The pursuit of convenience, or rather the battle between consumer convenience and security has been at the centre of the discussions that determine how secure we are against cyber threat, as organisations, individuals, and societies. Those on the front lines of protecting business and society from cyber threat are well aware, that a balance must be struck between the two, and many, particularly in retail and commercial sectors will admit that convenience will almost always prevail. Convenience is what their customers demand, and customer demand is the key pressure that shapes overall development, not just security. The roll out of 5G networks should be a game changer in this discussion, says CISO 360 speaker Chuan-Wei Hoo, Chief Information Security Officer (CISO) of ST Engineering, as he suggests security leaders should be focusing on shaping that consumer demand, not just protecting it.
“As professionals we often preach CIA (confidentiality, integrity and availability, also known as the CIA triad) to business and IT practitioners but we need to push these ideas much further than this. It needs to become instinctive for all,” he says, emphasising that “in the 5G era everyone must understand and drive demand for the security that will underpin the promise of this fast-paced world. The threats will come too fast and furious, otherwise.”
Security professionals will also have to prepare for the much-anticipated impact of 5G as it provides the opportunity to fundamentally change operating environments at an even faster pace than the current proliferation of IoT, and IIoT (Internet of things; Industrial IoT).
“We are already worried about things like runway lights, fridges, and connected, medical record-laden tablets on hospital trolleys. These will create a perfect storm for threats to overwhelm us when 5G arrives with the speed of new connections, including machine- to-machine, vehicle-to-vehicle connections, and more” he describes. “We need to go right back to the fundamentals of design from product to architectures. We are going to need plug and play, scalable architectures, perhaps a framework that vendors can support and work to so they can be compatible, and more.”
Chuan-Wei will be presenting his overall vision and opening a dialogue covering the layers of development that security practitioners should engender on the road to 5G at CISO 360 Asia Oceania, in Singapore September 25-26.
Significant security developments he would like to see ushered in with 5G, include widespread adoption of the ‘zero-trust’ approach to networks, and data diodes (traditionally used within high-security environments) to negate the need for active firewall management and get away from the over-reliance on heuristics. Given the speed of 5G technology and the development of its impact, his main message is that everyone, not just the professionals, will have to be an active participant in assuring and preserving its security, so that the “convenience agenda” can flourish.
“Today, we are all guilty, even those of us that work in this field, of doing cybersecurity only during office hours and then we go home and forget all the rules, because everything has developed with an emphasis on convenience, particularly for the home environment,” he describes, “ but those who are demanding it, should be equipped with a clear understanding of what they have, how and why they value it, and what they expect from it. Appreciating and anticipating the threats should become second nature to all.”
This aim, one that we all know security professionals have long worked to achieve, has motivated the development of a whole industry in employee awareness, alongside many public awareness programmes, including (ISC)2’s Safe and Secure Online for school children for which Chuan-Wei is an active volunteer. Such programmes are increasingly recognised as valuable within our community, known for being highly motivated to give back to society. And while much progress has been made with them, their existence hasn’t yet settled the nerves of the professionals that are advocating them. For Chuan-Wei, they are part of a long-game that he would like more, even all professionals to engage in.
“We need a consumer revolution: The professionals can make this happen. We have seen cycles where a lack of awareness has allowed things to develop insecurely, and the threats has later motivated people to accept the need for security,” he says, “but people then became complacent or believe that the security has been included. This is why I think we now need to help them appreciate the principles—CIA is not just for the professionals,” he emphasises again, suggesting that it is something that can be taught in schools, become part of the public service message. “Everyone should appreciate it within the context of their data, their homes, their services, etc., so they can assess it for themselves, and be more active.”
Keen to emphasise that he is not an expert in 5G, Chuan-Wei says that he is speaking about the arrival of 5G networks from the perspective of a consumer. He is, of course, no ordinary consumer, and brings the perspective that comes from someone who appreciates the inherent threats that come with the opportunities he is tasked to protect—a perspective that he hopes can, one-day, be considered ordinary. I hope so too.
The conversation is set to continue at the upcoming CISO 360 Asia in Singapore this September, part of the international CISO 360 series of conferences that are developed and hosted by Pulse Conferences. Join us if you can. The more experience, the closer we get to resolution and move the agenda forward as communities.