One of the things that I like about our hyper-connected world is how easy it is to virtually attend just about any tech conference. Alongside most major conferences you can also find a number of interesting ancillary events. Some of these, much like the official conference sessions, are recorded for viewing later. Today's post is about one such ancillary event, hosted by RSA – the company, not the conference. Before I talk about that, let me discuss why I think Singapore is so important for IT security professionals.
I have been interested in the island nation since I gave a talk there more than 20 years ago. Back then, I saw the beginnings of where the country could go by playing a key role in IT. My audience had folks who spoke more than a dozen different languages and who came from almost as many nearby countries. Since then, Singapore has invested big-time in its IT development, particular with respect to smart city technologies: this is its fifth year of a series of major investments that include improving commutes, digital payments and secure identities. This year, the country will spend more than US $1B in new smart city enhancements.
Part of these expenditures is in how the country has taken a page from the Israeli playbook. Singapore has created various cybersecurity programs that are coming from several directions. For example, this summer it launched its third bug bounty program to improve its various digital services. And the government has helped to encourage startups with the incubator Innovation Cybersecurity Ecosystem@Block71, a partnership between the government, private investors and its National University. These government initiatives have encouraged others with tech companies opening offices there to conduct research and support their southeast Asian customers.
Let's return to the RSA event that was led by President Rohit Ghai and covered issues on smart cities, privacy and digital transformation by three panelists:
- Vishal Salvi, Chief Information Security Officer (CISO), InfoSys, a private cybersecurity consultancy based in India,
- Dr. Aswami Ariffin, Sr. Vice President of the Malaysian Cybersecurity Responsive Services Division, and
- Andrew Woodward, the Executive Dean at the School of Science at Edith Cowan University in Perth, Australia
This panel is typical of the role that Singapore plays in that part of the world. It shows the diversity of nationalities and stakeholders that must be assembled for successful cybersecurity solutions. If you watch the recorded video, you will first hear this panel express their concern about the cybersecurity toll companies doing business in smart cities will have to deal with. Dr. Aswami Ariffin thinks that "we are opening the "cyber floodgates" with smart city implementations. "We have to better understand the risks involved and make sure we have the right solutions." He suggests that businesses look to partner and work collaboratively with governments and communicate with the right stakeholders. Vishal Salvi pointed out that different industries have different cybersecurity implications when it comes to smart cities -- both in terms of data risk and operations. "This could change conversations for their boards of directors, both in terms of basic cyber hygiene and infrastructure protection."
When it comes to dealing with digital disruption, Andrew Woodward was concerned that many companies are still conducting business as it was done decades ago. "For many, their approach is still with a pre-digital mindset when it comes to risk management, with the justification that we have always done it a certain way." Salvi mentioned that cybersecurity has always been behind IT innovation, particularly in the financial sector. "Now we have the sharing economy and connected cars where change happens in weeks, not months. This rate of change is putting pressure on CISOs and business owners to embed security while and where this change is happening. We have to provide agile solutions to support that transformation." Dr. Aswami Ariffin gave his perspective for the appropriate role of government: "We don't want to force businesses to create any white elephant projects. Our goal is to try to help private businesses over security hurdles and to educate them about other risks besides cybersecurity, such as with their operations and following regulations." The Malaysian government has its Intelligence, Incidence and Investigation program as one of these activities.
Salvi mentions that cybersecurity should be front and center and should set the foundation for any digital transformation activity. But the price of doing nothing is also an issue: "Failing to do any digital transformation is the largest risk. You are looking at rapidly changing the foundations of your business models. We have to embed security in everything."
Part of this challenge is when we empower users to take control over their data. It creates issues for security managers to protect this data and control appropriate access. "There is a tension between security and privacy; at some point we need a better balance," said Salvi. "Eventually, the world will adopt better rights management and more common encryption methods." Woodward said that this creates an "interesting tension with the drive to increase cybersecurity through regulation, but we also want users to take control and be custodians of their own data." This complicates how breach laws will be enacted and enforced, for example.
Given the dearth of qualified cybersecurity professionals worldwide, academia is rising to meet these challenges by changing the way they are educating future cybersecurity workers. "The key is to be able to work together with industry and government to address the right problems," said Woodward. They have also reworked their curriculum and have created more online classes, even at the master's level. "It isn't one job for life anymore. We call them 'conversion classes' and they are designed for workers to become cybersecurity professionals in mid-career. Nowadays, students want on-demand classes with content-rich media and don't want to attend lectures. It is all about reskilling and upskilling. We want our students to have hands-on experience when they graduate, so they are ready to join the workforce." His reach goes beyond the traditional four-year degree too. "We have programs for elementary school students to get them to think about cybersecurity as a career."
This panel could have taken place just about anywhere on the planet: cybersecurity challenges and solutions are truly universal. It is well worth watching.
This post was sponsored by RSA, but the opinions are my own and do not necessarily represent RSA's positions or strategies.
# # #
David Strom is an independent writer and expert with decades of knowledge on the B2B technology market, including: network computing, computer hardware and security markets. Follow him @dstrom.
Learn more about the risks facing Digital Cities and Nations by watching "The New Why of Cybersecurity".
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity