{"id":37964,"date":"2020-12-14T08:25:58","date_gmt":"2020-12-14T13:25:58","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=37964"},"modified":"2022-07-28T08:10:12","modified_gmt":"2022-07-28T12:10:12","slug":"digital-transparency-security-policy","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/digital-transparency-security-policy\/37964\/","title":{"rendered":"The tech industry can&#8217;t go on this way. Here&#8217;s how it must change."},"content":{"rendered":"<p>If you\u2019re creating or investing in new technologies, today\u2019s landscape \u2013 with increasingly complex data regulation \u2013 can be daunting. What if shared technology standards and cooperation could help make things safer and better? These perspectives from global digital policy and tech leaders are highlights from Kaspersky\u2019s <em>Shaping the Digital Future<\/em> Summit 2020.<\/p>\n<h2>Transparency protects technology users<\/h2>\n<p><strong>Tyson Johnson, CEO, CyberNB<\/strong><\/p>\n<p>\u201cTransparency is fundamental to critical infrastructure like utilities, telecommunications and healthcare working together. We need transparency to build a society that protects the technology user.<\/p>\n<p>\u201cLack of trust in the supply chain is a barrier to adoption, particularly for <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/industrial-iot\/28210\/\" target=\"_blank\" rel=\"noopener nofollow\">Incident Command Systems (ICS) and industrial internet of things (IIoT) systems<\/a>. A trustworthy supply chain needs unifying, global standards to decide what technology is allowed. We need to look at cyberspace as a global <a href=\"https:\/\/en.wikipedia.org\/wiki\/Commons\" target=\"_blank\" rel=\"noopener nofollow\">commons<\/a> needing global standards.\u201d<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/EHZNVAQE3WQ?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p><em>Tech and policy leaders debate transparency in cybersecurity at Shaping the digital future summit, 2020.<\/em><\/p>\n<h2>Welcoming the new tech entrepreneurs<\/h2>\n<p><strong>Cory Doctorow, journalist and science fiction writer<\/strong><\/p>\n<p>\u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Interoperability\" target=\"_blank\" rel=\"noopener nofollow\">Interoperability<\/a> in tech is understood narrowly, but it can be mystical \u2013 it\u2019s embedded in our world. We can wear different socks and shoes by different makers without asking their permission to swap.<\/p>\n\t\t\t<div class=\"c-promo-product\">\n\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--medium@sm c-card--aside-hor@lg\">\n\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\">Enjoying this article?<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h3 class=\"c-card__title \"><span>Subscribe for more<\/span><\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t<p>Secure Futures tells you where tech is heading. <\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"c-card__aside\">\n\t\t\t\t\t<a href=\"#modal_newsletter\" class=\"c-button c-card__link\" target=\"_blank\" rel=\"noopener\">Get updates<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\n<p>\u201cToday, we see the erosion of competitive compatibility. New products that plug into existing products without the maker\u2019s permission. Apple reverse-engineered Microsoft\u2019s formats to make the iWork suite in 2005. Since then, they\u2019ve blocked similar attempts from others at interoperable systems with their products.<\/p>\n<p>\u201cWith the rise of tech monopolies, technologists\u2019 horizons have shrunk, but India, the US and the EU all show interest in breaking monopolies. Tech entrepreneurs should set their sights high to dethrone big tech and own a piece of a smaller pie.<\/p>\n<p>\u201cEvery pirate wants to be an admiral. The state\u2019s role is to make sure the tools that made yesterday\u2019s upstarts successful are available for the next generation of entrepreneurs.<\/p>\n<blockquote><p>We\u2019re trying to rescue big tech instead of trying to rescue technology itself. <\/p>\n<cite><p>Cory Doctorow, journalist and science fiction writer<\/p><\/cite><\/blockquote>\n<p>\u201cWould we ever have imagined the internet becoming just five dominant websites? If we don\u2019t imagine beyond, we can only try to get them to pull up their (interoperable) socks and behave themselves. We need to learn from former monopolies like AT&amp;T and British Telecom. It\u2019s not that executives aren\u2019t good at accommodating billions of people\u2019s needs \u2013 no one can do that.<\/p>\n<p>\u201cWe need pluralism in services shaped by people who use them. GBWhatsApp, an East African WhatsApp clone with enhanced privacy, is maintained by local people to meet their needs. That\u2019s better than transparency \u2013 it\u2019s transparency plus autonomy.<\/p>\n<p>\u201cAn overseeing organization can help with standardization. But the answer isn\u2019t to try and make Zuckerberg (Facebook CEO) be the best overlord of six billion people he can be. It\u2019s to reduce his power.<\/p>\n<p>\u201cAnti-competitive business models treat customers as adversaries, like a medical firm that patents an insulin pump that only works with their own-brand insulin. You can\u2019t override a policy set by the manufacturer. If a hack causes a malicious act, you can\u2019t change it, <a href=\"https:\/\/www.reuters.com\/article\/us-johnson-johnson-cyber-insulin-pumps-e-idUSKCN12411L\" target=\"_blank\" rel=\"noopener nofollow\">like this exposed vulnerability in Johnson &amp; Johnson product that could lead to a dangerous overdose<\/a>.<\/p>\n<p>\u201cIt\u2019s like the \u2018<a href=\"https:\/\/theconversation.com\/the-trolley-dilemma-would-you-kill-one-person-to-save-five-57111\" target=\"_blank\" rel=\"noopener nofollow\">trolley dilemma\u2019<\/a> about who a self-driving car would save or kill in an accident. If we ever have a situation where a car may choose to hurt its owner, you\u2019re in deep security trouble.\u201d<\/p>\n<h2>Transparency is no silver bullet<\/h2>\n<p><strong>Jon A Fanzun, Special Envoy, Switzerland\u2019s Federal Department of Foreign Affairs<\/strong><\/p>\n<p>\u201cTransparency isn\u2019t a silver bullet solution. It\u2019s a prerequisite that helps build trust.<\/p>\n<p>\u201cBusinesses report lack of uniform demand for cybersecurity products. There\u2019s a greater need in niche areas, but products are chosen on price and ease of use. In our <a href=\"https:\/\/genevadialogue.ch\/\" target=\"_blank\" rel=\"noopener nofollow\">Geneva Dialogue<\/a> discussing responsible behavior in cyberspace, we hear concerns about complex regulatory frameworks.<\/p>\n<blockquote><p>Developing cybersecure products is a team sport. You have to play together. Everyone must have a role and responsibility.<\/p>\n<cite><p>Jon A Fanzun, Special Envoy, Switzerland's Federal Department of Foreign Affairs<\/p><\/cite><\/blockquote>\n<p>\u201cWe must develop a baseline of cybersecurity requirements that every organization can apply, and build capacity to help them meet regulatory demands. We need incentives to encourage developers to make more secure technologies, but there also needs to be incentives to buy more secure over lower-cost products.\u201d<\/p>\n<h2>Securing the cyber age<\/h2>\n<p><strong>Eugene Kaspersky, CEO, Kaspersky<\/strong><\/p>\n<p>\u201cWe\u2019re living in a world that\u2019s becoming more connected. From the Stone Age to the plastic age, technology is taking us into the cyber age. Our precious commodity is no longer physical resources \u2013 it\u2019s data.<\/p>\n<p>\u201cResearchers at Kaspersky see threats increase in number and sophistication. To protect ourselves, we can make products less attractive to hackers as they\u2019re so secure the cost to attack outweighs the gain. We call this <a href=\"https:\/\/www.kaspersky.com\/blog\/applied-cyberimmunity\/28772\/\" target=\"_blank\" rel=\"noopener nofollow\">cyber-immunity<\/a>.<\/p>\n<p>\u201cWe\u2019re building a world that depends on cyber to support its critical infrastructure, like healthcare and utilities. These systems are vulnerable in their design and deployed as a \u2018black box\u2019 \u2013 we don\u2019t know what\u2019s inside. But cybercriminals can open the box and take what they want. We\u2019ll face more cyberthreats if we rely on non-transparent frameworks. Without nations cooperating, it\u2019s hard to investigate cybercrime gangs working across borders.<\/p>\n<p>\u201cBusiness leaders tell me they want to store their data in-house, so in case of a leak, they have access. They don\u2019t want a \u2018black box\u2019 \u2013 they want it to be transparent and accessible to their customers.<\/p>\n<p>\u201cSome data should be kept and processed locally, as we\u2019ve done by opening international data centers with our <a href=\"https:\/\/www.kaspersky.com\/transparency-center\" target=\"_blank\" rel=\"noopener nofollow\">Global Transparency Initiative<\/a>. These centers let customers review source code, as cybersecurity is critical for business transparency.\u201d<\/p>\n<h2>Developing a toolkit for global cooperation<\/h2>\n<p><strong>Ghislain de Salins, Policy Analyst, OECD<\/strong><\/p>\n<p>\u201cThe biggest threat of all is ourselves. There\u2019s limited cybersecurity awareness in society, but also little cooperation between stakeholders. Ethical hackers or security researchers can be threatened by big corporates when they reveal technology vulnerabilities. This doesn\u2019t help build a more secure world.<\/p>\n<p>\u201cCooperation is crucial. We need to shift responsibility to the supply side. A lot of the burden is on consumers to secure their devices, but we now see \u2018security by design\u2019 principles emerging that put the emphasis back on suppliers.<\/p>\n<p>\u201cTo establish standards, our challenge is an absence of norms. If you sell your product to 13 markets, you need to comply with 13 regulatory frameworks. It dilutes rather than improves security efforts.<\/p>\n<p>\u201cDesigning policy is like designing software \u2013 it\u2019s iterative. Try something, and if it fails, change tack.<\/p>\n<p>Transparency policy isn\u2019t an end in itself. It\u2019s a means to empower stakeholders to hold each other accountable. It\u2019s not about regulatory frameworks or rigid regulation. At OECD, we prefer to adopt a \u2018toolkit\u2019 with different tools that best fit your policy objective, like voluntary standards and self-certification. We see an appetite for governments to do more, which happens when voluntary frameworks don\u2019t go far enough.\u201d<\/p>\n<h2>Build cyber-resilience as businesses go digital<\/h2>\n<p><strong>Evgeniya Naumova, Vice President of Global Sales Network, Kaspersky<\/strong><\/p>\n<p>\u201cCybersecurity isn\u2019t just about protecting hardware or software. It\u2019s about protecting people. Cybersecure systems help protect our workplaces, data and health. Recently, the world was shocked by the <a href=\"https:\/\/www.tomorrowunlocked.com\/hacker-hunter-hackc1ne-1\" target=\"_blank\" rel=\"noopener nofollow\">first patient death related to a cyberattack<\/a>. Perhaps it\u2019s no surprise \u2013 TV and movies have long played out this threat.<\/p>\n<p>\u201cBusiness and society rely on IT systems to function. They need to be cyber resilient. A compromised system causes more than cybersecurity damage \u2013 it hemorrhages data, money and customer trust.<\/p>\n<p>\u201cYou need to strengthen your infrastructure and <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/data-security-supply-chain\/35912\/\" target=\"_blank\" rel=\"noopener nofollow\">supply chain<\/a>, like monitoring your vendor\u2019s data usage. We regularly review our ecosystem and give our partners tools to protect themselves. We choose reliable software and security-assessed third-party applications through our <a href=\"https:\/\/www.kaspersky.com\/capacity-building\" target=\"_blank\" rel=\"noopener nofollow\">Cyber Capacity Build Program<\/a>.<\/p>\n<p>\u201cYou can earn trust by being more transparent. Kaspersky asked people in 15 countries if transparency is essential. One in two think governments should be transparent about how they process data.<\/p>\n<p>A transparency policy helps, which may contain independent test results and data processing information. Our 2020 survey of businesses found nearly 2 in 5 have no transparency policy. Telecoms and utilities are advancing faster; 68 percent have a policy. But healthcare (57 percent) and government (54 percent) are falling behind. There\u2019s more work to be done.\u201d<\/p>\n<p><em>Opinions reflect an edited version of those expressed by the speaker at the event. <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Developing technology to meet today\u2019s regulatory standards and raise the confidence of customers is complex. What do leading tech thinkers see as the answers?<\/p>\n","protected":false},"author":2521,"featured_media":37965,"template":"","coauthors":[3452],"class_list":{"0":"post-37964","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-industrial-cybersecurity","8":"emagazine-category-opinions","9":"emagazine-category-transparency","10":"emagazine-tag-policy"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/digital-transparency-security-policy\/37964\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/digital-transparency-security-policy\/24884\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/digital-transparency-security-policy\/22877\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/37964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/37965"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=37964"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=37964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}