The World is turning into a Hacker Republic.
Even the most secure IT systems used by top executives, presidential candidates for lawful communications and financial transactions, and critical infrastructure, are hackable by mid-level attackers. This is due to hyper-complexity and to the fact powerful nations are unable to keep for themselves the vulnerabilities and backdoors they insert and stockpile.
Are meaningful personal security and effective law enforcement in cyberspace an “either-or” choice? Are they not instead a “both-or-neither” open challenge?
Can new cybersecurity standards, certifications and compliant technologies, that are radically trustless and uncompromising, deliver both of them and, therefore, provide unique security and economic competitive advantages to a group of pioneering nations, regions, enterprises and banks?
After 4 editions, twice in Brussels, and once in New York and Brazil, Free and Safe in Cyberspace is coming for the first time to beautiful Rome.
Director of the Federal Office for Equipment, Information Technology and Use (BAAINBw) of the German Federal Armed Forces. Formerly Head of Information Superiority of European Defence Agency. (2014-2016), and Assistant Director Research & Technology (2010-2013). (Linkedin)
Anthony J. Ferrante
Managing Director & Head of Cybersecurity at FTI Consulting. Formerly served from 2014-2016 as Director of Cyber Incident Response & Cybersecurity Policy at the US National Security Council of President Barack Obama. Formerly Chief of Staff of the Cyber Division of the FBI, the US Federal Bureau of Investigation. He played a key role in the Whitehouse mitigation of Russian attacks during the 2016 US Presidential elections. (LinkedIn)
Chief Information Officer for Austria (2001-). Since 2005 Head of the Digital Austria platform. Scientific Director of the A-SIT Austrian Secure Information Technology Center (1999-), which sets state secret cybersecurity standards (member of SOGIS). From 2007 to 2011 he was Chairman of the Board of ENISA (European Network and Information Security Agency).(online CV)
Formerly Head of Strategy & Internet Projects at Transparency International Russia. NGO Liason at Trustless Computing Association. Director of Business Development – Mission-critical NGOs at TRUSTLESS.AI. .(Linkedin)
Ceo of TRUSTLESS.AI and Exec. Dir. of Trustless Computing Association, General Director at Open Media Park and Trustless Computing Cluster and Campus, a planned tech park and public-private initiative in the Lazio Region focusing on leading-edge cybersecurity of communications and artificial intelligence. (Linkedin)
President of the Free Hardware Foundation. Write of books on IT on employment. Former member of the Board of LAIT, the in-house IT agency of the Lazio Region. Former Head of Communications of the Rifondazione political party. Former President of Liberazione newspaper. newspaper.(LinkedIn)
CYBERSECURITY: Threats and opportunities
Nearly all IT systems today, even those for the most sensitive uses, are hackable by even mid-level attackers, due to hyper-complexity of even high assurance systems, and that powerful nations have stockpiled vulnerabilities and backdoors that they were unable to keep for themselves.
The World is turning into a Hacker Republic, where the most economic and political power accrues to those actors that have hacking and informational superiority in IT and AI, even more than to those formally owning mainstream IT systems and services.
The cybersecurity market has grown 30 times in the last 10 years to $120 billion, yet the cost of cybercrime will accrue to $8 trillion by 2022.
While Enterprises are spending more and more for the security of their critical IT systems, awareness is fast emerging – via scandals like Spectre and Meltdown and CIA Vault 7 – about how their most critical systems are scalably vulnerable to even non-state mid-level attackers that too easily get access to state-grade hacking techniques and tools. While most internal hacks have remained undisclosed, the new GDPR regulation will mandate from May 28th their disclosure within 72 hours, posing a great reputational and stock quotation damage.
Meanwhile Financial institutions are ever more victim of fraud and privacy abuse of their customers, with mounting cash and reputational costs. Their historical role, as provisioners of core trustworthy financial services, is being gravely threatened by cryptocurrencies and blockchains – perceived as potentially safer and cheaper long-term stores of value – and by small and large competitors, unleashed by the EU Directive PSD2, who will be able to offer e-services “over the top” while claiming as much or higher trustworthiness than banks.
Hacking of electoral and primary democratic processes, critical autonomous systems, and social media are fast becoming the military weapons of choice of nations willing to subvert, subjugate and destabilize other nations. Military systems are no less vulnerable, but less is publicly known since the most serious hacks become state secret when they happen.
Meanwhile, security agencies wildly overstate the security of secure apps and devices to push less expert criminals to use them. Not to mention that our democracies appear increasingly held for ransom by the best hackers.
How did we get here and what can we do about it? For starter, the speed of IT for everyday computing requires complexity that is hopelessly incompatible with ultra-high assurance* IT security and privacy. There is nothing we can do about it, democracies will need to adapt their rules around it, but we are ready to accept that for 99% of our computing. But then again, there is a 1% of sensitive critical functions where citizens, enterprises, and governments have a huge need and demand for IT and AI with ultra-high levels of assurance, even if it requires a great sacrifice in speed, features, and cost.
But then why are these not available even for nearly all the richest and most powerful? Because powerful nations understandably felt the need that every IT system and all times is promptly hackable – in an era of rampant terrorism, unbreakable encryption, and lack of remote lawful access mechanisms. They resorted stockpiling discovered vulnerabilities instead of fixing them, promoting inadequate and flawed standards, and outright inserting backdoors all the way down to CPU and chip fabrication.
Can ultra-high assurance IT be transparently reconciled with lawful access, so that it can be made available to our institutions, enterprises, and citizens without creating a public safety risk? Can we be both Free and Safe in Cyberspace? or do we have to choose? Can we even choose, really, or is it a “both or neither” challenge?
Can a few nations, regions and stakeholders lead by leveraging open innovation and open components to build an entire new ultra-secure computing ecosystem and standard – parallel and not alternative to everyday IT devices – whereby transparency, oversight, accountability, and extreme levels of security-review in relation to complexity, become the secret sauce to ensure both the individual freedom, lawful access and public safety?
- CHALLENGE A: How can we achieve ultra-high assurance* IT security of communications?
What standards, standard setting and certifications processes can enable users to reliably assess their actual trustworthiness? What scale of investments are needed? How likely is it that they would sustainably be legally allowed?
- Moderator: Rufo Guerreschi
- Panelists: Anthony Ferrante, Michael Sieber, Reinhard Posch, Rufo Guerreschi, TBD
- CHALLENGE B: How can we achieve ultra-high assurance* IT security that complies with legitimate and constitutional lawful access requests, without adding any additional risk to users’ privacy?
- Moderator: Rufo Guerreschi
- Panelists: Anthony Ferrante, Michael Sieber, Reinhard Posch, Alex Elkin, TBD
- ENTERPRISES & BANKS PANEL: The Future of Cybersecurity and Blockchain for Critical Enterprise and Banking Computing The latest vulnerabilities further show how even the most secure enterprise systems are radically inadequate to protect the confidentiality and integrity of enterprises most critical data, communications, negotiations, and executives from even mid-level attackers. From next May, GDPR will mandate disclosure of internal hacks, which may be much more costly – in reputation and competitive advantage – then the loss of consumer credentials. What are the prospects of new certifications and related technologies to deliver on those needs?
- Moderator: Anish Mohammed
- Panelists: Domenico Raguseo, TBD
- CHALLENGE C: How can ultra-high assurance* IT advance the security of critical autonomous or cyber-physical systems? How can AI, in turn, improve IT security?
Can ultra-high assurance IT standards, applied to their most critical deterministic sub-systems, contribute substantially or radically to autonomous and cyber-physical systems security? Can non-governmental ultra-high assurance (deterministic) IT standards – and related licensing and certification governance models – spur sustainable AI-driven economic development and foster short- and long-term AI safety and value alignment?
- Moderator: Rufo Guerreschi
- Panelists: Domenico Raguseo, Roman Yampolskiy.