Cyber 2018 took place at Chatham House last month which aggregated cyber experts, academics and leaders across various sectors to discuss cyber risks, governance and crisis response. As ever, the conference lived up to its high calibre in terms of debate, speakers, and attendees' questions.
Topics ranged from new and continuing cyber risks, protecting critical national infrastructure, state behaviour in cyberspace and cyber challenges for government, increased connectivity, standardization and security, privacy and personal data, cyber risk, defence and approaches to cyber crisis management.
Discussions remain under Chatham House Rules, however, there were some on the record conversations which included a live-streamed conversation with Christopher Wylie, former Director of Research at Cambridge Analytica.
Wylie spoke candidly about the recent Facebook-Cambridge Analytica scandal, stating that Facebook knows exactly what is happening on its platform, but to say so would mean having a very “awkward” public conversation. Wylie said that elections are no longer purely national; they’re global and so democracies need to be more resilient to misinformation campaigns. He said that the lack of checks and balances beckon a new regulatory regime. “We have standards for consumer safety on roads, so why not online?”
Although Wylie does not regret exposing the British data firm’s collection of Facebook user data, he painted a far from rosy picture of the consequences of whistleblowing, stating that it “sucks” and that it shouldn’t be necessary for someone to “blow their life up” for voicing the truth.
A call for greater transparency in who is being targeted and how exactly our data is being used was unequivocally supported.
However, at a time when the future looks bleak for the individual’s power over their own data, one speaker said they’d be quite happy selling their information at a hefty price to companies in the future which, in turn, would empower us to decide how we manage our data.
One attendee stated that more openness is required to guarantee IoT security. Hackers are the most sharing, creative community out there and terrorist attacks on IoT will happen sooner rather than later.
The challenge of attack attribution is often raised in cyber security. One speaker explained that rather than this being a technical issue, nation states refrain from attributing attacks due to political reasons. They said that politics gets in the way of cyber security and nation states should be named, shamed and held accountable for their actions.
Although one attendee said that the UN is taking good strides in cyber advancement and information sharing between states, another said there is a greater need to build partnerships between governments and companies, as well as connectors and designers. “If you wait for the UN to solve this problem, it’s never going to be solved - we need to act fast or our adversaries will be laughing.”
And while there was call for greater cyber regulation, one speaker said that regulation must be also treated with caution. If we over-regulate the net, we’ll be driving a lot of entrepreneurial talent out of Europe to Silicon Valley, so we have to think about regulating “better” and not over regulating with bad regulation.
One question posed at the event was, “Do we need new legislation in cyberspace or can we be more creative about applying exisiting laws that we’ve worked hard to form?” It’s a good, thought-provoking question, as were many others.