Huawei cyber president warns technology is a breeder of threats
With the number of devices connected under the Internet of Things (IoT) banner expected to sit at approximately 6.4 billion by the end of this year, Huawei believes that technology is outstripping people's ability to think through all of the consequences of these connections.
There are smart fridges that tell people when they run out of milk and wristbands that tell them when they need to visit a doctor, but John Suffolk, president, global cybersecurity and privacy officer of Huawei Technologies, said this is only the tip of the iceberg.
Featured
"Technology will be on us much quicker than we realise, standards are rapidly being approved, people are already doing early trials, there's quite a lot of IoT being deployed in small pilots -- I don't think we've seen even the tip of the iceberg fully yet in terms of all of the uses for things," he said.
"We're coming into an era now where technology will become more pervasive, more complicated but the demands on protection and availability of that data to the data subject will also grow at the same time."
Speaking at Huawei's ICT Roadshow in Sydney, Suffolk discussed the first commercialisation of the PC, noting the industry has not really cracked how to even secure the PC.
"The best we have come up with in 35 years is don't turn it on," Suffolk joked.
"Of course it's more complicated now than 35 years ago, but the technology of 35 years ago is still a security challenge, and here we are looking forward five and 10 years towards things that have not really been invented. We don't really know they're going to be fully used around the world and yet people are asking 'how do you secure this world?'"
His advice is to focus on securing this world -- not the PC of 35 years ago -- because shortly after each new technology is born a threat occurs. Suffolk does not expect this to change.
Due to the public nature of many recent data breaches or security hacks, Suffolk believes that many customers now understand intrinsically what goes on with security, noting it has not stopped them from embracing technology.
"All of the things that have happened around security -- it doesn't matter if it's from a nation-state perspective or just vulnerabilities or data loss -- has not stopped people investing in technology. Quite the reverse," he said.
"The reality is that globalisation, the consolidation of industries, the bigger market size with smaller margin says that actually you have to invest in technology to create value, otherwise there will be someone else investing in technology to create value to take your customers."
Despite the broadening understanding, Suffolk feels people and governments are under the impression that security is absolute, saying there is a need to accept where there is technology, there is going to be a threat.
"There are a lot of standards bodies and not everyone's interpretation of those standards is the same," he said. "Data is moving around the world, hitting different legal jurisdictions, and there's a conflict between economy and security and privacy."
Policy is written in an absolute sense, which Suffolk said breeds a conflict between government and the use of technology.
It comes as no surprise that there are conflicting laws around the world on security and privacy, but one country in particular that Huawei has dealt with has 17 different laws on telecommunications.
"When we ask the lawyers to give us a view on a particular thing, you have to go an ask three different external lawyers and they have a different interpretation of those 17 different privacy laws," Suffolk said.
"Governments themselves are going to need to rethink policies from a binary view of security and privacy as the reality is that technology is not going to wait for a government policy.
"Do you think we're going to get governments to agree collectively around the world on resolving all of these issues? The answer is no. It's not happened before it's not going to happen in the future."
Putting it simply, Suffolk said government has a view of security and privacy that is different to many enterprises as the objectives are different for each party.
He said he has experienced many governments struggling with the idea of writing a policy on technology that is undergoing constant drastic change that also recognises risks but does not lock down all of the industry, impacting things such as margin and investment ability.
"[As a result] you tend to get policies becoming longer and longer, and in some respects the words becoming more and more generic, 'You must have assessed risk', well okay, what does that mean, how would you assess whether I have assessed risk, what is a good risk assessment, do you have a model for this, you must have considered x, y, and z -- well what does considered mean?" he said.
"You can see by the way the language is changing they are trying to say we know there's a problem here or there could be a problem here we just don't know how to articulate a government policy."
That being said, there is not much Huawei or any other vendor can do except adapt to each jurisdiction's environment if it is financially viable to do so, Suffolk said.