The ON: Innovation hosted a panel on cybersecurity this Monday, June 17th at the Shearman & Sterling LLP International Law Firm in New York. A prevalent topic with recent stories on the NSA and Snowden. The focus of the panel was to understand challenges and opportunities companies and consumers face when it comes to cybersecurity. The panelists represented 4 different perspectives in the industry – Biometric Technology, Government Defense, Startup, and Health Care:
- Jeff Carter, Chief Strategy Officer of Eyelock, Inc., a company that provides iris identity authentication solutions
- Carrie Schaper, Federal contractor for the U.S. Merchant Marine, who specializes in leading recon teams against attacks by hacker groups
- Bradley S. Leinhardt, Co-Founder of SOCURE, a social biometrics online identity verification startup. He’s also a partner of the U.S. Secret Service NY Electric Crimes Task Force
- Dale Nordenberg, M.D., Founding Director of the Medical Device Innovation, Safety and Security Consortium
Some takeaways for me were:
“Patches are never up to date as long as there’s software” and “Something that’s 100% secure is something that’s broken. You are never 100% secure.” – Carrie. There are more than ever ways for online attacks, especially through social networking. The best approach is to spend the most resources on and isolate your high risk systems, build a DMZ around them, automate the rest of the systems as much as possible and have continuous monitoring for everything.
“What do I think about privacy… privacy doesn’t exist anymore. Consumers’ data get sold.” – Brad. Douglas Rushkoff agreed with Brad in this video interview. He said, instead of paying Gmail money for email service, we pay with our personal data. Instead of paying Facebook with subscription feeds, we pay with our profiles. Companies like Facebook or Amazon have privacy statements that pretty much say “we own your data”, people just don’t read them.
Jeff Carter explained a concept that was formed at the Center for Future Banking Think Tank: the identity of people, places and things. Identity of places are defined with GPS, longitude and latitude. Identity of things or devices are IP networks and embedded tags. Identity of people have been quite archaic. When you open a bank account, you are asked to present KYC information, and these documents are easily forged. “Iris scan provides the glue that links the physical and digital worlds together. Security, or the notions of control, are somewhat gone, but it gives you ability to frame, audit and understand who’s interacting with you, puts you in a place where you can have mass movements of people and understand the environment you’re working in.”
“Medical device software are not updated like computers. You are dependent upon the device manufacturers to do the updates” – Dale. This hadn’t occurred to me previously, but this type of dependency poses high risk for patients’ medical data to be exposed if either side is not diligent in keeping security software up to date.
The next On: Conference will be in September, panel topic will be Finance. Full stream of the cybersecurity panel found here.