SlideShare a Scribd company logo

Security & Privacy Considerations for Advancing Technology

John D. Johnson, profile picture
John D. Johnson

Dr. John D. Johnson gave a presentation on security and privacy considerations for advancing technology. He discussed how the pace of technological change is rapidly increasing. New technologies like AI, IoT, blockchain, and quantum computing are transforming our world. While technology provides opportunities, it also introduces new risks around privacy, security, ethics, and unintended consequences if not developed and used responsibly. Dr. Johnson emphasized that we must consider these issues up front and build resilience through standards, regulations when needed, layered security approaches, and preparing for failures. The future will be driven by technology, so we must thoughtfully shape how it impacts our lives and society.

Technology
1 of 72
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Dr. John D. Johnson, CISSP, CRISC, SMIEEE Bloomcon 2022 • March 26, 2022 Security and Privacy Considerations for Advancing Technology
John D. Johnson, Ph.D., CISSP, CRISC vCISO & Founder/President Docent Institute (501.c.3) www.johndjohnson.com @johndjohnson
Preface • I will try to avoid Death by PowerPoint. You all signed the disclaimer when you registered? • I’m sure that you will look back afterwards and wonder how we covered 467 slides so quickly!
A new industrial revolution ”In the next decade, we will experience more progress than in the past 100 years.” - Peter Diamandis, Co-Founder of Singularity University
The first “selfie” taken in 1920 100 Years Ago
Mid-1900s
Advancing Technology – Today or near future The pace of advancing technology is increasing 1. 5G – Faster communications 2. AI/ML – Machines can take over some human decision-making (e.g., cars) 3. VR/AR/Metaverse 4. Blockchain – Adds integrity and traceability and more with Web 3.0 5. Smart Things- IoT, Industrial IoT, Industrial Control Systems, Sensors 6. Distributed computing 1. Fog: push cloud computing to the edge (decentralize) 2. Mist: push analytics & decision making to edge device 3. Rain: computing is fully distributed, resilient and scalable, and integrated into the world around us 7. Ubiquitous computing; Serverless Computing 8. Quantum computing & entanglement (cryptography) 9. 3-D Printing; Additive Manufacturing 10. Robotics/Automation (RPA) Disclaimer: John’s wild guesses may have involved alcohol and a dart board.
Will the future bring… or It is up to us to use technology ethically and to consider security & privacy.
Technology Trends What are the advanced technology trends?
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
20 Metatrends for the 2020s (1) Continued increase in global abundance: The number of individuals in extreme poverty continues to drop, as the middle-income population continues to rise. (2) Global gigabit connectivity will connect everyone and everything, everywhere, at ultra-low cost: The deployment of both licensed and unlicensed 5G, plus the launch of a multitude of global satellite networks (OneWeb, Starlink, etc.), allow for ubiquitous, low-cost communications for everyone, everywhere, not to mention the connection of trillions of devices. (3) The average human health span will increase by 10+ years (4) An age of capital abundance will see increasing access to capital everywhere: This metatrend is driven by the convergence of global connectivity, dematerialization, demonetization, and democratization. (5) Augmented reality and the spatial web will achieve ubiquitous deployment: The combination of augmented reality (yielding Web 3.0, or the spatial web) and 5G networks (offering 100Mb/s – 10Gb/s connection speeds) will transform how we live our everyday lives, impacting every industry from retail and advertising to education and entertainment. (6) Everything is smart, embedded with intelligence: The price of specialized machine learning chips is dropping rapidly with a rise in global demand. Combined with the explosion of low-cost microscopic sensors and the deployment of high-bandwidth networks, we’re heading into a decade wherein every device becomes intelligent. Your child’s toy remembers her face and name. Your kids’ drone safely and diligently follows and videos all the children at the birthday party. Appliances respond to voice commands and anticipate your needs. (7) AI will achieve human-level intelligence (8) AI-human collaboration will skyrocket across all professions: The rise of “AI as a Service” (AIaaS) platforms will enable humans to partner with AI in every aspect of their work, at every level, in every industry. AIs will become entrenched in everyday business operations, serving as cognitive collaborators to employees—supporting creative tasks, generating new ideas, and tackling previously unattainable innovations. https://singularityhub.com/2020/01/10/20-tech- metatrends-to-look-out-for-in-the-2020s/
20 Metatrends for the 2020s (9) Most individuals adapt a JARVIS-like “software shell” to improve their quality of life: Imagine a secure JARVIS-like software shell that you give permission to listen to all your conversations, read your email, monitor your blood chemistry, etc. With access to such data, these AI-enabled software shells will learn your preferences, anticipate your needs and behavior, shop for you, monitor your health, and help you problem-solve in support of your mid- and long-term goals. (10) Globally abundant, cheap renewable energy: Continued advancements in solar, wind, geothermal, hydroelectric, nuclear, and localized grids will drive humanity towards cheap, abundant, and ubiquitous renewable energy. (11) The insurance industry transforms from “recovery after risk” to “prevention of risk” (12) Autonomous vehicles and flying cars will redefine human travel (soon to be far faster and cheaper) (13) On-demand production and on-demand delivery will birth an “instant economy of things”: Urban dwellers will learn to expect “instant fulfillment” of their retail orders as drone and robotic last-mile delivery services carry products from local supply depots directly to your doorstep. (14) Ability to sense and know anything, anytime, anywhere: We’re rapidly approaching the era wherein 100 billion sensors (the Internet of Everything) is monitoring and sensing (imaging, listening, measuring) every facet of our environments, all the time. (15) Disruption of advertising: As AI becomes increasingly embedded in everyday life, your custom AI will soon understand what you want better than you do. In turn, we will begin to both trust and rely upon our AIs to make most of our buying decisions, turning over shopping to AI-enabled personal assistants. Your AI might make purchases based upon your past desires, current shortages, conversations you’ve allowed your AI to listen to, or by tracking where your pupils focus on a virtual interface (i.e., what catches your attention). (16) Cellular agriculture moves from the lab into inner cities, providing high-quality protein that is cheaper and healthier (17) High-bandwidth brain-computer interfaces (BCIs) will come online for public use (18) High-resolution VR will transform both retail and real estate shopping (19) Increased focus on sustainability and the environment (20) CRISPR and gene therapies will minimize disease
Pace of technology change The technology landscape is rapidly evolving, bringing with it business opportunities
By Dion Hinchcliffe, ZDNet Increasing pace of technology change
Security & Privacy Considerations for Advancing Technology
Everything is connected We are heading toward a Smart Future where trillions of sensors and devices will be connected to the Internet
The Internet of Things definition: “Sensors and actuators embedded in physical objects are linked through wired and wireless networks”
Security & Privacy Considerations for Advancing Technology
80 Billion
Security & Privacy Considerations for Advancing Technology
Smart & Autonomous Vehicles
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Enabling Technologies The Smart Future is accelerated by enabling technologies
5G enables IoT • 100x faster than 4G • 1/50 the latency of 4G • Much more scalable: 100x more devices than there are people • Good for time sensitive applications (e.g. factory robotics, robotic surgery) • How do you get billions of devices to talk to each other? • Security & Privacy are key • Connected assets can be used to extract productivity
Big Data enables IoT
Fog (Edge) Computing enables IoT
Security & Privacy Considerations for Advancing Technology
Heading toward ubiquitous computing
AI and Machine Learning Enable IoT • Training AI can be hit or miss – need sufficient training data for possible scenarios • Need to eliminate unwanted biases • Lightweight blockchain for IoT applications • Privacy protecting federated ML • P2P model and environmental data sharing
Security & Privacy Considerations for Advancing Technology
Blockchain (Distributed Ledger) Adds Integrity to IoT and Security to M2M Communications
Security & Privacy Considerations for Advancing Technology
Web 3.0, the Metaverse and beyond
Risk Advancing technology brings risk and opportunity
• Since IT is critical for all business processes today, IT Risk affects all enterprise risk • Risk is calculated: • Threats & Vulnerabilities • Likelihood & Frequency of Loss Event • Impact of Event • Risk is difficult to calculate, especially for new technologies and use cases • Threats are increasing • Adversaries • Misconfigurations • Why? • More devices • Increased complexity • Increased connectivity • Technologies that don’t integrate well • More data to process • Speed of data • Automation/AI
Risk associated with advanced technology • Not well understood, may require training • Most drivers have no idea how their car works, and that’s OK • May not follow standards or be interoperable • May be regulated • The impact of an exploit may be more far reaching • “We didn’t know someone would try to use it that way.” • Rush to adopt new technology without fully understanding consequences • Connected technology may impact more people when attacked
Everything connected. Everything at risk. • More connected devices means a greatly expanded attack surface. • The bottom line is the more that all of our things are connected together, and the more we rely on them, the more vulnerable we are to having disastrous disruptions to our business processes, personal lives, and to society as a whole.
Greater complexity leads to increased risk “The following is my rule of thumb. For every 1,000 lines of code, on average, at least one code-level bug exists. For every 20 code-level bugs, at least one is a security vulnerability. For every 10 vulns, at least one is exploitable.” - J. Wolfgang Goerlich, VP of Strategic Programs, CBI
Supply Chain Security • Whether intentionally, or accidentally, insiders can cause security breaches (employees, contractors, suppliers) • Supply Chain attacks tripled in 2021 • Widely adopted software packages can be exploited: SolarWinds, Log4j… • Open-source software, Internet code repositories, and common libraries with vulnerabilities can lead to widespread incidents
Security & Privacy Considerations for Advancing Technology
Technology concerns
Threats
Threat Actors • Threat actors include humans/groups that intentionally or unintentionally cause a loss event (security incident). This can include the employee who clicks on malicious email or the contractor who shares their password with a co- worker. It can include misconfigurations or mistakes. • In addition to the unintended consequences that come with advancing technology, we have specific groups of adversaries that are motivated by Money, Ideology, Coercion, Ego (M.I.C.E.) • Asymmetric warfare – Adversary just needs one vuln to exploit, Defender must defend all • Experts commoditize exploits which can later be used & rented by n00bs
The risk is not being chased by one bear… Running faster than your friend isn’t enough. The Internet is full of bears.
And then we have aligators.
And toasters…
Environmental factors can affect technology
How we use technology changes, based on age, culture, and other factors 1998 • Don’t get into strangers’ cars • Don’t meet people from the Internet 2017 • Literally summon strangers from the Internet so you can ride in their car Original source unknown
Ethical Concerns
Ethical concerns • Advanced technology without an ethical roadmap can lead to: • Loss of privacy • Abuse of personal information • Increased inequity between different groups • Workers replaced in many fields by AI and Robotic Process Automation • Health & safety concerns
“Emerging technologies, such as industrial robots, artificial intelligence, and machine learning, are advancing at a rapid pace. These developments can improve the speed, quality, and cost of goods and services, but they also displace large numbers of workers. This possibility challenges the traditional benefits model of tying health care and retirement savings to jobs. In an economy that employs dramatically fewer workers, we need to think about how to deliver benefits to displaced workers. If automation makes jobs less secure in the future, there needs to be a way to deliver benefits outside of employment. “Flexicurity,” or flexible security, is one idea for providing health care, education, and housing assistance, whether or not someone is formally employed. In addition, activity accounts can finance lifelong education and worker retraining. No matter how people choose to spend time, there needs to be ways for people to live fulfilling lives even if society needs fewer workers. Robotics displaces workers
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Hint: Not as bad as it sounds.
Humane Technology Respects human minds Minimizes unintended harm Centers human values Creates shared understanding Narrows gaps of inequity Helps people thrive
Mitigation • Consider ethical, security & privacy issues at onset, not after it is in use • Define and follow (international) standards and protocols • Ethical inspection and consensus on path forward with advanced technology (new can be better… not always) • Threat modeling and risk-based security controls • Regulations (good, bad & ugly) – not always best solution, but sometimes necessary – these can be global but are often local • Architect for future state (what should it do and what will it need to integrate with?) • Security/Privacy by design • Leverage complementary technologies (such as Blockchain) • Philosophy applied to technology: There isn’t always a perfect solution. Seldom is. Think: Kobayashi Maru - or - Trolley Problem • It is important to bring together people with different expertise and background to have varied points of view to reach an informed consensus
Respond with “Smarter” layered security Once we have assessed our security risk, we identify controls to mitigate risk, or we transfer or accept risk. [Risk transfer includes cyber insurance.] Controls may be technical, but also involve people and processes. They may be “traditional” or leverage new technology, such as machine learning. • Risk can never be eliminated, but it can be mitigated (reduced to acceptable level). Layered security is the most effective way to do this. • We must not rely on purely reactive, technical security controls. • We must leverage advanced technology and consider ethical issues up front. • We must prepare for failure and practice how we respond and recover.
Conclusion • We can’t continue to use failed models • Leverage common standards and protocols • Industry self-regulation (i.e., PCI) or government regulations may be needed • We must consider the big picture and long-term implications • Build resiliency in processes and architecture, and safe failure modes • Stay on top of changes to technology and regulations • The benefits of technology outweigh the negatives with due diligence • The most disruptive technologies that will drive the 4th Industrial Revolution may not yet be invented • The future will come fast, and we should hold on for the ride!
Appendix
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
5 areas of risk for new technology implementations

More Related Content

PPTX
IOTCYBER
Chuck Brooks
 
PDF
Bob Gourley
AFCEA International
 
PDF
AGI Part 4.pdf
Bob Marcus
 
PDF
Bank of America : World View for 2030-part-1
Energy for One World
 
PDF
Top Technology Trends to Watch in 2024.pdf
JPLoft Solutions
 
DOCX
Top 10 Technology and Business Trends in 2022.docx
Advance Tech
 
PPTX
CRMEVOLUTION
Chuck Brooks
 
PDF
How to use the internet of Things ( IOT)
Claudia Lanteri
 
IOTCYBER
Chuck Brooks
 
Bob Gourley
AFCEA International
 
AGI Part 4.pdf
Bob Marcus
 
Bank of America : World View for 2030-part-1
Energy for One World
 
Top Technology Trends to Watch in 2024.pdf
JPLoft Solutions
 
Top 10 Technology and Business Trends in 2022.docx
Advance Tech
 
CRMEVOLUTION
Chuck Brooks
 
How to use the internet of Things ( IOT)
Claudia Lanteri
 

Similar to Security & Privacy Considerations for Advancing Technology (20)

PDF
Emerging trends in IT 2018
Shyam Sunder Verma
 
PPTX
Internet of things enabling tech - challenges - opportunities (2016)
Davor Dokonal
 
PPTX
Digital Economy by Johannes Bauer
QuelloCenteratMichiganStateUniversity
 
PDF
Cloud 2020: taking your customers into the future - Peter Schwartz Avanxo Clo...
Avanxo
 
PPTX
"TechVision 2024: Navigating the Future of Innovation"
Himani201861
 
PPTX
K4b Technology Innovation — Trends and Opportunities.pptx
Selvam Shahraswaty
 
PDF
George konstantakis iot and product design
360mnbsu
 
PDF
Synergy 2015 Session Slides: SYN106 2020 Technology Landscape From The Citrix...
Citrix
 
PDF
Emerging Technology Trends in the Post-COVID World
Vincent Lau
 
PDF
Trend study: Connected Reality 2025 (landscape print)
Z_punkt GmbH The Foresight Company
 
PDF
(Ebook) AI Is Ciming for The Class Room by MIT Techonology Review
nacnacmoble
 
PDF
Future of m2 m iot m2m forum cee - vienna - 9 june 2015 lr
Future Agenda
 
PDF
Internet of Things and Artificial Intelligence
Irem Gokce Aydin
 
PDF
Future of Technology | 2020
Social Friendly
 
PDF
Digital India: Use of Technology For Transforming Society
Dr. Sunil Kr. Pandey
 
PDF
Future Today Institute | 2020 Tech Trends Report
Amy Webb
 
PDF
CEO NunkyWorld
Abel Linares Palacios
 
PDF
Cool new gadgets do space
Brian Pichman
 
PDF
Future Today Institute | 2020 Tech Trends Report | Section 2 of 2
Amy Webb
 
PDF
Making a Better World with Technology Innovations
Imesh Gunaratne
 
Emerging trends in IT 2018
Shyam Sunder Verma
 
Internet of things enabling tech - challenges - opportunities (2016)
Davor Dokonal
 
Digital Economy by Johannes Bauer
QuelloCenteratMichiganStateUniversity
 
Cloud 2020: taking your customers into the future - Peter Schwartz Avanxo Clo...
Avanxo
 
"TechVision 2024: Navigating the Future of Innovation"
Himani201861
 
K4b Technology Innovation — Trends and Opportunities.pptx
Selvam Shahraswaty
 
George konstantakis iot and product design
360mnbsu
 
Synergy 2015 Session Slides: SYN106 2020 Technology Landscape From The Citrix...
Citrix
 
Emerging Technology Trends in the Post-COVID World
Vincent Lau
 
Trend study: Connected Reality 2025 (landscape print)
Z_punkt GmbH The Foresight Company
 
(Ebook) AI Is Ciming for The Class Room by MIT Techonology Review
nacnacmoble
 
Future of m2 m iot m2m forum cee - vienna - 9 june 2015 lr
Future Agenda
 
Internet of Things and Artificial Intelligence
Irem Gokce Aydin
 
Future of Technology | 2020
Social Friendly
 
Digital India: Use of Technology For Transforming Society
Dr. Sunil Kr. Pandey
 
Future Today Institute | 2020 Tech Trends Report
Amy Webb
 
CEO NunkyWorld
Abel Linares Palacios
 
Cool new gadgets do space
Brian Pichman
 
Future Today Institute | 2020 Tech Trends Report | Section 2 of 2
Amy Webb
 
Making a Better World with Technology Innovations
Imesh Gunaratne
 
Ad

More from John D. Johnson (14)

PPTX
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
PPTX
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
PPSX
Fundamentals of Light and Matter
John D. Johnson
 
PDF
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
John D. Johnson
 
PPTX
Managing Enterprise Risk: Why U No Haz Metrics?
John D. Johnson
 
PPTX
Presenting Metrics to the Executive Team
John D. Johnson
 
PPTX
Big Data: Big Deal or Big Brother?
John D. Johnson
 
PPTX
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
PPTX
Cyber Education ISACA 25 April 2017
John D. Johnson
 
PDF
Discovering a Universe Beyond the Cosmic Shore
John D. Johnson
 
PDF
AITP Presentation on Mobile Security
John D. Johnson
 
PDF
Security & Privacy in Cloud Computing
John D. Johnson
 
PDF
Mars Talk for IEEE
John D. Johnson
 
PDF
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
Fundamentals of Light and Matter
John D. Johnson
 
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
John D. Johnson
 
Managing Enterprise Risk: Why U No Haz Metrics?
John D. Johnson
 
Presenting Metrics to the Executive Team
John D. Johnson
 
Big Data: Big Deal or Big Brother?
John D. Johnson
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Cyber Education ISACA 25 April 2017
John D. Johnson
 
Discovering a Universe Beyond the Cosmic Shore
John D. Johnson
 
AITP Presentation on Mobile Security
John D. Johnson
 
Security & Privacy in Cloud Computing
John D. Johnson
 
Mars Talk for IEEE
John D. Johnson
 
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 
Ad

Recently uploaded (20)

PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
A Presentation on Artificial Intelligence
memembruh336
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 

Security & Privacy Considerations for Advancing Technology

  • 1. Dr. John D. Johnson, CISSP, CRISC, SMIEEE Bloomcon 2022 • March 26, 2022 Security and Privacy Considerations for Advancing Technology
  • 2. John D. Johnson, Ph.D., CISSP, CRISC vCISO & Founder/President Docent Institute (501.c.3) www.johndjohnson.com @johndjohnson
  • 3. Preface • I will try to avoid Death by PowerPoint. You all signed the disclaimer when you registered? • I’m sure that you will look back afterwards and wonder how we covered 467 slides so quickly!
  • 4. A new industrial revolution ”In the next decade, we will experience more progress than in the past 100 years.” - Peter Diamandis, Co-Founder of Singularity University
  • 5. The first “selfie” taken in 1920 100 Years Ago
  • 7. Advancing Technology – Today or near future The pace of advancing technology is increasing 1. 5G – Faster communications 2. AI/ML – Machines can take over some human decision-making (e.g., cars) 3. VR/AR/Metaverse 4. Blockchain – Adds integrity and traceability and more with Web 3.0 5. Smart Things- IoT, Industrial IoT, Industrial Control Systems, Sensors 6. Distributed computing 1. Fog: push cloud computing to the edge (decentralize) 2. Mist: push analytics & decision making to edge device 3. Rain: computing is fully distributed, resilient and scalable, and integrated into the world around us 7. Ubiquitous computing; Serverless Computing 8. Quantum computing & entanglement (cryptography) 9. 3-D Printing; Additive Manufacturing 10. Robotics/Automation (RPA) Disclaimer: John’s wild guesses may have involved alcohol and a dart board.
  • 8. Will the future bring… or It is up to us to use technology ethically and to consider security & privacy.
  • 9. Technology Trends What are the advanced technology trends?
  • 15. 20 Metatrends for the 2020s (1) Continued increase in global abundance: The number of individuals in extreme poverty continues to drop, as the middle-income population continues to rise. (2) Global gigabit connectivity will connect everyone and everything, everywhere, at ultra-low cost: The deployment of both licensed and unlicensed 5G, plus the launch of a multitude of global satellite networks (OneWeb, Starlink, etc.), allow for ubiquitous, low-cost communications for everyone, everywhere, not to mention the connection of trillions of devices. (3) The average human health span will increase by 10+ years (4) An age of capital abundance will see increasing access to capital everywhere: This metatrend is driven by the convergence of global connectivity, dematerialization, demonetization, and democratization. (5) Augmented reality and the spatial web will achieve ubiquitous deployment: The combination of augmented reality (yielding Web 3.0, or the spatial web) and 5G networks (offering 100Mb/s – 10Gb/s connection speeds) will transform how we live our everyday lives, impacting every industry from retail and advertising to education and entertainment. (6) Everything is smart, embedded with intelligence: The price of specialized machine learning chips is dropping rapidly with a rise in global demand. Combined with the explosion of low-cost microscopic sensors and the deployment of high-bandwidth networks, we’re heading into a decade wherein every device becomes intelligent. Your child’s toy remembers her face and name. Your kids’ drone safely and diligently follows and videos all the children at the birthday party. Appliances respond to voice commands and anticipate your needs. (7) AI will achieve human-level intelligence (8) AI-human collaboration will skyrocket across all professions: The rise of “AI as a Service” (AIaaS) platforms will enable humans to partner with AI in every aspect of their work, at every level, in every industry. AIs will become entrenched in everyday business operations, serving as cognitive collaborators to employees—supporting creative tasks, generating new ideas, and tackling previously unattainable innovations. https://singularityhub.com/2020/01/10/20-tech- metatrends-to-look-out-for-in-the-2020s/
  • 16. 20 Metatrends for the 2020s (9) Most individuals adapt a JARVIS-like “software shell” to improve their quality of life: Imagine a secure JARVIS-like software shell that you give permission to listen to all your conversations, read your email, monitor your blood chemistry, etc. With access to such data, these AI-enabled software shells will learn your preferences, anticipate your needs and behavior, shop for you, monitor your health, and help you problem-solve in support of your mid- and long-term goals. (10) Globally abundant, cheap renewable energy: Continued advancements in solar, wind, geothermal, hydroelectric, nuclear, and localized grids will drive humanity towards cheap, abundant, and ubiquitous renewable energy. (11) The insurance industry transforms from “recovery after risk” to “prevention of risk” (12) Autonomous vehicles and flying cars will redefine human travel (soon to be far faster and cheaper) (13) On-demand production and on-demand delivery will birth an “instant economy of things”: Urban dwellers will learn to expect “instant fulfillment” of their retail orders as drone and robotic last-mile delivery services carry products from local supply depots directly to your doorstep. (14) Ability to sense and know anything, anytime, anywhere: We’re rapidly approaching the era wherein 100 billion sensors (the Internet of Everything) is monitoring and sensing (imaging, listening, measuring) every facet of our environments, all the time. (15) Disruption of advertising: As AI becomes increasingly embedded in everyday life, your custom AI will soon understand what you want better than you do. In turn, we will begin to both trust and rely upon our AIs to make most of our buying decisions, turning over shopping to AI-enabled personal assistants. Your AI might make purchases based upon your past desires, current shortages, conversations you’ve allowed your AI to listen to, or by tracking where your pupils focus on a virtual interface (i.e., what catches your attention). (16) Cellular agriculture moves from the lab into inner cities, providing high-quality protein that is cheaper and healthier (17) High-bandwidth brain-computer interfaces (BCIs) will come online for public use (18) High-resolution VR will transform both retail and real estate shopping (19) Increased focus on sustainability and the environment (20) CRISPR and gene therapies will minimize disease
  • 17. Pace of technology change The technology landscape is rapidly evolving, bringing with it business opportunities
  • 18. By Dion Hinchcliffe, ZDNet Increasing pace of technology change
  • 20. Everything is connected We are heading toward a Smart Future where trillions of sensors and devices will be connected to the Internet
  • 21. The Internet of Things definition: “Sensors and actuators embedded in physical objects are linked through wired and wireless networks”
  • 25. Smart & Autonomous Vehicles
  • 30. Enabling Technologies The Smart Future is accelerated by enabling technologies
  • 31. 5G enables IoT • 100x faster than 4G • 1/50 the latency of 4G • Much more scalable: 100x more devices than there are people • Good for time sensitive applications (e.g. factory robotics, robotic surgery) • How do you get billions of devices to talk to each other? • Security & Privacy are key • Connected assets can be used to extract productivity
  • 33. Fog (Edge) Computing enables IoT
  • 36. AI and Machine Learning Enable IoT • Training AI can be hit or miss – need sufficient training data for possible scenarios • Need to eliminate unwanted biases • Lightweight blockchain for IoT applications • Privacy protecting federated ML • P2P model and environmental data sharing
  • 38. Blockchain (Distributed Ledger) Adds Integrity to IoT and Security to M2M Communications
  • 40. Web 3.0, the Metaverse and beyond
  • 41. Risk Advancing technology brings risk and opportunity
  • 42. • Since IT is critical for all business processes today, IT Risk affects all enterprise risk • Risk is calculated: • Threats & Vulnerabilities • Likelihood & Frequency of Loss Event • Impact of Event • Risk is difficult to calculate, especially for new technologies and use cases • Threats are increasing • Adversaries • Misconfigurations • Why? • More devices • Increased complexity • Increased connectivity • Technologies that don’t integrate well • More data to process • Speed of data • Automation/AI
  • 43. Risk associated with advanced technology • Not well understood, may require training • Most drivers have no idea how their car works, and that’s OK • May not follow standards or be interoperable • May be regulated • The impact of an exploit may be more far reaching • “We didn’t know someone would try to use it that way.” • Rush to adopt new technology without fully understanding consequences • Connected technology may impact more people when attacked
  • 44. Everything connected. Everything at risk. • More connected devices means a greatly expanded attack surface. • The bottom line is the more that all of our things are connected together, and the more we rely on them, the more vulnerable we are to having disastrous disruptions to our business processes, personal lives, and to society as a whole.
  • 45. Greater complexity leads to increased risk “The following is my rule of thumb. For every 1,000 lines of code, on average, at least one code-level bug exists. For every 20 code-level bugs, at least one is a security vulnerability. For every 10 vulns, at least one is exploitable.” - J. Wolfgang Goerlich, VP of Strategic Programs, CBI
  • 46. Supply Chain Security • Whether intentionally, or accidentally, insiders can cause security breaches (employees, contractors, suppliers) • Supply Chain attacks tripled in 2021 • Widely adopted software packages can be exploited: SolarWinds, Log4j… • Open-source software, Internet code repositories, and common libraries with vulnerabilities can lead to widespread incidents
  • 50. Threat Actors • Threat actors include humans/groups that intentionally or unintentionally cause a loss event (security incident). This can include the employee who clicks on malicious email or the contractor who shares their password with a co- worker. It can include misconfigurations or mistakes. • In addition to the unintended consequences that come with advancing technology, we have specific groups of adversaries that are motivated by Money, Ideology, Coercion, Ego (M.I.C.E.) • Asymmetric warfare – Adversary just needs one vuln to exploit, Defender must defend all • Experts commoditize exploits which can later be used & rented by n00bs
  • 51. The risk is not being chased by one bear… Running faster than your friend isn’t enough. The Internet is full of bears.
  • 52. And then we have aligators.
  • 54. Environmental factors can affect technology
  • 55. How we use technology changes, based on age, culture, and other factors 1998 • Don’t get into strangers’ cars • Don’t meet people from the Internet 2017 • Literally summon strangers from the Internet so you can ride in their car Original source unknown
  • 57. Ethical concerns • Advanced technology without an ethical roadmap can lead to: • Loss of privacy • Abuse of personal information • Increased inequity between different groups • Workers replaced in many fields by AI and Robotic Process Automation • Health & safety concerns
  • 58. “Emerging technologies, such as industrial robots, artificial intelligence, and machine learning, are advancing at a rapid pace. These developments can improve the speed, quality, and cost of goods and services, but they also displace large numbers of workers. This possibility challenges the traditional benefits model of tying health care and retirement savings to jobs. In an economy that employs dramatically fewer workers, we need to think about how to deliver benefits to displaced workers. If automation makes jobs less secure in the future, there needs to be a way to deliver benefits outside of employment. “Flexicurity,” or flexible security, is one idea for providing health care, education, and housing assistance, whether or not someone is formally employed. In addition, activity accounts can finance lifelong education and worker retraining. No matter how people choose to spend time, there needs to be ways for people to live fulfilling lives even if society needs fewer workers. Robotics displaces workers
  • 61. Hint: Not as bad as it sounds.
  • 62. Humane Technology Respects human minds Minimizes unintended harm Centers human values Creates shared understanding Narrows gaps of inequity Helps people thrive
  • 63. Mitigation • Consider ethical, security & privacy issues at onset, not after it is in use • Define and follow (international) standards and protocols • Ethical inspection and consensus on path forward with advanced technology (new can be better… not always) • Threat modeling and risk-based security controls • Regulations (good, bad & ugly) – not always best solution, but sometimes necessary – these can be global but are often local • Architect for future state (what should it do and what will it need to integrate with?) • Security/Privacy by design • Leverage complementary technologies (such as Blockchain) • Philosophy applied to technology: There isn’t always a perfect solution. Seldom is. Think: Kobayashi Maru - or - Trolley Problem • It is important to bring together people with different expertise and background to have varied points of view to reach an informed consensus
  • 64. Respond with “Smarter” layered security Once we have assessed our security risk, we identify controls to mitigate risk, or we transfer or accept risk. [Risk transfer includes cyber insurance.] Controls may be technical, but also involve people and processes. They may be “traditional” or leverage new technology, such as machine learning. • Risk can never be eliminated, but it can be mitigated (reduced to acceptable level). Layered security is the most effective way to do this. • We must not rely on purely reactive, technical security controls. • We must leverage advanced technology and consider ethical issues up front. • We must prepare for failure and practice how we respond and recover.
  • 65. Conclusion • We can’t continue to use failed models • Leverage common standards and protocols • Industry self-regulation (i.e., PCI) or government regulations may be needed • We must consider the big picture and long-term implications • Build resiliency in processes and architecture, and safe failure modes • Stay on top of changes to technology and regulations • The benefits of technology outweigh the negatives with due diligence • The most disruptive technologies that will drive the 4th Industrial Revolution may not yet be invented • The future will come fast, and we should hold on for the ride!
  • 72. 5 areas of risk for new technology implementations