Embed Size (px)
Citation preview
www.thales-esecurity.com
Whose Risk Is It Anyway?The Internet, Big Data, and the Tragedy of the Security Commons
JON GEATER, CHIEF TECHNOLOGY OFFICERDATA NATIVES BERLIN, 19TH NOVEMBER 2015
2OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Tragedy of the Commons
3OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Tragedy of the Commons
▌Economic essay from 1833, turned into an article for the journal Science in 1968
▌Concerns the effects of self-interested individuals making use of shared (or ‘common’) resources – such as grazing livestock on common land
▌Deals with separating those issues that can be solved with technology and those issues that cannot
Creative Commons / Ximénez
4OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What’s that got to do with Data?
5OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
▌Digital Natives: people who grew up with computers and CE products all around them, implicitly understand them and expect them to be intimately woven into their lives
▌Data natives – people who grew up with the Internet and always-on connectivity, sharing and data driven systems. They implicitly understand data and information as separate things to the machines that process them
▌To a Data Native, data is a real thing, no different to a rock or a bird
Data Natives
6OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
▌Digital Natives: people who grew up with computers and CE products all around them, implicitly understand them and expect them to be intimately woven into their lives
▌Data natives – people who grew up with the Internet and always-on connectivity, sharing and data driven systems. They implicitly understand data and information as separate things to the machines that process them
▌To a Data Native, data is a real thing, no different to a rock or a bird
▌In tomorrow’s hyper-connected, hyper-efficient world, data really IS a real thing. It will drive our power, our communications and our transport networks. Every aspect of life will come down to data
Data Natives
7OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
It’s in the programme
8OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
It’s in the programme
9OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
It’s in the programme
Can we trust people to pursue that opportunity responsibly?
Can people be trusted to pursue this opportunity responsibly?
10OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where have we been?
▌The GoodSome people do get things right
▌The BadMany people get things wrong by accident
▌The UglyAnd some people get things wrong on purposeOver-active ad networks, Superfish, backdoors…
11OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where have we been? Target
▌TARGET BREACHNot to pick on Target: they’re just the most recent example of manyNo mater how careful you are with your own security, a back end leak can sour the whole potAny time data moves from the custody of one entity to another for profit, there’s a potential common harm
Target.com / FairUse
12OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where have we been? Look at our track record
theregister.co.uk / Fair Use
13OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where are we going?
© Thales
14OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where are we going?
▌Smart energy
▌Smart cities
▌Connected car
▌Wearables
▌Assisted living
▌Citizen databases
▌Ubiquitous entertainment
15OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Where are we going?
▌Smart energy
▌Smart cities
▌Connected car
▌Wearables
▌Assisted living
▌Citizen databases
▌Ubiquitous entertainment
Today’s IoT is still largely trinkets, toys.
Optional.
But tomorrow’s IoT will be unavoidable.
16OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
People are starting to get worried about this…
Wikimedia commons / Markus Kuhn
17OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
People are starting to get worried about this…
Wikimedia commons / Markus Kuhn
18OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What are the commons in Big Data and IoT?
19OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
▌Some are known:Communication networks – exploiting available bandwidthIdentity – Theft, abuse, loss of privacy – all contribute to polluting the fabric of societyRunning costs – fixing problems in the field costs much more than designing in a strong system to begin withOpen Source software – Everybody’s taking but who’s giving back? Shell Shock, Heartbleed, …
▌Others will develop as time goes on:“Computer says no” is a lot more serious when your life – much more than your credit score – is run by algorithms that you can’t challenge
What are the commons in the Internet, Big Data and IoT?
20OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What will happen if we do nothing?
21OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What will happen if we do nothing?
© Thales
“It’s somebody else’s problem”
22OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What will happen if we do nothing?
© Thales
23OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
What can Data Natives do about this?
24OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
Examine the data
▌Examine the data, and remember it is YOURS
▌Build in resiliancy to social algorithms. Trust the data: Trust but Verify
▌Support products and developments that treat security and privacy as first-order goals
▌Take a long term view. Devices can change, but data is forever
© Thales
25OPENThis document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2014 All rights reserved.
THANK YOU
