Cyber risk is an increasing concern in our complex, connected world. What can we do about it? ITU News caught up with Philip Reitinger, President and CEO of the Global Cyber Alliance, about how to establish a safe, secure and reliable cyber defense.
Why is cybersecurity a growing concern for regulators, private companies and individuals?
Risk is soaring. We are making more and more devices “smart,” connecting them to the Internet and depending on them not just for e-mail and writing documents but for keeping our homes warm or cool and our vehicles operational.
‘We must move from the Internet of Things to the Secure Internet of Secure Things.’ – Philip Reitinger, President and CEO of the Global Cyber Alliance
Because the complexity of the ecosystem, the connectivity of devices and the criticality of devices and services all increase risk, everyone needs to be concerned about cybersecurity and take effective action.
What are the main cyber risks of emerging technologies including Artificial Intelligence (AI) and the Internet of Things (IoT)?
Cybersecurity risks cut across nations and sectors and affect everyone. The great concern with IoT is scale – that is, we have not adequately addressed cybersecurity in the current environment and cannot adequately secure the services on which we depend, nor our devices, right now.
Our defenses do not operate at the scale of the Internet. And the Internet of Things will increase the number of connected devices and software agents by orders of magnitude, which will make the problem worse.
RELATED: Cyprus’ proactive approach to cybersecurity: George Michaelides
Artificial Intelligence presents an interesting problem. AI can be used by attackers to make their efforts more effective. But AI is also the only way to address the problem presented by the scale of IoT.
Only if we use the size, data observation and computing power of the network to defend itself can we address cybersecurity in the future environment. To build automated collective defense, we need AI.
What is your advice for addressing these risks?
We must move from the Internet of Things to the ‘Secure Internet of Secure Things’.
First, we must build (more) Secure Things – devices, software and services with few vulnerabilities, that are securely configured and automatically updated. Of critical importance, cloud services must come with security embedded and not as an up-sell.
‘If we build Internet Immunity so that the network uses its innate capabilities to defend itself, the game will be different and much better for the defender.’
Second, we need the Secure Internet – automated collective defense must be built into the network, so that the Internet ecosystem can react as the the body does, recognizing infections and fighting them off. We must build Internet Immunity.
How should issues of scale be addressed?
By taking action to make “things” more secure and build out a network that defends itself. This is what we do in the Global Cyber Alliance.
The Quad9-managed DNS service that GCA built with Packet Clearing House and IBM is a great example. It tackles cybersecurity at scale, by embedding security into a core infrastructure service that can protect anyone connecting to the Internet. It is automatically updated with the latest threat intelligence. And it is free for anyone around the world.
Moving forward in cybersecurity, how can the defender have an advantage over the attacker?
The size of the network presents greater risk – there are more places and ways to attack. But defenders can turn the table by using the size of the network as an advantage.
RELATED: Experts call for global data sharing to defend against AI-driven cyberattacks
As devices are made smart, there are more places to gather data about attacks and compromises, more computing power to make decisions about what to do and more places to enforce means to mitigate attacks.
If we build Internet Immunity so that the network uses its innate capabilities to defend itself, the game will be different and much better for the defender.
Views expressed in this article do not necessarily reflect those of ITU.