Report on the “Emerging Technologies” Session

Report | GFCE V-Meeting “Emerging Technologies” | 21 April 2020

This open session featured expert presentations from private sector stakeholders on emerging technologies. The presentations provided insights on different types of emerging technologies and use cases in the field of cybersecurity. The session also included a space for interventions and questions, where participants were given the opportunity to reflect on these issues and the potential uses of these technologies for policymakers.

The first presentation, by Mr. Mark van Staalduinen, formen TNO employee and currently Managing Director CFLW Cyber Strategies, focussed on studying the IoT Security landscape.

Mark commenced with the problem statement of IoT Security. There is a large deployment of IoT devices, while they are in general resource constraint. This consequently brings risks related to consumer security, privacy and safety and an increased threat of large scale cyber-attacks launched from a large volume of insecure IoT devices. Mark gave the participants further insight in the study’s detailed solution for these problems, divided into three levels. The highest level includes the principles, governance and legislation; the second level covers the ecosystem development; and the third levels refers to technical references and standards. This was followed by outlining the three main conclusions of the study. First, there is a limited adoption of IoT security practices and lack of harmonized operational expertise. Second, a lack of alignment and information sharing across supply chains and geographies exists. Third, there is a lack of foundational IoT device security.

Mark concluded his presentation by highlighting two good practices. The first good practice, regarding security and privacy by design recommends: build privacy into IoT devices by design, not as an afterthought; identify principles that form the basis if all efforts directed towards IoT security; everything that comes after needs to tie back to at least one of the principles. In addition, he shared links to useful reports from the UK, the US and EastWest Institute with the participants. The second good practice, concerning guidelines and standards, advocates for the use of guidelines and standards that support the security principles identified under good practices, whilst guidelines should strike a balance between comprehensiveness end ease of implementation. In addition, Mark shared links to recommended studies from ENISA, the UK and ETSI.

The second presentation, by Mr. Dan Gisolfi, CTO Decentralized Identity and Open Security at IBM Security, focussed on the Digital Trust Marketplace.

Dan started his presentation by raising some important questions and challenges, such as ‘how do you prove you are you?’. As individuals, it is important to take back control of our personal data. Enterprises try to fix this problem via verifiability. He elaborated on the concept of the scope of identity activities and the use of transitive trust to reach verifiability. He stressed the need for collaboration around standardization in the open community in order to address the bigger problem collectively. Following this, Dan introduced IBM’s Trust over IP (ToIP) Stack, compromised of four different layers. The ToIP Stack is a complete architecture for Internet-scale transitive trust that integrates cryptographic verifiability at the technical machine later with human trust at the business, social, and legal layers. Dan highlighted that we cannot separate technology from governance, so therefore the ToIP Stack focusses on both.

Next, the ToIP Foundation was explained, which refers to a collaborative community that frames the technology and governance infrastructure necessary to support an interoperable digital trust marketplace. ToIP architecture establishes human trust between real-world individuals and organizations and the things (devices, buildings, sensors, etc.) with which they interact. In order to explain further, a use case of the ecosystem creation process of the Finnish government was presented. Dan concluded his presentation by explaining how everything is coming together: the ToIP Stack is used to create a new organisation, targeted specifically at the interoperable digital trust marketplace.

After the two expert presentations, there was an Open Forum where the GFCE community was invited to provide comments, raise questions and share experiences on emerging technologies.