Editor's Desk
“I’m going to be brutally honest. We are in the fight of our digital lives and we are not winning… we are facing 21st century threats, with 20th century technology and with a 19th century bureaucracy.”
- Michael McCaul, House Homeland Security Committee
Chair, 14 February, RSA Conference 2017
I
t’s been a busy first quarter to 2017. We’ve attended the RSA Conference, CiscoLive! and we now head to the ACSC Conference and more. The cybersecurity industry is buzzing. But is this a good thing? Be it record spikes in ransomware, DDoS attacks and manipulation of information systems to influence elections or commit fraud on a massive scale, the Internet is clearly an unsafe place. Add to this the use for terrorist financing, recruitment and radicalisation. The RSA Conference hardly put me at ease in terms of the cybersecurity challenges ahead of us. ‘Nuclear’ and ‘Atomic’ were two ear-pricking words used in the opening keynote sessions. Read Part 1 of my RSA review to find their context. Yet regardless of the context, these terms already have a place in the threat landscape and need to be acknowledged by Governments throughout the world and at all levels – that includes State and Local, not just Federal. CiscoLive! in Melbourne was inspirational yet again, as this vendor links their distributed network architecture (DNA) and partner community solutions with a look out to the future in the next 3 – 5 years. Indeed, this year they went out to 10 – 15 years, predicting 500 billion devices will be connected to the Internet in this time. Kevin Bloch, Chief Technology Officer for Cisco outlined how, as a company spending
8 | Asia Pacific Security Magazine
$6 billion a year on research and development, as well as making many acquisitions, they need to understand what the micro transitions are and then look from the outside in, as well as to customers, partners and the media. Such as why is Cisco making investments in some areas and not others? It’s not just about the technology, it’s also about the timing. The world is moving from a ‘world of data’ to a ‘data driven world’ – there is a clear divergence occurring from the ‘old world’ to a new world of digital platforms, data intensive +AI (artificial intelligence), global scales and innovation investment in what is a boundary-less market. Indeed, according to Cognizant’s Frank, Roehrig and Pring, “we are now entering the ‘digital build-out’ phase of the fourth industrial revolution.” We need to accept this is the case – the digital transformation has begun and will continue to occur at a rapid pace. The scale in compute processing, network bandwidth and applications we see today will be dwarfed with the use of quantum computing platforms, artificial intelligence and smart infrastructure becoming the norm within 10-20 years. The societal benefits on offer should be immeasurable and the opportunities astounding. However, as a security practitioner, I see risk, uncertainty and threats that need to be recognised and managed. Ignorance is
no excuse and should not be tolerated, especially within government. A large proportion, if not all, of the 20th century security threat challenges, physical and cyber, have not been solved and we continue to stubbornly abide by our 19th century bureaucracies. The thought of radical reform to our institutions and legal frameworks is often met with mistrust and dogged oppression. But there is a way, and thanks to Kevin Bloch at Cisco for highlighting the two possible concepts of managing the consequences of digital transformation. These being ‘constructive disruption’, such as the likes of Uber who charged through taxi industry regulations around the world, breached the laws, paid the fines and went to court in battle. Ultimately, they have achieved industry deregulation. The second approach is ‘sandboxing innovation’ where technologies, industries and locations can be trialled with moratoriums of legislation, regulation or deregulation trials in locations and for industry to be freed up to try out new ideas. The second approach is most preferred but not widely enough adopted – as yet. In Australia, speculation of the formation of a Homeland Security Department has been quashed by the Prime Minister. However, with national policing issues abounding (too many to