If you’re creating or investing in new technologies, today’s landscape – with increasingly complex data regulation – can be daunting. What if shared technology standards and cooperation could help make things safer and better? These perspectives from global digital policy and tech leaders are highlights from Kaspersky’s Shaping the Digital Future Summit 2020.
Transparency protects technology users
Tyson Johnson, CEO, CyberNB
“Transparency is fundamental to critical infrastructure like utilities, telecommunications and healthcare working together. We need transparency to build a society that protects the technology user.
“Lack of trust in the supply chain is a barrier to adoption, particularly for Incident Command Systems (ICS) and industrial internet of things (IIoT) systems. A trustworthy supply chain needs unifying, global standards to decide what technology is allowed. We need to look at cyberspace as a global commons needing global standards.”
Tech and policy leaders debate transparency in cybersecurity at Shaping the digital future summit, 2020.
Welcoming the new tech entrepreneurs
Cory Doctorow, journalist and science fiction writer
“Interoperability in tech is understood narrowly, but it can be mystical – it’s embedded in our world. We can wear different socks and shoes by different makers without asking their permission to swap.
Secure Futures tells you where tech is heading.
“Today, we see the erosion of competitive compatibility. New products that plug into existing products without the maker’s permission. Apple reverse-engineered Microsoft’s formats to make the iWork suite in 2005. Since then, they’ve blocked similar attempts from others at interoperable systems with their products.
“With the rise of tech monopolies, technologists’ horizons have shrunk, but India, the US and the EU all show interest in breaking monopolies. Tech entrepreneurs should set their sights high to dethrone big tech and own a piece of a smaller pie.
“Every pirate wants to be an admiral. The state’s role is to make sure the tools that made yesterday’s upstarts successful are available for the next generation of entrepreneurs.
We’re trying to rescue big tech instead of trying to rescue technology itself.
Cory Doctorow, journalist and science fiction writer
“Would we ever have imagined the internet becoming just five dominant websites? If we don’t imagine beyond, we can only try to get them to pull up their (interoperable) socks and behave themselves. We need to learn from former monopolies like AT&T and British Telecom. It’s not that executives aren’t good at accommodating billions of people’s needs – no one can do that.
“We need pluralism in services shaped by people who use them. GBWhatsApp, an East African WhatsApp clone with enhanced privacy, is maintained by local people to meet their needs. That’s better than transparency – it’s transparency plus autonomy.
“An overseeing organization can help with standardization. But the answer isn’t to try and make Zuckerberg (Facebook CEO) be the best overlord of six billion people he can be. It’s to reduce his power.
“Anti-competitive business models treat customers as adversaries, like a medical firm that patents an insulin pump that only works with their own-brand insulin. You can’t override a policy set by the manufacturer. If a hack causes a malicious act, you can’t change it, like this exposed vulnerability in Johnson & Johnson product that could lead to a dangerous overdose.
“It’s like the ‘trolley dilemma’ about who a self-driving car would save or kill in an accident. If we ever have a situation where a car may choose to hurt its owner, you’re in deep security trouble.”
Transparency is no silver bullet
Jon A Fanzun, Special Envoy, Switzerland’s Federal Department of Foreign Affairs
“Transparency isn’t a silver bullet solution. It’s a prerequisite that helps build trust.
“Businesses report lack of uniform demand for cybersecurity products. There’s a greater need in niche areas, but products are chosen on price and ease of use. In our Geneva Dialogue discussing responsible behavior in cyberspace, we hear concerns about complex regulatory frameworks.
Developing cybersecure products is a team sport. You have to play together. Everyone must have a role and responsibility.
Jon A Fanzun, Special Envoy, Switzerland's Federal Department of Foreign Affairs
“We must develop a baseline of cybersecurity requirements that every organization can apply, and build capacity to help them meet regulatory demands. We need incentives to encourage developers to make more secure technologies, but there also needs to be incentives to buy more secure over lower-cost products.”
Securing the cyber age
Eugene Kaspersky, CEO, Kaspersky
“We’re living in a world that’s becoming more connected. From the Stone Age to the plastic age, technology is taking us into the cyber age. Our precious commodity is no longer physical resources – it’s data.
“Researchers at Kaspersky see threats increase in number and sophistication. To protect ourselves, we can make products less attractive to hackers as they’re so secure the cost to attack outweighs the gain. We call this cyber-immunity.
“We’re building a world that depends on cyber to support its critical infrastructure, like healthcare and utilities. These systems are vulnerable in their design and deployed as a ‘black box’ – we don’t know what’s inside. But cybercriminals can open the box and take what they want. We’ll face more cyberthreats if we rely on non-transparent frameworks. Without nations cooperating, it’s hard to investigate cybercrime gangs working across borders.
“Business leaders tell me they want to store their data in-house, so in case of a leak, they have access. They don’t want a ‘black box’ – they want it to be transparent and accessible to their customers.
“Some data should be kept and processed locally, as we’ve done by opening international data centers with our Global Transparency Initiative. These centers let customers review source code, as cybersecurity is critical for business transparency.”
Developing a toolkit for global cooperation
Ghislain de Salins, Policy Analyst, OECD
“The biggest threat of all is ourselves. There’s limited cybersecurity awareness in society, but also little cooperation between stakeholders. Ethical hackers or security researchers can be threatened by big corporates when they reveal technology vulnerabilities. This doesn’t help build a more secure world.
“Cooperation is crucial. We need to shift responsibility to the supply side. A lot of the burden is on consumers to secure their devices, but we now see ‘security by design’ principles emerging that put the emphasis back on suppliers.
“To establish standards, our challenge is an absence of norms. If you sell your product to 13 markets, you need to comply with 13 regulatory frameworks. It dilutes rather than improves security efforts.
“Designing policy is like designing software – it’s iterative. Try something, and if it fails, change tack.
Transparency policy isn’t an end in itself. It’s a means to empower stakeholders to hold each other accountable. It’s not about regulatory frameworks or rigid regulation. At OECD, we prefer to adopt a ‘toolkit’ with different tools that best fit your policy objective, like voluntary standards and self-certification. We see an appetite for governments to do more, which happens when voluntary frameworks don’t go far enough.”
Build cyber-resilience as businesses go digital
Evgeniya Naumova, Vice President of Global Sales Network, Kaspersky
“Cybersecurity isn’t just about protecting hardware or software. It’s about protecting people. Cybersecure systems help protect our workplaces, data and health. Recently, the world was shocked by the first patient death related to a cyberattack. Perhaps it’s no surprise – TV and movies have long played out this threat.
“Business and society rely on IT systems to function. They need to be cyber resilient. A compromised system causes more than cybersecurity damage – it hemorrhages data, money and customer trust.
“You need to strengthen your infrastructure and supply chain, like monitoring your vendor’s data usage. We regularly review our ecosystem and give our partners tools to protect themselves. We choose reliable software and security-assessed third-party applications through our Cyber Capacity Build Program.
“You can earn trust by being more transparent. Kaspersky asked people in 15 countries if transparency is essential. One in two think governments should be transparent about how they process data.
A transparency policy helps, which may contain independent test results and data processing information. Our 2020 survey of businesses found nearly 2 in 5 have no transparency policy. Telecoms and utilities are advancing faster; 68 percent have a policy. But healthcare (57 percent) and government (54 percent) are falling behind. There’s more work to be done.”
Opinions reflect an edited version of those expressed by the speaker at the event.