Using the power of collaboration to defeat cybercrime
Cybercrime is an ever growing issue in an expanding and increasingly accessible digital world. Where any chink in the armour can be an Achilles’ heel for business operations anywhere at any time. As the EUREKA cluster whose focus is the digital transition and whose projects have been very successful in enabling unique innovation to transform our world in a digital world, it stands to reason that we should take our responsibility to also drive the innovations that are needed to block the cyberattacks that threaten our digital society. To act as a kind of guardian angel and offer safe and easy-to-use cybersecurity.
To this end, an organising committee comprising ITEA, ATOS, Bosch, Airbus and KoçSistem decided to set up an international customers workshop on Cybersecurity to try to understand together with them what their most urgent and painful challenges are on a daily basis. “Not,” as ITEA Vice-chairman and co-organiser of the Cybersecurity workshop, Philippe Letellier, is keen to point out, “by trying to define any kind of strategy from on high but by sticking to the reality of the actual challenges faced by businesses.” This workshop is being hosted by ATOS, the logical choice given its strong involvement in cybersecurity and maximising its customers’ Digital Sovereignty. A subsequent step will be to generate new ITEA R&D projects from this list of actual challenges, not to invent yet another beautiful problem.
Interactive panel sessions
- Methodologies: Cyber security maturity model, development approach
- Procurement: Procurement value chain security management, Security usability
- Architecture: Heterogeneous Legacy security tools management, Centralised vs distributed data management
- IoT: IoT Secure system architecture
- AI: AI to enhance security and security for special AI algorithms
- Sovereignty: Sovereignty, Secure 5G infrastructure procurement, legal information worldwide, post-quantum crypto regulation
The aim of these interactive sessions will be to derive the specific painpoints and issues that are of concern to the participants, to build more awareness about the potential risks and weaknesses, and to look at ways in which cybersecurity can be optimised, for example, through collaboration. The workshop could be a first step in such a European collaboration.
Participants can expect to gain greater insight into the key challenges and new trends in cybersecurity. In view of the steady growth of cybercrime and its increasingly real threats and impact, the need to be informed and prepared to deal with the risks that are posed cannot be understated, from disruption in the chain to spying and data theft. In fact, whatever you find in the real world can also be found in the digital world.
Phases of cyberprotection
“Cyberprotection can be seen in terms of phases,” says Pierre Barnabé, Senior Executive Vice-President, Head of the Global Division Big Data & Cybersecurity within the Atos Group. “The first was denial, at the start of the 2010s when many thought of cybercrime as a problem for others, and then came the second phase – raised awareness – that we are coming to the end of today." This period of ‘alertness’ has seen IT security spending among companies and organisations rise from 2-3% to 7% and it is believed to continue up to 10% by 2023. As organisations become more reliant upon digital ecosystems, their Security Posture takes on added weight.
Now we are entering the third phase, which is dynamic protection and cooperation.” This new phase is really a turning point because in such a sensitive situation the willingness to cooperate could be undermined by proprietary business interests. This is where the ‘bubble of trust’ is a key and decisive concept. Atos is part of a Charter of Trust in which more than 20 large corporations such as IBM, Siemens, NEC and others that share information on cyberattacks confidentially with each other. What this means is that by cooperating the protective wall is reinforced and the strength of the many reduces the opportunity of the few. Cybercriminal organisations tend to compete rather than work with each other. As Pierre explains, “there’s a lot of information available to cybercriminals on the Dark Web, for example, so by working with your business partners with the bubble of trust, you can close doors, fill in gaps and cracks that might otherwise be penetrated by the wrong people.”
"Cyberprotection can be seen in terms of phases.
Now we are entering the third phase, which is dynamic protection and cooperation.”
Cybercrime is big business
Another real risk lies in the chain of subcontractors and suppliers. Take a company like Airbus, which has a seat supplier that purchases upholstery materials from on supplier and screws from another supplier – there could be many layers involved – then if just one supplier is compromised, the implications could be devastating. As an illustration, in July 2018, Gartner predicted that “by 2022, security ratings will become as important as credit ratings when assessing the risk of business relationships.” To ensure protection all through the supply chain demands a huge effort but, as Pierre emphasises, “the more we create the bubble of trust and collaborate, the higher we can raise the bar in our cybersecurity.” The revenue of cybercriminals is growing by 15-20% each year, so it’s an attractive business to be in. It has a GDP bigger than that of Saudi Arabia and ‘employs’ some very highly-paid clever people, sharp and agile young minds who are capable of designing highly complex attacks. In the market of crime, cyber is worth more than all the crime sectors together, including drugs, prostitution and extortion. “And then I come to my fourth phase,” Pierre says, “and that is the legal framework for prosecuting cybercriminals. Although that’s still a few years away, it is something that is worth thinking about today. Can you think of anyone who has yet been imprisoned for cyberextortion?”
Risks also come in the shape of objects in the IoT world. Currently most are low-level objects that lack the capacity and storage for ‘spying’ or ‘damage’ but in the future more complex objects like robots could become targets for cybercriminals. Whether this is a CPU in a vehicle or a robot in a factory or in the home, the consequences of a ‘bad robot’ could be devastating. “To take a very recent example in this time of coronavirus,” adds Vasco Gomes, Global CTO for cybersecurity products at Atos, “a robot is being deployed in the parks of Singapore to monitor physical distancing. Just imagine the chaos a very savvy engineer with a grudge could sow if the robot’s security has an Achilles’ heel.” The question that arises is: are we adopting too fast, is the product mature enough, are we trying to run before we can walk? Or is it a battle of creators? Attack and defence, who has the better design? Can we infuse more AI into the defence mechanisms? And, just as important, who is prepared to collaborate for the greater good?
Tackling the cybersecurity challenges
It is Europe’s mission to push forward its strong values of cooperation and compromise, ecological sustainability, digital ethics, cybersecurity and sovereignty protection. It is ITEA’s mission to enable businesses, with the involvement of their customers, to create innovative solutions that master the Digital Transition and tackle the major challenges in a way that helps bring to society forward. This workshop, led by ATOS, is a significant step in that direction. And for the workshop host, ATOS, it is an opportunity to underline its commitment to its role as a key cybersecurity industry partner, the number 3 Managed Security Services Provider worldwide.
More information about the authors:Pierre Barnabé