A day late on Issue 2, but I’ll conveniently blame travel. I’ve just gotten home from four days as a guest of the Atlantic Council at their Energy & Economic Summit
, held in Istanbul (big thanks to AC for the invite). The purpose of going was not only to listen to some fascinating discussions on macroeconomics, geopolitics and energy, but to participate as a panel as well, talking about managing risk, the future of technology, cybersecurity, and the future of systems like the IoT. With co-panelists Steve Watson from Zurich Insurance, Dr. Itamara Lochard, and moderator Barry Pavel from the Council, our 90-minute discussion ranged from unexpected vectors of future vulnerability to the need to update sometimes pre-modern legal frameworks to frankly post-modern ones. The jumping off point was a recent set of cyber risk scenarios
by the Council, and we closed by discussing which technologies might bring the biggest benefits and threats in coming years. Video should be available soon.
All of this was of course taking place against the backdrop of the horrible Paris attacks and subsequent arguments over the risks and benefits of encryption in a free society, and now discussions of exposures of critical infrastructure. As the IoT, for example, moves more deeply into personal and enterprise applications, it brings with it thousands of potential new weak points, enabled by everything from poor or non-existent security considerations, use cases such as medical applications that are notoriously seamful (a polite way of saying “terribly gappy”), and the generation of petabytes of often sensitive data not well protected. And the distance between critical infrastructure and a seemingly harmless consumer or business app or connected widget closes steadily.
Trying to enforce current IT policies or insert a global security standard won’t solve the problem either. As Pavel put it in our panel, the “threat surface” is expanding exponentially due to the rapid introduction of new technologies that outstrip our ability to risk assess and plan prudently. I would add that the same forces that unlock acceptable, beneficial innovation also produce a mirror world of negative innovation. “Agile” isn’t just available to Silicon Valley, but to Raqqa as well. One doesn’t exist without the other today.
There’s more to be said here (and I will write it up), but in the interest of getting this issue out on time, I’ll just share some links that I referenced in my research for the panel, or that are otherwise timely.