Welcome to Digital and Cybersecure (D&C)!
This is my personal blog; here I will occasionally muse about anything digital, or anything cyber. Take note that these opinions are entirely personal; they do not represent any organisation or any entity.
Why Digital and Cybersecure?
I always thought that a world transitioning towards increasing use of digital technologies present the world with unprecedented opportunity. Much of what we do today that cuts across industries (data mining through quantitative sources, analytics to optimise operations, operations research) were simply not as effective in the past as they are today. Reverting to a disconnected, silo-ed world simply, bereft of digital tools is simply impossible. We cannot imagine competitive chess players today training without the use of massive chess engines. E-commerce empires will detest being robbed of their massive analytics engines that churn out customer preferences.
Digital Problems (?)
However, these come with problems. Immediately, two problems come to mind.
- How far off are digital predictions from actual outcomes?
- How can we secure what we see as an increasingly digital world?
Of course, if one enumerates more completely, one realises that the digital world is a much unexplored territory. We do not understand well, for instance, the psychological impact arising from overuse of digital technologies. We are still coming to grips with understanding the limits to which artificial intelligence can be used to solving problems of all kinds.
We live in exciting, unpredictable times. Many of us do not have answers to the digital transformation we see today. Ask a director on the street today, “What do you mean by transformation?” or “What do you mean by “digitalisation?”, and one gets an answer that leads to even more questions. Digital terminology like “blockchain”, “IoT”, “machine learning” are used by almost everyone, ranging from CTOs to sales teams. But do we really have a working understanding of the digital world?
With a digital landscape that is fast transforming, so is the security landscape. Our relentless exploitation of digital technologies also requires similar transformations in the cybersecurity landscape. One simple example is in the idea of “endpoint protection”. Previously, endpoints in an IT network were thought of as client workstations. These prove to be fairly “easy” to secure with today’s modern technologies. As long as these are hooked up to a central server which delivers timely patch updates, share a common operating system, a security infrastructure can be easily set up. All these assume that the client workstation is powerful enough to run a host-based firewall, anti-virus, and various monitoring agents that track user behaviour.
However, today’s systems are far more complicated. Let us use a business case to explain what “diversification” means. Suppose we embark on a smart building project to monitor the various building management facilities therein. These can include mechanical and engineering (M&E) systems, temperature monitors and light sensors. The project team decides they would like to introduce “pre-emptive maintenance”. To do that, traditional M&E systems would have to be hooked up to a data analytics server. From a security angle, there are immediate questions. If the sensors are exposed, could I fool the sensor into triggering the analytics engine to detect anomalies, resulting in a response that “corrects” the false anomaly? Take for example, temperature sensors for climatic control. If I con the temperature sensor that it is 0 degrees Celsius, could I then potentially con the air-conditioning system to weak its air-conditioning output? If there exists misconfigurations, such as my actions being able to manipulate the central air-conditioning, my mischief could result in catastrophic consequences — the server room that is connected to the air-conditioning system, too, receives weakened air-conditioning, may overheat, and crash. Today’s systems are unlike the past, where we can easily enforce physical and digital security measures to secure everything that is owned by the enterprise. Sensors today are exposed for data collection. However, the very nature of connectivity also introduces new risks, and new ideas for mischievous actors to deny its users said capabilities.
Technology never operates in silo. The end users of technological capabilities are thankfully still human. There are many new fields that have been revitalised. These range from human-computer interaction to science and technology studies (STS). Rapid digital advancement has led to increased need and focus of understanding how humans interact with technology, and in return, how it affects us.
While such implications may sound “arcane”, think about a real-world example. Say you are a parent, and you would like to educate your child with nursery rhymes. You believe your English is nowhere as good as what your child deserves, and stumble upon a Youtube video that does just that. Would you entrust the child to listen to nursery rhymes, and count on Youtube’s “recommendation algorithm” to iteratively suggest, and play content for the child? Parenting in the past was not so complicated, but is a complex business today. To exacerbate this situation, how many of us can claim to be well-versed in understanding the digital world that we immerse ourselves into? It is undeniable that earlier digital exposure improves children’s digital savvy-ness. But are they any more “digital wise”? We do not know, and we will live to watch the transformation in this generation.
Where Do I Stand?
I think, wearing a cybersecurity hat, I probably see an enormous range of technologies. How can we secure systems we do not understand?
Having said that, I think no one person or authority is a master of knowledge, especially with the exponential pace of innovation. Through my musings, I hope to provide, with some clarity, what I think, how I think, and use that to perhaps, generate ideas of your own. You are also, of course, free to feedback to me on what you think, how you think, and perhaps, share your experiences in a digital world that may well be increasingly difficult to navigate. Let’s understand this digital world in the hope that we be able to exploit its advantages as fully as we can for humankind, yet appreciate the consequences that come with it, and mitigate them wherever possible.