the SINET Innovation Summit
A common theme across discussions at Tuesday's SINET Innovation Summit was the interplay of markets, regulation, and litigation in software quality and security. All three will continue to prove powerfully influential in the evolution of consumer expectations and standards of care; no one of them is likely to dominate.
"Jackware," a term coined by ESET researcher Stephen Cobb shortly after Miller and Valasek's Jeep hacking demonstration for WIRED in 2015, refers to "the use of malware to take over a vehicle, whether to extort a ransom from the owner, or to take the car somewhere other than the destination intended by the legitimate owner or operator." So jackware is ransomware with strong physical effect. (Haute vulgarisation of the concept may be found in the most recent emanations from Vin Diesel's Fast and Furious franchise, Fate of the Furious.) William Beer (EY Principal, Advisory Cybersecurity Services) chaired a panel consisting of James Beeson (Chief Information Security Officer, Cigna), Randy Miskanic (Americas Regional Head, Group Information Security Office, UBS), Yonesy Nunez (Senior Vice President and information Security Leader, Wholesale and International, Wells Fargo Bank), and Mario Vuksan (Founder and Chief Executive Officer, Reversing Labs).
It remains unclear whether IoT manufacturers will come to lead with security as a differentiator, or if consumers will come to expect it. Security as such will probably be a difficult sell (consumers may not even be aware, let alone care, for example, whether their proverbial networked refrigerator is roped into a distributed denial-of-service botnet). Vuksan noted a growing convergence of cyber security features with device safety and reliability, and those are things about which consumers care. But manufacturers ought to take the prospect of jackware seriously, he added. Jackware may not be common, but it's been demonstrated at least in proof-of-concept form, and its effects could be severe, threatening both lives and organizational survival.
Third-party risk has also emerged as a significant issue for businesses. Michael Johnson (Senior Vice President and Chief Information Security Officer, Capital One) moderated a discussion vendor risk management models among Edna Conway (Chief Security Officer, Global Value Chain, Cisco), Lisa Humbert (Chief Information Risk Officer, Bank of Tokyo Mitsubishi), Fred Kneipp (Chief Executive Officer, CyberGRX), and Christopher Porter (Vice President and Chief Information Security Officer, Fannie Mae). Usually framed in terms of supply chain risk, as the panel pointed out, the problem is even more complex than that.
The third-party risks a business must manage aren't confined to those posed by its vendors. Conway framed the challenge as "knowing who touches your stuff." Given the notorious difficulty of simply knowing one's own network, reaching a comprehensive understanding of every third-party who legitimately interacts with an enterprise, and what risks they bring with them, is a tall order indeed.
Our continuing coverage of SINET's 2017 Innovation Summit may be found here. We'll have more tomorrow.