Information and communication technologies (ICTs) have dramatically improved real-time communication worldwide. However, they bring about a host of privacy and security challenges.
ITU’s third Global Standards Symposium (GSS) brought together a diverse range of thought leaders to discuss these challenges on Monday, on the eve of ITU’s quadrennial World Telecommunication Standardization Assembly (WTSA-16) in Hammamet, Tunisia.
Industry players such as Deutsche Telekom, Google, Huawei, Alibaba, and Symantec as well as representatives from government, civil society and standards development organizations discussed how standards efforts could best integrate the consideration of security, privacy and trust.
“It’s becoming increasing difficult to isolate technical issues from policy issues,” said ITU Secretary General Houlin Zhao in opening remarks, adding that meetings such as GSS can help bridge gaps between policymakers, industry, and standards-making bodies.
Security: more collaboration needed
During a GSS panel on how industry meets end-users’ expectations of security, privacy and trust, several thought leaders outlined new cybersecurity challenges and called for more high-level international discussion on security standards.
“Traditional cybersecurity tools are not adequate. We need to find other models to defend from new attacks,” said Mr Ammar Alkassar, CEO of Rohde & Schwarz Cybersecurity.
And new attacks are coming.
Jaya Baloo, Chief Information Security Officer of KPN, spoke about the pressing need for cyberbersecurity professionals to prepare for quantum computing, which will will greatly enhance hacking capabilities. She spoke of the need to create algorithms that are “quantum-resistant” and to invest in getting the smartest cryptographers working on “post-quantum cryptography.”
But all speakers stressed the need for the public and private sectors to work together more.
“Cybersecurity needs international cooperation,” said Dr Thomas Kremer, Member of the Board of Management for Data Privacy, Legal Affairs and Compliance, adding that governments and businesses must share both good and bad experiences in order to learn and adjust properly.
Panelists also agreed on the need for rapid and timely sharing of information, but noted a range of reasons why that is difficult. “The problem sometimes with standards is that sometimes they move very slowly, but innovation happens quickly,” said James Snow, Security & Compliance Strategist for Google.
Privacy now a top concern
GSS speakers highlighted the need to balance privacy with security.
“Privacy is becoming one of the defining issues of our age,” said GSS Keynote speaker John Edwards, the Privacy Commissioner of New Zealand and Chair of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners.
Mr. Edwards noted that privacy policies are at now being discussed the highest levels of government at several international fora. He also said: “There is no tradeoff to be made between enterprise, innovation, and privacy.”
Many panelists agreed that privacy and security should not be at odds, rather they should go hand-in-hand. “Providing security is a competitive advantage. Customers want and demand it,” said Mr Ilias Chantzos – Senior Director, Government Affairs, EMEA, Global CIP and Privacy Advisor, Symantec.
Indeed, several panelists reinforced the need for trust in today’s digital economy.
“Trust is crucial for the success of digitization and future business models,” said DT’s Kremer. “Only if people trust businesses will they allow their personal data to be processed.”
Transparency is a main prerequisite for gaining consent, Kremer said, adding that DT thinks one of the best ways is to offer easy-to-use tools and apps for users to manage their privacy setting across services.
Costs of not aligning
Lack of alignment on international cybersecurity and privacy standards boosts vendor costs and lowers the quality of goods produced, said David Francis, the European Cyber Security Officer for Huawei Technologies.
“Evaluation of what security looks like is ‘all over the map,’” said Francis. Better cybersecurity standards are possible, “but we need to stop talking and get on with it,” he said.
“You can all go back to your home countries and provide leadership,” said Francis, addressing the audience. “That’s important.”
Aside from better coordination, some panelists mentioned the need for new approaches.
“Open standards inspire innovation,” Ms Karen McCabe, Senior Director of Technology Policy and International Affairs, IEEE Standards Association. “A multistakeholder approach is so important, but it’s also important to bring in a new generation of developers and technologists.”