveillance cameras and new imaging technologies, and low-cost pricing models that provide customers with higher levels of affordability.
This is also not the first time that these two vendors have found themselves in the crosshairs of the U.S. government. In 2018, the U.S. initiated a ban on the sale and use of Hikvision and Dahua camera equipment within government-owned facilities, including the Department of Defense, military bases, and government-owned buildings. However, the vague language of the ban made it difficult for end users to determine whether they were just banned from new purchases of Dahua or Hikvision cameras or if they needed to completely rip-and-replace existing equipment with another brand. Systems integrators, distributors, and even technology partners themselves remained unsure of how they should handle the ban’s implications, only serving to sow confusion among U.S. customers.
In addition to confusion over how end users in the government space were to proceed regarding their Hikvision and Dahua equipment came the realization that both companies held significant customer share among commercial companies throughout the U.S. market—so where was the ban’s line being drawn for these entities? Were they to comply or not? If so, how? Again, these questions have remained unanswered since 2018.
Hikvision and Dahua each have built a strong presence within the U.S. market, despite the 2018 ban. Both companies are seen as regular participants in industry tradeshows and events, and remain active among industry partners throughout the surveillance ecosystem. Both companies have also attempted to work with the U.S. government to alleviate security concerns and draw clearer guidelines for their sales and distribution partners throughout the country. They even established regional operations centers and headquarters in the country.
While blacklisting does send a clearer message to end users, integrators, and distributors—for sales and usage of these companies’ technologies—remedies for future actions still remain unclear. When it comes to legacy Hikvision and Dahua cameras, the onus appears to be on end users and integrators to decide whether rip-and-replace strategies are the best way to comply with government rulings or to just leave the solutions in place and hope for the best.
As far as broader global impacts of this action, these will remain to be seen. While the 2018 ban did bring about talks of similar bans in other regions, none of these bans ever materialized. Dahua and Hikvision maintained their strong market positioning, even achieving higher-than-average growth rates in the past year. Blacklisting does send a stronger message to global regulators though, so market participants outside the U.S. will just have to adopt a wait-and-see posture to see how, if at all, they may need to prepare their own surveillance equipment supply chains for changes to come.
After Google’s new set of community standards: What next?
After weeks of Google’s community standard guidelines made headlines, the Digital Industry Group Inc. (Australia based NGO) rejected proposals from the regulating body based in the southern hemisphere. The group claimed that regulating “fake news” would make the Australian Competition and Consumer Commission a moral police institution. In late August, Google itself forbade its employees from indulging in the dissemination of inadequate information or one that involved internal debates. From the outset, the picture is a bit confusing. After the events in Australia, Google’s latest act of disciplinary intrusion seems all but galvanizing from certain interests or interest groups.
A year earlier, Google was shaken by claims of protecting top-level executives from sexual crimes; the issue took a serious turn and almost deteriorated company operations. If anything but Google’s development from the horror of 2018 clearly suggests a desperate need from the hierarchy to curb actions that could potentially damage the interests of several stakeholders. There is no comprehensive evidence to suggest that Google had a view on how the regulations were proposed in Australia. After all, until proven otherwise, all whistleblowing social media posts and comments are at one point of time, “fake”. Although the global giant has decided to discontinue all forms of unjustifiable freedom inside its premises; however, it does profit by providing the platform for activism and all forms of censure. The Digital Industry Group wants the freedom to encourage digital creative contents, but Google’s need to publish a community guideline looks more of a defensive shield against uncertainties.
On its statement, the disciplinary clause, significantly mentions about the actions that will be taken against staffs providing information that goes around Google’s internal message boards. In 2017, female employees inside the Google office were subjected to discrimination based on the “gender-ness” of working positions. Kevin Kernekee, an ex-employee, who was fired in 2018, confirmed that staff bullying was at the core of such messaging platforms. Growing incidents inside Google and its recent community stance are but only fuelling assumptions about the ghost that is surrounding the internet giant’s reputation. Consequently, from the consumer’s point of view, an instable organization of such global stature is an alarm.
The dissidents at Google are not to be blamed entirely. As many would argue, the very foundation of the company was based on the values of expression at work. The nature of access stipulated into Google’s interface is another example of what it stands for, at least in the eyes of consumers. Stakeholders would not wish for an internal turmoil; it would be against the enormous amount of trust invested into the workings of the company. If google can backtrack from its core values upon higher forces, consumers cannot expect anything different. Google is not merely a search engine; for almost half of the internet users, it is almost everything.
“Be responsible, Be helpful, Be thoughtful”. These phrases are the opening remarks from the newly engineered community guideline. As it claims in the document, three principles govern the core values at Google. Upon closer inspection, it also sounds as if the values are only based on what it expects from the people working for the company. A global company that can resort to disciplining its staff via written texts can also trim the rights of its far-reaching consumer groups. It might only be the beginning but the tail is on fire.
How to Design Responsible Technology
Biased algorithms and noninclusive data sets are contributing to a growing ‘techlash’ around the world. Today, the World Economic Forum, the international organisation for public-private cooperation has released a new approach to help governments and businesses counter these growing societal risks.
The Responsible Use of Technology report provides a step-by-step framework for companies and governments to pin point where and how they can integrate ethics and human rights-based approaches into innovation. Key questions and actions guide organizations through each phase of a technology’s development process and highlight what can be done and when to help organizations mitigate unethical practices. Notably, the framework can be applied on technology in the ‘final’ use and application phase, empowering users to play an active role in advocating for policies, laws and regulations that address societal risks.
The guide was co-designed by industry leaders from civil society, international organizations and businesses including BSR, the Markkula Centre for Applied Ethics, the United Nation’s Office of the High Commissioner for Human Rights, Microsoft, Uber, Salesforce, IDEO, Deloitte, Omidyar Network and Workday. The team examined national technology strategies, international business programmes and ethical task forces from around the world, combining lessons learned with local expertise to develop a guide that would be inclusive across different cultures.
“Numerous government and large technology companies around the world have announced strategies for managing emerging technologies,” said Pablo Quintanilla, Fellow at the World Economic Forum, and Director in the Office of Innovation, Salesforce. “This project presents an opportunity for companies, national governments, civil society organizations, and consumers to teach and to learn from each other how to better build and deploy ethically-sound technology. Having an inclusive vision requires collaboration across all global stakeholders.”
“We need to apply ethics and human rights-based approaches to every phase in the lifecycle of technology – from design and development by technology companies through to the end use and application by companies across a range of industries,” said Hannah Darnton, Programme Manager, BSR. “Through this paper, we hope to advance the conversation of distributed responsibility and appropriate action across the whole value chain of actors.”
“Here, we can draw from lessons learned from companies’ efforts to implement ‘privacy and security by design,” said Sabrina Ross, Global Head of Marketplace Policy, Uber. “Operationalizing responsible design requires leveraging a shared framework and building it into the right parts of each company’s process, culture and commitments. At Uber, we’ve baked five principles into our product development process so that our marketplace design remains consistent with and accountable to these principles.”
This report is part of the World Economic Forum’s Responsible Development, Deployment and Use of Technology project. It is the first in a series tackling the topic of technology governance. It will help inform the key themes at the Forum’s Global Technology Governance Summit in San Francisco in April 2020. The project team will work across industries to produce a more detailed suite of implementation tools for organizations to help companies promote and train their own ‘ethical champions’. The steering committee now in place will codesign the next steps with the project team, building on the input already received from global stakeholders in Africa, Asia, Europe, North America and South America.
The Centre for the Fourth Industrial Revolution Network brings together more than 100 governments, businesses, start-ups, international organizations, members of civil society and world-renown experts to co-design and pilot innovative approaches to the policy and governance of technology. Teams in Colombia, China, India, Israel, Japan, UAE and US are creating human-centred and agile policies to be piloted by policy-makers and legislators, shaping the future of emerging technology in ways that maximize their benefits and minimize their risks. More than 40 projects are in progress across six areas: artificial intelligence, autonomous mobility, blockchain, data policy, drones and the internet of things.
The Network helped Rwanda write the world’s first agile aviation regulation for drones and is scaling this up throughout Africa and Asia. It also developed actionable governance toolkits for corporate executives on blockchain and artificial intelligence, co-designed the first-ever Industrial IoT (IIoT) Safety and Security Protocol and created a personal data policy framework with the UAE.
J.P. Morgan to Support New World Bank Fund for Skills Development of India’s Workforce
Balochistan `insurgency ‘and its impact on CPEC
An Open Letter to Duke and Duchess of Cambridge
The CIIE: A gorgeous chorus of integrated world economy
Balkans splitting EU apart
Five Reasons Why Countries in the Arabian Gulf are Turning to Renewables
Libya: €2 million in humanitarian assistance to cover basic needs
Economy3 days ago
Modi’s India a flawed partner for post-Brexit Britain
Terrorism2 days ago
Indian Mujahideen, IS and Hizbul Tahrir: Breeding ground for terrorism in South Asia
Americas3 days ago
AMLO’s Failed State
South Asia2 days ago
Will CPEC be a Factual Game Changer?
Environment3 days ago
African financial centres step up efforts on green and sustainable finance
Southeast Asia2 days ago
Indonesia’s new electric car may disrupt its relations with Japan
Newsdesk3 days ago
New Target: Cut “Learning Poverty” by At Least Half by 2030
Africa1 day ago
The Sochi Summit and the Pride of Africa