English 25 version Cybersecurity, a worldwide challenge The critical infrastructures Internet security should Authentication The intention is that the of countries that are be guaranteed by the techniques must guarantee data be monitored by the not prepared to defend Government in the same the protection of data, country that has them or its themselves from way as electricity, which is a that is, they must protect companies beyond national cyberattacks should not basic service. the privacy of users using territorial boundaries. connect their infrastructures powerful encryption to the network. systems. P. 26 P. 33 P. 38 P. 64 Cybersecurity, a worldwide challenge New computing capacity and “artificial intelligence”, which is becoming more powerful all the time, are allowing them to automate their attacks on a massive scale. www.fundacionbankinter.org FTF | Fundación Innovación Bankinter Acknowledgements Our gratitude to Ms. Amaya Finally we would like to thank The views and opinions Quincoces, journalist and author the members of Fundación expressed in this report are of this report. Without her Innovación Bankinter team for those of the author and do collaboration were not possible their commitment and follow not necessarily reflect the the launch of this publication. through in the development of position of the experts that the content of this publication: participate in the Future Our thanks to all of the Members Trends Forum meeting. of the XXV Future Trends Forum Fundación Innovación Bankinter (FTF) who made the forum a Sergio Martínez-Cava success, and a special thanks to Marce Cancho those who made contributions to María Teresa Jiménez this publication: Lara García de Vinuesa Pablo Lancry For their invaluable support in the composition of this publication: Eden Shochat Fabio Assolini John Lyons Caroline Baylon Inbar Raz Steve Wilson Evan Wolff Kevin Sale Richard Parry For their invaluable role in the methodology and organization of the Future Trends Forum: Chris Meyer Garrick Jones Clemens Hackl Jake Holmes Fernando de Pablo 4 Cybersecurity, a worldwide challenge Speakers and Assistants Abdou Naby Diaw Ilya Ponomarev Philip Lader Thank you so much, Chief Security Office Russian member of Parliament, Former non-executive chairman Fundación Innovación Bankinter (CEO) Vodafone. chairman of at WPP Group and trustee of the Duma Innovation and Fundación Innovación Bankinter. Carlos Jiménez Venture Capital Subcommittee. Founder and president Ram Levi of Secuware. Inbar Raz Cybersecurity expert, CEO at VP of Research at Perimeter X. Konfidas, co-founder at London Caroline Baylon Cyber Security (LCS). Director, Cyber Security Isaac Gutiérrez Research Programme, International Chief of Richard Kivel Center for Strategic Cibersegurity at Prosegur. Senior manager at Bridgewater Decision Research. and chairman at Rhapsody Jens Schulte - Bockum Biologics. Trustee of Fundación Drew Dean Former CEO Vodafone Germany Innovación Bankinter. Program director at and trustee of Fundación SRI International. Innovación Bankinterr. Richard Parry Principal at Parry Advisory. Eden Shochat John Lyons Founder of Aleph and Chief executive & founder at Rolf Reinema trustee of Fundación International Cyber Security Head of Technology Field Innovación Bankinter. Protection Alliance (ICSPA). at Siemens. Emilio Méndez Julia Li Steve Wilson Director of the Center Founder and CEO of HCD Global. VP & principal analyst at for Functional Constellation Research. Nanomaterials (CFN) Kevin Sale and trustee of Fundación IT Security specialist at King Tan Chin Nam Innovación Bankinter. Abdullah University of Science Senior corporate adviser and & Technology. former permanent secretary. Evan Wolff Trustee of Fundación Partner in Crowell & Moring. Khoo Boon Hui Innovación Bankinter. Former president of INTERPOL. Fabio Assolini Wilfred Vanhonacker Analyst of the Michael Osborne Coca-Cola professor of Marketing, company Kaspersky. Manager Privacy and Security Olayan School of Business, Cognitive Computing & Industry AUB and trustee of Fundación Fernando Vega Solutions Department, IBM Innovación Bankinter. Information Security director Research Division. at Bankinter Global Services. Michael Schrage Research fellow, MIT Center for Digital Business. Miguel Rego CEO at IN CIBE (Spanish National Cyber Security Institute). 5 FTF | Fundación Innovación Bankinter Index 6 Cybersecurity, a worldwide challenge Prologue 8/9 08 Eden Shochat 10 Chapter 1 Cybersecurity threats 10/27 Introduction 12 1.1 Cyber felons profit from the Internet 13/15 1.2 Software will never be one hundred per cent safe 16/19 Prologue by Fabio Assolini 1.3 Cyberwar and cyberterrorism 20/23 Prologue by John Lyons 1.4 Concerns involved in connecting critical infrastructure to the internet 24/26 Prologue by Caroline Baylon Conclusions 27 28 Chapter 2 The security of the internet user 28/49 Introduction 30 2.1 The “Internet of Things”, a paradise for cybercrime 31/35 Prologue by Inbar Raz 2.2 The weaknesses of digital identity 36/39 Prologue by Steve Wilson 2.3 Intimacy and privacy versus cybersecurity 40/45 Prologue by Evan Wolff 2.4 How to improve cybersecurity 46/48 Prologue by Kevin Sale Conclusions 49 50 Chapter 3 The future cybersecurity 50/69 Introduction 52/53 3.1 A road map with ten proposals 55/68 Prologue by Richard Parry Conclusions 69 70 Experts predictions 70 7 FTF | Fundación Innovación Bankinter Prologue by Eden Shochat Founder of Aleph and trustee of Fundación Innovación Bankinter. The 2014 JPMorgan Chase cyber-attack compromised 83 million accounts of individuals and small businesses. nvestigators had uncovered a trail of manufacturers behind the F-35 stealth fighter). 75 shell companies created by the four According to McAfee, the primary goal of these I suspects, with activity going back as far as attacks was to gain access and potentially modify 2007, reaping “hundreds of millions of dollars source code repositories at these high tech, in illicit proceeds”; In another incident, a group security companies and defense contractor. associated with the People’s Liberation Army ran “Operation Aurora”- a series of cyber attacks It is crucially important to understand that cyber targeting dozens of companies, including Google, warfare can also be used as a military weapon. Adobe, and Northrop Grumman (one of the More than 80,000 Ukrainian citizens suffered 8 Cybersecurity, a worldwide challenge Cybersecurity, a worldwide challenge a power outage caused by a (never confirmed) of any number of vulnerable targets. This new Russian malware that took over the control centers generation of AI-based malware would be able of multiple power plants. The US Department of to continuously evolve with new attack methods Homeland Security demonstrated, as early as 2007, and never give up finding new vectors to reach a how 21 lines of code can destroy a power generator. financial, military or other gain set by its operator. The attack of Stuxnet (a malicious computer worm) on the Iranian nuclear facilities demonstrated These present and future scenarios emphasize the an actual live attack in the wild. This caused the importance of being prepared. Cyber defense is US, and many other countries to create “Cyber notoriously hard since while the defender needs Commands” for both defence and offense purposes. to succeed 100% of the time, covering all of the playing field, the attacker only needs to succeed We already pay for fraud through the fees for once, usually at the point of least resistance. every transaction we make with our credit cards. The impact of these risks and threats is extremely This report by the Future Trends Forum includes broad. People fear identity theft and widespread recommendations about education, regulatory “locked data blackmail”, governments attempt to involvement (while trying to minimize risk of protect themselves against cyber-based spying and over-regulations) and the handling of enforcement potential attacks on their critical infrastructure challenges through cross-border collaboration. assets by other nation-states and corporates are burdened with financial loss and brand-destroying We are sharing this report as one of the many cyber attacks such as the one on Sony in 2015. steps required for education and as an instigator for further discussions. I hope you benefit from the One of the biggest challenges defenders face is information presented, even if daunting at times. that attacks are rarely perpetrated within a single national border. The JPMorgan attackers were from Israel, Russia and possibly other countries. These cross-border issues make mitigation and prosecution hard (between western states) to impossible (if the attack is from another nation or one with lesser extradition treaties like China). Bio This is our reality today Eden Shochat is a Bankinter Trustee. His The tomorrow is far more concerning. We have passion is building “stuff”, most recently enjoyed speech and face recognition, autonomous Aleph, $150MM venture capital fund; The vehicles and super-smart in-game opponents Junction, voted #1 startup program in Israel; through advances in deep learning. These same face.com, a massive face recognition API strides in artificial intelligence (AI) could and will acquired by Facebook; Aternity, the leading enable cyber attackers to target an attack on a user-centric enterprise IT platform; and significant number of high value targets and by GeekCon, Europe’s biggest makers conference. that create a new form of advanced persistent In his free time he teaches in the