Thirteen new security measures will be rolled out later this year in the Singapore public sector to protect personal data after a spate of breaches in the Republic in the past year. These new measures aim to make illegally extracted data more unusable, to detect anomalous data traffic and to limit users’ access rights.
Announced by the Republic’s government earlier in the week, it formed an appropriate background to the start of this year’s RSA Conference 2019 Asia-Pacific & Japan. They were among the issues of protecting, defending and investigating cyber incidences discussed at the Conference. That’s the reason why more than 6,000 participants travelled to Singapore from the region to deepen and better their cyber security knowledge.
In its seventh edition, the Conference not only offers the deep dives into cybersecurity but also the place where relationships are strengthened through networking and where startups showcase their latest cybersecurity innovations.
To one side of the conference held at the Marina Bay Sands Convention Centre, is an exciting Cyber Investigators’ Challenge where students solve simulated scenarios to outwit the criminals and “capture the flag”.
One overarching message on Day 1 was that people are the weakest link in security defence. Public awareness of cybersecurity must not only be raised but improved, starting with primary school kids. Teenager Kyra Guru, said it’s never too young to teach kids about cybersecurity. In her energetic 20-minute keynote presentation, the 17-year-old highlighted that kids today live their lives online from an early age so they ought to learn to protect themselves from cyber threats.
Travelling all the way from Chicago where she lives, Guru as CEO of Bits N’Bytes wants to get kids to the “main table” where they can ask questions pertaining to cybersecurity with their elders, in bid to better understand how to protect themselves online.
Realising that people are at the front and centre of cybersecurity, Singapore has also called for raising public awareness on cybersecurity because “we are as strong as the weakest link,” said keynote speaker Amrin Amin, Senior Parliamentary Secretary for the Ministry of Home Affairs, Singapore. New initiatives on this I am certain will be rolled out soon.
I would vote Guru as the most passionate speaker, giving the most thought provoking idea at the Conference. But the most significant issue raised goes to Diana Kelley, Cybersecurity Field, Chief Technology Officer from Microsoft. It was refreshing to learn about diversity and inclusion in AI solutions, issues not often heard in techie conferences especially in Asia.
Kelley’s warning is apt in a region where there are multi-cultural and multi-racial people and workforce. She highlighted the potential integration of human bias in AI solutions. These tools need to be ‘taught’ by millions of data points which are collected by people who can unconsciously inject their bias into the data sets. A recruitment tool, for example, ‘taught’ by millions of CVs collected by human resource professionals would identify a white male programmer as the ideal candidate because the majority of programmers are indeed white men. Hopefully, the audience took note of her warning.
Hence trust in the security solutions is important. So is trust in data security. Data is the new fuel, powering businesses and governments which in turn, must demonstrate cyber resilience to earn the trust of consumers and citizens.
RSA President Rohit Ghai passionately set forth that enabling trust in the digital world requires IT systems to be digitally well, healthy and secure. The idea for the keynote audience is to think about how digital risk management is key to powering innovation.
The Conference is a place where participants learn the latest at the breakout sessions. Over the three days, there will be 100 speakers at these sessions. On Day 1, there were interesting topics around DevSecOps which is fast becoming part of an integral movement towards security automation and Ethical Hacking- or penetration testing - which is a key defence tool to help security professionals identify and fix weaknesses in an IT system.
On the exhibition floor, the latest security solutions and products were showcased by the 75 exhibitors including RSA, Microsoft and Splunk. Much interest was also generated by the 19 security startups from across the region. They hope to expand their businesses in this region. Certainly, they would also welcome investor queries.
The networking continued with a reception at the end of Day 1. A smaller group of women in security held their own networking to share their cyber security journeys. I was riveted by Diana Kelley of Microsoft’s journey. Surprise, she is an English major. But she is a techie through and through. She reminds me of the 10,000-hour rule outlined by author Malcolm Gladwell. The key to achieving world class expertise, said Gladwell, is to practice for 10,000 hours, meaning that an expert would have to start from a young age. Kelley did just that, programming on a Texas Instrument calculator, a gift from her father who was a researcher at a university. He had access to a PDP computer (this computer has “died”) where Kelley managed to get an account. This gave her access to Darpanet, an early iteration of the Internet. She was then 13 years old. She used the account to do instant messaging, emailing programming and even hacking.
Her experience she shared is that while she did not study computer science, she was given the opportunity to develop networks and cyber security. She became good at it and got into the industry. It is an inspirational story to end Day 1 of the Conference.