Transcript Security and Society:

Security and Society:
An IBM Deep Dive
IBM’s Global Innovation Outlook
• Launched in 2004
• Opened IBM’s in-house forecasting of trends
in business and technology to outside thought
leaders
• Security and Society: A series of six Deep
Dives in 2008
• Water: second series of Deep Dives in 2008
Deep Dives on Security and Society
• Six Deep Dives
– Moscow
– Berlin
– Taipei
– Tokyo
– Vancouver
– Chicago
Deep Dive format
• Representatives from IBM GIO team, who
attended all Deep Dives in series
• Other IBM personnel
• About twenty other attendees from business,
academia, and government
• One day brainstorming session preceded by
reception and dinner the night before
• Final report based on six Deep Dives of series
Rationale for Security
and Society Deep Dive
In April, the GIO began its first focus area of 2008: Security
and Society. Why security? Because the need for security is
a fundamental part of the human condition. Lives are spent
in pursuit of it. Societies are built around it. And businesses
buy and sell the promise of it.
The ongoing battle between those that desire security and
those that undermine it has never been in more flux than it
is right now. Globalization, ideological conflict, and a global
communications network that connects everyone on the
planet have conspired to reshape the global security
landscape in a matter of decades.
As a result, new thinking needs to be applied to this new
reality.
Suggested Deep Dive Theme
“To fight a network, you need a network”
- Katharina von Knop
Assistant Professor, University of the
Armed Forces, Munich
Claim: Web 2.0 social networking can provide such a
network
Deep Dives before Chicago
• Starting in April 2008
• Moscow
– First Deep Dive broaching concept of community
security
• Towns, villages, families, and individuals all have a role
to play in security
• Many participants say that innovative management of
energy supplies will be Russia’s greatest contribution to
global security
• Green Mark vodka – countering counterfeit products
More Deep Dives
• Berlin
– “Sustainable security”: must root out causes of
instability and conflict, e.g., resource scarcity,
wealth disparity, oppressive governments
More Deep Dives
• Taipei
– Building on SARS outbreak of 2003 – immune
system as metaphor for global security
• Threats allowed to enter system
• System quickly responds and bolsters defenses against
similar future attacks
– Athol Yates, Executive Director, Australian Homeland Security
Research Centre
• Balance of supply chain efficiency and security
robustness
• plans for International Homeland Security office
More Deep Dives
• Tokyo
– Concern that Japan losing reputation for being
one of safest and most secure countries
• Globalization interfering with culture of security and
allowing physical and digital destabilization forces into
Japan
More Deep Dives
• Vancouver
– Online identities focus of discussion
• How to manage and control personal identification
online
– Consensus that delicate balance of centralized and
distributed security is the right way to address
global security
Chicago Deep Dive
• Key Theme: Privacy – Cavoukian, strong advocate
• IBM GIO attendees
– Amy Hermes, Worldwide GIO Program Director
– Verna Grayce Chao, GIO Business Development
Manager
– Laura Lombard, GIO Program Coordinator
– Kristopher Lichter, Director, Exploration Programs, GIO
Executive Director
– Milind Naphade, GIO Research Liaison
Chicago Deep Dive
• Other IBM attendees
– Marc Lautenbach, General Manager, IBM Americas
– Chung-Sheng Li, IBM Research, Security & Privacy
– Harriett Pearson, VP Regulatory Policy and Chief
Privacy Officer
– Cathy Lasser, VP Industry Solutions and Emerging
Business
– Rey Khachatourian, Senior Information Architect,
Customer Experience Strategy, Global Business
Services
Other Chicago Attendees
• Linda Foley, founder Identity Theft Resource
Center
• Carol Rizzo, CTO, Kaiser Permanente
• Andrew Mack, Director Human Security
Project, Simon Fraser U. – U.N. experience
• Natalie Ambrose, futurist, Future Expeditions
• Christopher Hoff, CISO, Unisys
• Erv Blythe, CIO, VPI&SU
Other Chicago Attendees
• Mustaque Ahamad, director Information
Security Center, Georgia Tech
• Julie Fergerson, VP of Emerging Technology,
Debix Identity Protection Network
• Chris Kelly, Chief Privacy Officer, Facebook
• Dan Shefflin, VP of Advanced Technology for
Automation and Control Solutions, Honeywell
• Michael Barrett, CISO, Paypal
Other Chicago Attendees
• Glenn Armstrong, VP of Corporate and Global
Innnovation, Alticor
• Marc Sokol, JK&B Capital partner
• Ann Cavoukian, Information and Privacy
Commissioner, Province of Ontario
• Pat Conley, SVP Product Development,
Verisign
• David Trulio, Special Assistant to the
President, White House, DHS
The Report
• Distributed Security: The Network Effect
• Government and Business: The New Roles
• Incentives: Best Behavior
• Privacy and Identity: Getting to Know You
The Network Effect
• Common Law
– Community-based security (vigilantes?)
• Wireless Watchdogs
– Mobile phones
• Thayer School Engineering in Medicine poster winner –
detect counterfeit medicines – Ashifi Gogo, Ghana
• The Secure Supply Chain
– Athol Yates - smart supply chains with central
analysis engine for risk data at all levels
The New Roles
• Good Security, Good Business
– Private sector has more incentive for strong security
than government or individuals
– 1.6 to 2% revenue lost to fraud, theft, and organized
crime
• The Legal Vacuum
– Courts of law dangerously out of touch with digital
criminal landscape
• Built-in Security
– Embedding security into products, e.g., car alarms
– Trade-off between convenience and cost, e.g., iPod
Best Behavior
• Strictly Business
– Money is the most powerful incentive for changing
behavior – Green Mark example
• The Threat Within
– 92% Insider attacks precipitated by negative workrelated event – not opportunism (CMU report)
– Monitoring, soft incentives
• Convenient Truth
– Having good security make life more convient
• Travelers pay annual fee for prescreening of personal data
Getting To Know You
• The Master Token
– Biometrics
• Cancelable biometrics, e.g., distorted fingerprint
• Reputation Reconnaissance
– Peer-to-peer based online rating systems
• Social network
• Aggregated by third party, like credit ratings
• Reclamation Project
– Data tethering – can know who is using your personal
data
On-going Collaboration
•
•
•
•
IBM R&D
Julie Fergerson, Linda Foley - Identity Theft
Christopher Hoff - Unisys
Ann Cavoukian – Information and Privacy
Commissioner, Ontario – video surveillance
• Carol Rizzo, CTO, Kaiser-Permanente – Secure Medical
Records
– Decades of medical records for same patients from 26
hospitals
• Athol Yates (Taipei) – International Homeland Security