On tuesday the 29th of may 2018, thanks to Led by Her i was invited to the OECD’s forum and went to three talks.
This panel was moderated by Cyrille Lachèvre, a macroeconomics reporter from the french media « L’Opinion », who asked questions to every person of the panel.
To introduce he said that cybersecurity is such a big subject that they decided to focus only on the following question:
“How can public and private sector cooperate to enhance cybersecurity and especially government and private actors?”
Moderator’s question to David Martinon “What is the french strategy and how do you handle the cybersecurity question from the government point of view?”
- Organize the state so that it can ensure the security of critical infrastructure
- The Diplomatic Strategy consists, through multilateral negotiations at the United Nations, in trying to stabilize cyberspace.
- We need to find diplomatic’s answers to cyberattack and new and hybrid cyberattack.
- No state are invulnerable but also no state are not able to conduct attack
- It is not a block to block confrontation but a multi polar context, everyone can act. And beyond the states, private actors are incredibly efficient. For each of them the expected benefit of a cyber attack is far beyond the initial investment. This is why we need to find a way to stabilize the situation.
- The United Nations is trying to clarify the rules of international laws applicable to cyberspace.
- In the OECD we are trying (it is a french initiative) to engage in a multi-stakeholder debate. It is essential to involve a certain number of private actors whose role has a systemic scope.
- There is a digital battlefield created by vulnerabilities in computer products (software or devices) of the market that can be exploited.
- Three main ideas:
- We want to achieve a better recognition by software and tool manufacturers of their economic, political and moral responsibilities.
- Preventing the proliferation of the cyber arms trade
- The need to ensure that a certain number of practices such as reverse hacking or hack back are prohibited. That enable private actors to conduct private wars on behalf of private actors.
Moderator’s question to Casper Klynge “ How can today governments and private actors work hands in hands with private company to enhance private security?
- Wake up call twelve month ago with the NotPetya attack
- Two weeks ago launch of a new cybersecurity strategy which focuses on multilateral collaboration. How can we cooperate multilaterally on cybersecurity issues?
- Increase dialog with the private sector not only GAFAM because we have a global mandate we also take a global view on the industry including in China, Asia and Europe.
- Fundamental task: Make sure that the companies will assume the responsability which is proportional to the influence they exercizing over our societies.
- We need to have a public private partnership to find common solutions. We need the private sector to help us solve this problem.
- We need to include Artificial Intelligence and Machine learning into that equation. There’s a common misunderstanding that Artificial Intelligence will be part of the solution and will help us solve the cyberattacks but A.I is going to increase the capabilities of the state and non state actors that are not necessarily well intentioned.
Moderator’s question to Tarah Wheeler: As you well know private actors what is your opinion with this relationship with governments?
- She is afraid of an attack that has no name yet. What would be the Pearl Harbour of cybersecurity? What would be the attack that is so devastating that it has a new name?
- The public sector does not often listen to the best resource it has for determining in advance where risk lies. Many of the same vulnerabilities are still present in american and global internet infrastructures.
- There’s a lack of partnership between private and public resources in the United States and beyond.
- She hopes for the wisdom to reach a hand out and provide the kind of wisdom that private security tries to gather as well as information about the potential for devastating attacks. She calls for the public sector to listen carefully to the words that are coming from the information security about the vulnerabilities that they have discovered.
- Public sector should listen to the information security community instead of prosecuting them, instead of frightening them with threats of lawsuits.
Moderator’s question for Renata Avila: We have developed countries that are seen as ambassadors about these cybersecurity questions but we see a lot of developing countries with a lot of people getting use to the Internet so danger could come from here also.
- Cybersecurity is a global problem it is something that brings us together and we are not bringing the right pieces into place because the two ambassador here are describing the public private partnership but the consumer side, the citizen side is neglected. Usually civil society find closed doors. Why do we perpetuate this exclusion of civil community from security? If you exclude community from a security problem you end up with a flaw.
- Who ever we are, we are walking asleep in this interconnectedness
- We need to follow top down bottom up combined, open up our spaces be open about the problem and be more creative for the solutions. We have a responsibility to not delay this problem.
Moderator’s question to Shane Curran: “Are you afraid of the protection of data? Or is it something that is getting better and better?”
- He used to think to think that cybersecurity is mostly a human issue and that education is the best way to correct it. But that is not the case.
- Data security is not something people want to learn about only a small amount of people have a keen interest on it and are sort of developing their own knowledge of it.
- In the example of Facebook everybody cares about data privacy. Even with the cambridge Analytica problem people have a lack of care for the data privacy.
- That is why he developed with his company a platform that allows third-party services to process personal data without ever seeing or handling it
- The difficult thing for government is to bring things out of academia and bring them in to a real world use case. With cybersecurity in particular there’s a lot of research happening but the solutions government are trying to do are mostly regulatory. Over time this is not a feasible solution.
Moderator’s question to the two ambassador: Do you fear a global attack? What kind of attack do you fear? How can we enhance education? How to work with customers?
- A global attack is something we fear. Even though we have already face that kind of attack.
- But there may be at some point cyber terrorist attack. Skills are on the market so if you are a mafia you have the means to hire people and make a cyber attack.
- We do fear global attack and with the grow of iot vulnerabilities are going to increase. This is a real issue and we need to do something about it.
- We are trying to enable company to say that they have been attacked without their image being impacted
- The international dimension is a critical part of it. We need to talk together but we also need to bring the private sector.
- The digital inequality is an important part of it, it is damaging for company but for people it is a life or death issue.
Question’s of moderator for every panelist: Who should pay for cyber protection? State? Companies? Citizens?
- Cybersecurité is a public good
- It’s not just private company not just private sector or private citizens who have the responsibility of paying for cyber protection it’s much like removing pollution. Each responsible person has the responsibility to not pollute.
- Cybersecurity is a public good that involves a partnership among industry, among governments and among citizens all of whom bear the responsibility of the ecosystem we are all affected by.
Security should not be a plus in the product it should be the standard. Technology industry should redesign standard for everyone.
- Everyone should take responsibility for cybersecurity.
- Government can not cover for everyone.
- We don’t see insurance market growing in Europe as it grows in US because the pricing for insurance contracts based on cyber risk is impossible.
- How do we make sure that everyone including private companies behave correctly when they protect themselves?
- He is a supporter of personal data monetization. There should be something similar as bank for data privacy.
- Individual should definitely not pay for it
Moderator’s question: How can we trust NSA and how can we trust the government to help us? How can we cope with this trust problem?
- If your incentive are misaligned with who you should trust you probably have a problem.
- What is that trust based upon? For companies incentive needs to based around serving their customers and sometimes customers and users are not the same thing.
- Don’t trust where you don’t have to. Cause you don’t know who you’re delegating that trust to as a third-party.
- The digital battleground is not only real but it is very difficult to adjust proper weights to it in terms of risk and if you can’t tell what your risk is if you can’t tell what your problem is and the people around you are not even sure about what you’re talking about is real it is going to be difficult to trust them with your life, your security and your future.
- Part of the solution is to have standards for devices
- Difference between EU and US in the trust issue in Eu we tend to trust governments this a difference of culture approach to where trust lies
- We need to find a common approach of regulation also in the cybersecurity issue.
Poll for the audience: Do you trust your government to handle cybersecurity?
I made a big summary of this round table because i am really fascinated about the subject and i felt like it was tackled in a different way than it usually is that is why i think you should also have a look at the video.
Every panelist was really interesting. I was particularly fascinated by Renata Avila which put into light very important issues regarding inequality.
Finally as Tarah Wheeler said it is necessary to listen to the information security community because they know very well what is happening in the field and could bring a lot to citizen, governments and private companies.
For this round table i will only make a quick summary of what has been said.
- There is insufficient transparency regarding human rights in the digital.
- We outsource our own way of doing things as humans. Silicon Valley is telling us the speed is the right way.
- Everyone has the right to learn and work as an adult all along their lives
- You don’t need to choose between privacy and AI anymore. You can use modern technic without giving up privacy. We invented a way to create fake data and use it to train the AI. This method works even better.
- With AI the real risk is bias.
- The future has already arrive in marginalized communities too. They have to trade basic human rights for other rights (ex privacy for food)
- The way that data flows has everything to do with who has powers
- Companies start with the best of intentions with the time things happen and go wrong. How do you make sure that policies are being made on the values of company
- How to you take care of integrity and make sure that it is not questioned. Humans rights are in critical stake
- You can’t blame propaganda for being powerful because we all use it. But the drivers of all of this remain the humans. We’re living in a world governed by us not robots. Our values are what need to be challenged
- We need to move our business model from targeted advertising. We need to take responsibility.
I really invite you to follow every people of this panel as everything that was said was really interesting. The best thing to do though if you want to have a nice sum up of the subject is to watch the video
Interviewed by Sarah Box Counsellor, Doctorate for Science, Technology and Innovation OECD.
This presentation of Tarah Wheeler really made me want to read her book. She is really inspiring. She presented her book and gave us some advices.
Here is a quick summary of what has been said:
- Most of technology is interrelated in a way that we do not often pay attention to. It is overwhelming but being a women in tech can be overwhelming too.
- With her book she hopes she has been a voice for other women. There’s a reason why she and seven other women talked about their experiences: “you are not alone”. There are women everywhere all of us have different stories but ultimately it is all the same: we all face the challenges and we all overcome and we are not alone.
- The problem is there and it does not seem to get better. She keeps having the same questions again and again about the subject which means that those question are not being answered properly by the companies that we are working for.
- She then gave some advice:
- Money is power don’t turn it down. When you negotiate a salary: Don’t name a number first, the first person to name a number always loses. Don’t say yes to the first offer. Think and talk about always being a good member in the team and use that as a negotiating strategy.
- If you feel like you are not being treated well in your current position: get out. It is not your job to make it better. Find the company that will treat you well or create your own.
- How do you have a family and work life at the same time? As Sheryl Sandberg said there is no more important career choice a woman can make than her choice of a partner
- If you have that sense of joy in tech don’t let anyone tell you to leave.
To conclude people from the audience asked her questions and advices.
If you want to see the full interview which i encourage you to do you can find it here.
You can also buy her book here
To go further