smart insights for a digital world algorithmic models sci ...€¦ · biometric manipulation. on...
TRANSCRIPT
GEMALTO.COM
View on all devices
FACIAL RECOGNITIONThe new science of identityIn the online economy, where activity happens remotely, reliable authentication and identification can be hard to achieve. An email is not a failsafe proof of identity, people forget passwords and PINs, which is why attention has turned to biometric alternatives and the potential of facial recognition. We look into the development of this technology, its many real-world applications and why the ethics of facial recognition need to evolve in tandem with its deployment.
Discover the future of facial recognitionwww.gemalto.com/facial-recognition
Issue 2 2019
Smart insights for a digital world
Dr Rumman ChowdhuryWhy artificial intelligence needs to recognize human assumptions
utopian dream
sophisticated
mimic
algorithmic models
the
huma
n co
ndit
ion
While the technology is new, the questions we ask are not
sci fi future
inclusion
diversity
social bias
ethical use of data
beha
vior
s
fairn
ess
A ROAD MAP FOR SMART CITIES • BLOCKCHAIN MAKES NEW CONNECTIONS • BEWARE THE SOCIAL ENGINEERS
Barely a day passes without a reminder of how digital technology continues to transform businesses and offers innovative opportunities to create new services. But alongside these new service offerings is another output: an explosion in the volume of data. Harnessing this data, and making sense of it, is a huge challenge that requires the kind of processing power that can only be delivered by the application of artificial intelligence (AI).
But how can we trust AI to manage and protect these vast amounts of data? And what kind of decisions should we allow AI to make based on the data? Gemalto, a Thales company, understands that crucial to successfully applying AI will be building trust both among organizations and the customers they serve.
In this first edition of the magazine since Thales acquired Gemalto, we lay out how the combination of our business with Thales’ existing digital expertise has created a company that’s capable of addressing the key pain points in today’s connected world; finding the right blend of security and ease of use that is building trust in digital services – whether it’s speeding up the process of customer onboarding in financial services or flight check-in time for air passengers. If you want to see these solutions at first hand, then come and visit us at the conferences and exhibitions we attend, such as Milipol or the Thales InnovDay (see page 7 for the full list).
On page 18, we meet Dr Rumman Chowdhury, Global Lead for Responsible AI at Accenture, who is building trust in AI by making sure it is ethical, explainable and transparent. She is working with organizations to codify AI governance structures, looking at whether the data powering their AI models is being used in support of the purpose for which it was collected and if organizations have been transparent about how it is used.
As AI evolves, it will create new possibilities but also new challenges, not least in the rise of attacks that subvert AI algorithms – deploying ‘deep fake’ images and other biometric manipulation. On page 34, we look at how AI is getting smarter, with machine learning algorithms able to assess multiple sources, such as what appointments are in your diary or the time of day you’re logging in, and combine this with biometric information, such as voice pattern, in order to confirm identity.
One thing is certain: without AI we will struggle to make sense of the huge explosion in data from our connected world. Managing the after-effects of this explosion will therefore be crucial in building trust. We hope that by working sensibly with AI, we can make everyday life more convenient and secure for all.
Philippe Vallée Executive Vice President, Digital Identity & Security, Thales
gemalto.com @gemalto LinkedIn.com/company/gemalto
Cov
er p
hoto
grap
hy: C
harl
ie S
urbe
y
The Review is published by Gemalto Corporate Communications – www.gemalto.com
© 2019 Gemalto – www.gemalto.com. All rights reserved. Gemalto, the Gemalto logo and product and/or service names are trademarks and service marks of Gemalto NV and are registered in certain countries. The views expressed by contributors and correspondents are their own. Reproduction in whole or in part without written permission is strictly prohibited. Editorial opinions expressed in this magazine are not necessarily those of Gemalto or the publisher. Neither the publisher nor Gemalto accepts responsibility for advertising content.
For further information on The Review, please email [email protected]
The Review is printed on Cocoon Silk 50 paper. Certified as an FSC mixed sources product, Cocoon Silk 50 is produced with 50% recycled fiber from both pre- and post-consumer sources, together with 50% FSC certified virgin fiber from well-managed forests.
Stronger identityContributors
Tim GreenTim was a senior analyst at Screen Digest before launching B2B title Mobile Entertainment in 2005.
Sarah KidnerSarah has 20 years’ experience writing about technology, including being editor of Which? Computing.
Adam OxfordSouth Africa-based Adam has been a technology journalist for the past 15 years, writing for titles across the world.
Tamsin OxfordA journalist and editor for nearly 20 years, Tamsin specializes in IT and has edited titles such as PC World.
Len WilliamsLen is a technology journalist who has written for a number of companies, including Microsoft and Dimension Data.
The Review is produced for Gemalto by Wardour, Drury House, 34–43 Russell Street, London WC2B 5HA, United Kingdom +44 (0)20 7010 0999 wardour.co.uk
COMMUNICATIONS MANAGER, THALES Laurence ManouelidesHEAD OF EDITORIAL Luke TurtonGROUP ART DIRECTOR Steven GibbonPRODUCTION MANAGER Jack MorganPRODUCTION DIRECTOR Angela DerbyshireACCOUNT MANAGER Daniel BradleyHEAD OF CLIENT SERVICES Emma FisherCREATIVE DIRECTOR Ben BarrettMANAGING DIRECTOR Claire OldfieldCEO Martin MacConnol
WELCOME
2
3
SPECIAL REPORT: THE THALES ACQUISITION OF GEMALTO 8 CULTURESComing togetherThales’ Philippe Vallée, EVP of Digital Identity & Security, and Philippe Keryer, EVP, Strategy, Research and Technology, talk about the Gemalto acquisition
10 SECTORSBuilding with purposeFind out how Thales and Gemalto’s combined capabilities will usher in a new era of digital security
12 TECHNOLOGIESCreating the futureSee how we’re exploring new ideas and developing new solutions to transform society
4 DIGITAL DIGESTReality gets extended, operators become identity brokers, smart trucks rule the roads, blockchain moves to AI and much more
14 SOCIETYHow to build a smart cityBy 2050, there could be 2.5 billion people living in cities – and billions more smart devices. See how an intelligent network of connected things can make city living easier, safer and faster
18 FIRST PERSONEthics by designBias in AI has its origins in human assumption, argues Dr Rumman Chowdhury, Global Lead for Responsible AI at Accenture
22 INSPIRATIONThe job that never sleepsWith failure to keep intellectual property, data and people safe disastrous for businesses, the CISO is under pressure
26 DIGITAL PLANETBlockchain makes the connectionFrom tracing fresh food to the provenance of art, blockchain is bringing new levels of transparency, security and efficiency across the globe
28 INNOVATIONBridging the generation gapWhile the connectivity offered by 5G has huge potential, it also raises questions around data management and privacy
31 SOCIETYDigital swindlersCon artists have long used psychology to trick victims. What can enterprises do to outwit them in the digital age?
34 INNOVATIONSecurity lessons in machine learningWhile machine learning may create efficiencies in the way organizations run and protect themselves, can it always be trusted?
38 EARLY ADOPTERSIt’s the journey not the destinationThe automation of transportation is set to transform the way we use and perceive road, rail, air and sea
In this issue…18
2228
Read more online
For more on the latest trends in technology and digital security, visit The Review’s online partner, /review, at gemalto.com/review
08
DIGITAL DIGEST
4
Operators to become identity brokersJuniper Research predicts that over 5 billion smartphones will contain some form of biometric technology by 2024 – nearly 90% of all smartphones. The research, Digital Identity: Technology Evolution, Regulatory Analysis & Forecasts 2019-2024, suggests that mobile phones will become the primary source of identity for over 3 billion people by 2024, particularly in emerging economies with limited government identity provision.
The use of unique mobile identifier services, which provide identity verification through SIMs, will generate more than US$7 billion for mobile operators in 2024. This is up from an expected US$859 million in 2019; a growth of over 800%. Smartphone vendors will also aim to take a share of this market by producing devices with advanced functionality, including biometric identity capabilities. The research says, however, that traditional forms of identification will not be entirely displaced by mobile forms in the near future, with documentation still needed when a new customer registers for a service.
“Service onboarding is still an opportunity for fraud, despite advances in biometric technology,” remarks research author James Moar. “Many services require a tie back to an existing form of ID, which typically means analog identification. As a result, facial recognition will become key as it can bridge the digital-physical gap more easily than other biometrics.”
Source: juniperresearch.com
Blockchain switches focus to AIThere has been a shift in blockchain startups from focusing purely on cryptocurrency to convergence applications. While the interest generated around Bitcoin and Ether meant that blockchain teams initially focused on the cryptocurrency space, a new study by Outlier Ventures in early-stage rounds of blockchain investment reveals that AI now leads the pack, with fintech and data analytics closing the gap, and data ownership not far behind.
The report notes that US$23.7 billion has been raised by 3,738 blockchain companies since 2013. However, discounting a handful of exchanges and wallets, there has not yet been an application that has broken through to mainstream adoption. This could explain why the number of blockchain startups receiving early-stage funding are high, but follow-on rounds are few and scarce.
Joel John, Research Analyst at Outlier Ventures, says there can be an expertise gap with capital investments. “The heavy competition in early-stage financing for blockchain-based startups means a large number of investors provide nothing more than capital. Investments in equity are considered a hedge against liquid tokens.”
John goes on to say that designing profitable business models makes it difficult for startups in the ecosystem to evolve past a point.
“Blockchain startups have the two-fold challenge of establishing a new paradigm and warding off existing competition – a hard task to do without the necessary guidance in place.”
Source: outlierventures.io
GE
TTY
ISTO
CK
Keep up to date with digital security news at blog.gemalto.com
If I send 500 SMS messages, it will take 10 seconds for at least one of the recipients to click through. Thirty seconds later they will reveal a password. By the time I’ve finished my coffee, I’m in”RICHARD DE VERE, PRINCIPAL CONSULTANT, THE ANTISOCIAL ENGINEER
Read more on page 31
© D
AIM
LER
AG
ISTO
CK
5
Trucks that can pick up the billDaimler Trucks has given its trucks their own digital identity with legal capacities. The truck identifies itself to other machines thanks to the newly developed digital Truck-ID that is supplemented by a Truck Wallet to make payments. Just like a real wallet, the Truck Wallet can hold cash for payments and additional cards such as fuel cards and loyalty cards – though all in digital form. In an initial test, a truck successfully carried out an automatic payment at an electric charging station.
The Truck-ID and Truck Wallet are both currently still in the prototype phase. They are stored as encrypted software programs within a cryptographic processor, which is part of the central telematics control unit of new heavy-duty truck –the Mercedes-Benz Actros. The technology has the potential to streamline the processing of road tolls, for example, with the truck able to directly provide the system with data that has a unique signature.
“Our aim is that, in future, trucks will be able to act on their own behalf in various fields of application,” said Dr Helge Königs, head of the Truck Wallet project at Daimler Trucks. “Drivers can then concentrate more on their actual driving tasks and haulage firms benefit from a significant reduction in administration work and more secure processes. This renders it practically impossible to carry out such things as fuel card scams whereby criminals copy a fuel card and spy on the PIN being entered.”
Source: media.daimler.com
To 5G and beyondWhile 5G trials continue to be conducted in different markets, and the spectrum is being auctioned by multiple authorities, all the commercial services currently seem to offer is enhanced mobile broadband, with service providers relying on fast internet access and high data speed as the key selling points. According to What’s Next for 5G?, a report from Telecoms.com, this has led purists to claim that what we have now is not real 5G.
At the same time, discussions have already begun around 6G and the report suggests that the first 6G networks could be live by 2030. As with any future technology, opinions vary on how 6G will impact the market, but one paper, entitled A Vision of 6G Wireless Systems, suggests that the higher data rates offered by 6G could ring the death knell for smartphones as wireless connectivity allows smart wearables, integrated headsets and even smart body implants to drive our interactions.
In the run up to 2030, What’s Next for 5G? says that ambitious telecoms players should start taking 6G seriously now. It urges the telecoms industry to quickly expand 5G coverage for consumer use outside the hotspots; launch more affordable 5G terminals, in particular smartphones; and, crucially, play a more proactive role rather than a defensive one, as it did in the 4G era when facing the rise of over-the-top media services such as Netflix or Prime.
Source: telecoms.com
DIGITAL DIGEST
Why are we so willing to spend billions of dollars on this notion of colonizing Mars, but we’re not willing to spend that money on making sure the entire world is educated?”DR RUMMAN CHOWDHURY, ACCENTURE
Read more on page 18
6
The future of reality Extended reality, or XR, is the emerging umbrella term now being given to all computer-generated environments that either merge the physical and virtual worlds, or create an entirely immersive experience for the user.
Drawing together virtual, augmented and mixed reality, as well as any future realities the technology might bring, the term ‘XR’ marks a fundamental shift in the way people interact with media. It points to a world where we interact with the real and virtual in a seamless way without having to make any choice or distinction about which kind of technology we are using.
Potential applications of XR include the entertainment industry, where the technologies deliver immersive experiences that offer consumers an opportunity to experience live music and sporting events, for example, from the comfort of their VR headset. However, this is not the only industry that could benefit from virtual expansion, with people who work in high-risk conditions – such as chemists or pilots – able to train safety in a conventional classroom setting. Medical students, meanwhile, could get hands-on practice on virtual patients.
Source: visualcapitalist.com
Transforming Africa’s healthcare systemCareAi is an AI-powered computing system using blockchain that can diagnose infectious diseases, such as malaria, typhoid fever, and tuberculosis, within seconds. The system delivers health services to patients anonymously and could transform Africa’s healthcare system.
To use CareAi, a finger is pricked for a drop of blood, the blood is deposited onto a specialized chip, which is then inserted into the machine. The sample is anonymized and then analyzed by CareAi, referencing medical and diagnosing libraries before dispensing advice with a corresponding rating of confidence.
According to Ndubuisi Ekekwe, a Nigerian professor and founder of First Atlantic Semiconductors & Microelectronics, while the population is booming, most African countries are losing their medical professionals. Writing in Harvard Business Review, he says that the situation is “exacerbated by the ease with which foreign countries can hire them, and the near impossibility of African governments being able to match their foreign wages”.
If products like CareAi are able to penetrate into villages and cities across the continent, they could handle some of the minor healthcare issues, meaning that the available healthcare professionals could focus on the most difficult issues. Ekekwe makes the point, however, that getting to this point will require data. “Besides diagnosing a villager with malaria, it’s important to know the medical history of the person, the drugs the individual is currently taking, and other factors,” he says, adding that entrepreneurs across the continent are now working on this data challenge in the healthcare sector.
Source: hbr.org
ISTO
CK
ISTO
CK
Explore The Review’s online partner, /review, at gemalto.com/review
Event calendarGemalto regularly participates in trade shows, seminars and events around the world. Here’s a list of those taking place in the next few months.
7
Cybercrime cost to top US$5 trillion in five yearsThe cost of data breaches will rise from US$3 trillion each year to over US$5 trillion in 2024, an average annual growth of 11%. A report from Juniper Research reveals that the marked rise in costs reflects the increased fines that will result from data breaches as regulation tightens, as well as the impact of business loss as enterprises become more dependent on the digital realm.
The Future of Cybercrime and Security report says that in spite of cybersecurity increasingly becoming part of corporate culture, it is not necessarily gaining traction with system users. As a result, Juniper Research expects that security awareness training will become a more important part of enterprise cybersecurity practice.
“All businesses need to be aware of the holistic nature of cybercrime and, in turn, act holistically in their mitigation attempts,” says research author Susan Morrow. “As social engineering continues unabated, the use of human-centric security tactics needs to take hold in enterprise security.”
In terms of who will carry the cost of data breaches up to 2024, Juniper predicts that North America will lead throughout the forecast period, although its share will decline slightly as other regions introduce harsher penalties for data breaches. The research group also maintains that the majority of breaches will target SMEs, which typically cannot afford sophisticated cybersecurity.
Source: juniperresearch.com
Date Event Location
Nov 19–21 2nd INTERPOL Fingerprint and Face Symposium
Lyon, France
Nov 19–22 Milipol Paris, France
Nov 26–28 Trustech Cannes, France
Nov 27–29 Thales InnovDays Paris, France
Dec 10–12 2019 Gartner Identity & Access Management Summit – US
Las Vegas, NV, US
2020
Jan 7–10 CES 2020 Las Vegas, NV, US
Jan 28–29 Paris FinTech Forum Paris, France
Feb 7-8 World eSIM Berlin, Germany
Feb 24–27 MWC Barcelona, Spain
Feb 25–27 Embedded World Nuremberg, Germany
Mar 4-6 Homeland Security Indonesia
Jakarta, Indonesia
Mar 18–19 IoT World Paris, France
Mar 18–20 International Security Conference West
Las Vegas, NV, US
Mar 25–26 Seamless Payment ME Dubai, UAE
Mar 31–Apr 2 Passenger Terminal Expo Paris, France
Apr 28–29 ID @ Borders Brussels, Belgium
May 19–21 IFSEC London, UK
Jun 2–4 ID4Africa 2020 Marrakech, Morocco
Jun 2–6 Computex Taipei Taipei, Taiwan
Jun 9–11 Identity Week London, UK
ISTO
CK
These events are subject to change and up-to-date information may be found on www.gemalto.com
CULTURESTHALES AND GEMALTO
Philippe Keryer, Thales’ EVP, Strategy, Research and Technology, and Philippe Vallée, EVP of Digital Identity & Security at Thales (and formerly CEO of Gemalto), talk about the thinking behind the Gemalto acquisition and what the future holds
ILLUSTRATIONS PADDY MILLS/SYNERGY ARTS
What do Thales and Gemalto mean together?Philippe Keryer (PK): This is the start of a new chapter for Gemalto and Thales, and for each and every one of us in different locations around the world. Together, we are more than 80,000 people worldwide – working in 68 countries. It goes without saying that the human dimension is key – our employees are some of the most brilliant, hardworking women and men in the world. They are helping secure the critical decision chains that power the world – that keep us moving and ensure we are safe.
Where are the opportunities?Philippe Vallée (PV): Digital transactions are growing every day, and trust is of the essence to make those transactions safe. These transactions are
COMING TOGETHER creating billions of data records every day and these
records must be protected.
PK: Everything is done more and more digitally – whether that’s communications, banking, business, or even securing and defending our borders. The world is fast-moving and unpredictable. At the same time, there are more opportunities than ever before.
What does Gemalto bring to the party?PV: Gemalto has two main areas of expertise: protecting data and identifying people and things securely. These are essential to any digital service, from mobile banking to border control. These capabilities complement what Thales already does.
PK: All our customers need to know that their digital networks are safe – protected from cyberattacks and online fraud. That’s what Gemalto’s teams bring, they have the expertise and knowledge to keep the most critical digital networks safe across the world.
8
and researchers are starting to create even better solutions using a combination of our technologies.
PK: To serve our ambition to be a world leader in digital security, Gemalto is now at the heart of a new global division, called Digital Identity & Security. This global division comprises 16,000 employees, made up of all the former Gemalto employees, plus Thales’ existing digital activities.
PV: If you think about the decision chain of Thales, from data collection to the decision moment, our technology fits in perfectly. We plug right into this very critical decision chain.
So, what’s next?PV: With Gemalto’s expertise in object identification and authentication, plus Thales’ expertise with radars and sensors, airports could make sure drones are validated or recognized as who they say they are, and as a result, better control their airspace.
PK: We have set an ambition to be leaders in all our markets: Aerospace, Space, Defense and Security, Ground Transportation, and now, Digital Security. To get there, we believe that innovation is a key differentiator for us to grow faster than our competitors.
PK: To develop a common future, we are focusing on our similarities and shared strengths, and we are capitalizing on our differences.
PV: Thales provides critical infrastructure while Gemalto provides intimacy with the end-user. This is exactly the sort of area where we think the new, integrated company could create solutions.
PK: We’re uniting as one company, and we firmly intend to be number one in everything we do – and a new world leader in digital security.
PV: Digital identities, biometrics, data protection on Gemalto’s side, and sensing, cybersecurity, big data on Thales’ side.
PK: We’re coming together to create solutions that could power the world to achieve what is currently considered impossible.
To find out more about the acquisition, go to tinyurl.com/thales-gemalto
What should customers expect?PV: Gemalto brings digital security expertise, as well as pioneering technology and deep market understanding in mobile, banking, government and enterprise security. In the short- to medium-term, this brings many opportunities for providing Gemalto solutions to Thales customers and the other way around. An example of this is airport security, where both companies are well positioned.
PK: Together, we now have the ability to cover the digital needs of all existing customers in defense and civilian businesses, with a unique portfolio of technology and expertise in the Internet of Things (IoT), mobile or the cloud.
PV: Our technology can help connect many Thales solutions and securely identify any user or device using a digital service or as part of the IoT. And, in the background, the vast amount of data generated by these services is protected by Gemalto technology. We already sell to 30,000 businesses and governments but the potential is massive.
PK: We’re integrating all of Gemalto’s expertise into Thales, to create a company capable of meeting and beating the most advanced digital threats and making life better and safer for all. Our combined expertise is going to create new innovations, offers and solutions across all our markets.
How will you combine technologies?PV: We are already working on many new business synergies. Take ground transportation, for example. Thales provides rail signaling and works with transport companies across the world. Gemalto could provide mobile payment solutions to Thales’ ticketing systems. Our IoT solutions could be used in connected signal systems, predictive maintenance of internet-enabled tracks, and many other smart ideas.
PK: As a group, we have a tremendous opportunity to learn from each other in order to deliver more for our customers.
PV: Working together, we can market Gemalto’s existing solutions to Thales’ customers, and vice-versa. And of course, working together, our engineers
Gemalto has two main areas of expertise: protecting data and identifying people and things securely”PHILIPPE VALLÉE, EVP, DIGITAL IDENTITY & SECURITY, THALES
We are focusing on our similarities and shared strengths, and we are capitalizing on our differences”PHILIPPE KERYER, EVP, STRATEGY, RESEARCH AND TECHNOLOGY, THALES
9
SECTORSTHALES AND GEMALTO
The combined technological expertise and capabilities of Gemalto and Thales will usher in a new era of digital security across a breadth of sectors
BUILDING WITH PURPOSE
AEROSPACEGemalto and Thales are building an integrated digital sky. Thales is the world leader in air traffic management and helps protect millions of passengers transiting through airports each year in places like Dubai. Gemalto, meanwhile, has the expertise in automated border control and biometrics to make a paperless airport experience possible.
From a customer perspective, digital identities could be created from the moment a ticket is purchased to create a seamless flying experience once someone steps into an airport. With 1 million people using Thales’ in-flight entertainment systems every day, passengers can take their digital identity on board – making the final transaction for some duty-free shopping or continuing a Netflix series they had been watching at home.
As we’ve seen from airport shutdowns, for example at Gatwick in 2018, drones pose a major technological challenge for the security of passengers around the world. However, they also offer massive opportunities and are set to populate our skies in the near future. Gemalto’s Internet of Things (IoT) solutions can register and connect drones, as well as their pilots, while Thales’ unmanned traffic management systems ensure they fly safely.
Gemalto’s focus on protecting data, as well as securely identifying people and things, will complement Thales’ expansive digital offering in cybersecurity, connectivity, big data and artificial intelligence.
Across 180 countries, more than 30,000 organizations and 200 government programs already rely on Gemalto’s
solutions to manage digital identities and protect data. Combining with Thales will create a leader in digital identity and security that brings greater levels of data security and privacy across the globe – whether it’s helping banks transact more securely, people travel through airports more smoothly or cities become smarter.
FINANCIAL SERVICESThe financial services sector has rapidly evolved, driven by regulatory change, digital transformation and the arrival of new fintech players. Gemalto helps more than 3,000 financial institutions, retailers and other players meet the challenge, with multiple payment methods for both digital and physical transactions.
As consumers look for assurances in the way financial institutions conduct business, banks need to find smarter ways to protect their customers. Thales adds to Gemalto’s expertise, protecting 80% of the world’s payment card transactions and securing information systems in 19 of the world’s largest banks. Together, they can combine authentication and big data analytics technology to analyze user behavior, silently authenticate legitimate transactions and detect fraud during a transaction.
ISTO
CK
ISTO
CK
10
What’s next for IoT in ground transportation?tinyurl.com/IoT-and-transportation
GROUND TRANSPORTATION With increasing urbanization around the world, the digital transformation of public transport systems is under way. Transporting 3 billion passengers across 86 metro lines in 40 of the world’s largest cities, Thales provides the transportation industry with critical infrastructure that increases capacity while ensuring safety.
Thales now has the opportunity to incorporate Gemalto’s IoT solutions to make
transport companies around the world even more efficient and pave the way for autonomous rail travel. Gemalto can offer advanced payment solutions through digital ticketing systems to help manage congestion and offer a smoother door-to-door passenger experience. Gemalto’s technology in digital security is vital in preventing fraud, ensuring tickets and payments are securely protected on a phone or smartwatch.
To enhance Thales’ provision of rail signaling and works to train operations, Gemalto’s IoT solutions can be used in connected signal systems or predictive maintenance of internet-enabled tracks. All of which means that transport operations could become faster and more interconnected, allowing people to travel more quickly, more safely, more ecologically and at a lower cost.
DEFENSE AND SECURITYArmed forces, governments and global organizations work with Thales to achieve and maintain security, tactical superiority and strategic independence in the face of any type of threat.
Thales develops top-tier tools for training defense forces, distributing information, supporting command decisions, and detecting, identifying and neutralizing threats. Gemalto helps ensure operations are safe from hackers by only allowing network access to the right people and encrypting data to make it useless in the case of a breach.
In the field of national security and law enforcement, Gemalto’s solutions in biometrics help governments, police forces and the emergency services to solve crimes, prevent voting fraud and protect borders. These progressive solutions can be integrated into the work Thales already carries out for public security in many countries and cities.
ISTO
CK
ISTO
CK
11
TECHNOLOGIES THALES AND GEMALTO
Thales and Gemalto are embarking on the next stage of their journey, looking for new opportunities to build and develop solutions that will help to transform society
ILLUSTRATIONS ISTOCK/GREAT APES
CREATING THE FUTURE
EXPANDINGThe Thales group has changed scope with the Gemalto acquisition. The combined organization now has 80,000 employees in 68 countries and generated €19 billion in revenues in 2018 (pro-forma). Its global presence has grown in most countries: for example, in Latin America, the acquisition of Gemalto sees the group quadrupling its size in the region, with 2,500 employees. While Thales’ customer base has traditionally been in the defense sector, the acquisition sees it expanding into new markets in the civilian world; the new revenue split for the group is now 60% civil and 40% defense, driven by a desire to deliver the latest technologies to all.
With Gemalto and Thales working as one, Philippe Vallée is looking forward to what happens next. The former Gemalto CEO is now Executive Vice President of Digital Identity & Security, one of seven global divisions at Thales, and believes that the combined expertise of the group will create new ideas and new solutions to make life better and safer for everyone.
“The ongoing explosion of new digital technologies, and the growing synergy between them, creates a huge amount of momentum
not only to develop new products and solutions for today, but also to invent new ones that will be needed in the data-driven, autonomous and immersive world of tomorrow,” says Vallée.
As Gemalto’s expertise is integrated within Thales, Vallée believes the company is ideally positioned to protect any organization’s critical infrastructure and ultimately the end-user: “We are in a unique position to help enterprises and governments answer the data security challenges that lie at the heart of their digital transformation.”
IDENTIFYINGToday, we use clunky passwords and two-step authentication to authenticate, but Thales and Gemalto are working on improved solutions. The technology uses risk analysis, biometrics and artificial intelligence (AI) to verify seamlessly and ‘silently’ who we are, based on the way we type or the location from which we connect, among other factors. This silent authentication is expected to become a key factor in identifying and eliminating digital fraud in the banking and finance sector.
12
What do customers think about silent authentication? tinyurl.com/gemalto-silent-authentication
CONNECTINGAs the world moves to faster 5G networks, it’s vital that the increased volume of personal data that people store or transmit via the internet, or through telecommunications, is not only secure but also managed effortlessly. Gemalto’s know-how in digital security and Thales’ expertise in big data will help mobile network operators and IoT actors increase the value derived from their data and networks. The result will be a seamless experience with less downtime, better security and improved levels of customer service.
INNOVATINGResearch and development (R&D) is at the heart of the new organization. Gemalto’s 3,000 R&D engineers will join over 25,000 Thales engineers and researchers. Post-acquisition, the total investment into self-funded R&D from Thales exceeds €1 billion per year. The main focus of this innovation is in four areas: connectivity, cybersecurity, big data analytics and AI.
Gemalto’s employees and clients will also benefit from the Thales Digital Factory, established in 2017 with a mission to accelerate the digital transformation of Thales and its customers. This dedicated organization with more than 200 employees in Paris, Montreal and Singapore uses agile practices to
develop new solutions as well as enabling digital ways of working. “The group has become a giant laboratory inventing the world of tomorrow, with a portfolio of 20,500 patents, of which more than 400 new ones were registered in 2018,” explains Thales CEO Patrice Cain.
13
SOCIETYSMART CITIES
By 2050, there could be 2.5 billion people present in cities – and billions more smart devices. We look at five different aspects of everyday living to see how this intelligent network of connected things can make smart city living easier, safer and faster
AUTHOR TIM GREEN
IMAGE ISTOCK
HOW TO BUILD A SMART CITY
14
Explore the Gemalto smart city experience at tinyurl.com/explore-smart-cities
In north-west Saudi Arabia is a 10,000 square mile area of desert. It is barely populated at the moment, but it won’t stay this way. By 2030, this unremarkable landmass will be a US$500 billion smart city called Neom. According to the Saudi Crown Prince Mohammed bin Salman, everything in it “will have a link to artificial intelligence and the Internet of Things.”
Neom is an extreme example, but it is at one end of a much wider trend toward making cities smart. According to the United Nations, 68% of the world will live in cities by 2050. That could equate to 2.5 billion extra people. The only way to accommodate them, it argues, is to devise a new urban framework that “ensures access to infrastructure and social services for all.”
Many governments are already re-thinking their civic centers. They see the Internet of Things (IoT) technology as the key to this process. By connecting people and things to a city’s infrastructure, they can cut costs and improve sustainability. The US analyst Smart America estimates cities will spend US$41 trillion on IoT infrastructure over the next 20 years.
Manfred Kube, Head of Communications, Analytics & IoT Solutions at Thales, says urban digitalization is echoing what has been happening in the corporate space. “The same drivers that have moved companies toward digitalization – connectivity, machine learning, cloud, secure identity and so on – will move cities toward it too,” he says. So let’s look at five key areas where these technologies are shaping the smart cities of the future.
PROPERTYA smart city will have smart properties. Buildings will be fitted with sensors that can perform ‘predictive maintenance’. To understand this, consider the elevator. For 150 years, elevators were dumb. They went up and down. However, in the past decade, they have started to get smarter.
Leading this revolution is the original inventor of the elevator, Otis. In 2018, it launched its first ‘connected elevator solution’. The Otis ONE uses smart sensors to collect data that will impact its performance. For example, it can measure the levels of dust on the door – and how this affects the force needed to close it.
Otis ONE then compares the results with data from more than 300,000 connected units to make decisions about whether to send out the repair team. This minimizes disruption to office users and reduces its own costs.
Smart predictive maintenance is also transforming lighting. Suppliers
are starting to fit LED bulbs with sensors to help tenants understand how people use office space. In 2018, Philips Lighting (now called Signify) committed its future to this vision. The company says it has already installed 29 million connected lights and announced plans to make every bulb connectable by 2020.
The market for predictive maintenance is so dynamic that tech startups are swarming into the space. Sector analyst Memoori Research reported there were 161 smart building funding rounds in
the first half of 2019 alone, raising a collective US$1.8 billion. IoT Analytics believes the overall market will expand from US$2.2 billion in 2017 to US$10.9 billion by 2022.
The next phase for the sector will be prescriptive maintenance. This describes systems that not only make recommendations but also act on them. To take the elevator example, predictive maintenance might flag a failing component, but a prescriptive system would fire off a work order to technicians with precise instructions for fixing it.
The same drivers that have moved companies toward digitalization – connectivity, machine learning and so on – will move cities toward it too”MANFRED KUBE, ANALYTICS & IOT SOLUTIONS, THALES
GE
TTY
15
SOCIETYSMART CITIES
The city of Santander in Spain uses a network of 20,000 sensors to power intelligent decisions about its infrastructure”
MOBILITYHow should people move around the smart city? It’s a big question. No one wants more traffic that wastes resources and degrades people’s quality of life. Research from the Texas A&M Transportation Institute found that, in one year, traffic congestion sucked up 3 billion gallons of fuel and trapped drivers in their cars for an unnecessary 7 billion hours.
One possibility is that smart city dwellers will stop commuting. Faster broadband makes it easier to work remotely and communicate by video link rather than travel. This is already happening. The number of telecommuters in the US doubled in a decade, according
to a 2017 report by FlexJobs.com.
But for those who still need to travel, smart cities should make traffic move more efficiently. The city of Santander in Spain is already succeeding. It uses a network of 20,000 sensors to power intelligent decisions about its infrastructure. Its sensors can, for
example, detect whether a parking space is free or not, and then re-route traffic accordingly. Meanwhile, in Pittsburgh, a grid of smart traffic lights monitors the volume of traffic to calculate traffic light sequencing plans. The city says wait times have fallen by up to 40%.
Further ahead, many believe the future of urban mobility will be ‘multi-modal’. In most cities, a journey is rarely most efficient by car. Instead, it might start with a bus, move to a rental bike, transfer to the subway and end in a ride-share. The challenge is how to effectively coordinate such a disparate set of options.
One possibility is that the market will do it. The major car manufacturers are already preparing for such a future. Earlier this year, BMW and Daimler launched a US$1 billion venture called Now. It comprises services based on electric vehicle charging, ride-hailing, parking, car-sharing and multi-modal planning.
Other car makers, as well as tech firms such as Uber, have similar plans. Whoever prevails will have to build a network that connects drivers to vehicles and vehicles to infrastructure. Technology such as 5G and eSIM cards will make this feasible in a secure manner. And once built, much more is possible. Consider payments. If a car is connected to its environment, why should the driver have to settle bills manually? Instead, the act of re-charging or going through a toll would trigger a secure machine-to-machine digital payment from car to meter.
DELIVERYWhat is the best way to move things around a densely populated smart city? Certainly not more cars and vans (see Mobility section). Can drones provide the answer?
E-tailers hope so. In the past 20 years, giants such as Amazon have transformed commerce with advanced algorithms and robot warehouses. But they still rely on delivery trucks. They would prefer to use drones. In fact, Amazon completed its first 13-minute proof-of-concept delivery in 2016.
However, for the smart city, drone delivery is about more than getting replacement Kindles to avid readers in record time. City planners believe that drones can play a major role in moving
strategically important resources around. Medicines, for example. This is why the US-based startup Zipline, which launched the world’s first drone delivery system for medicines in Rwanda in 2016, is currently testing in North Carolina.
For now, the drone delivery market is tiny. According to Gartner, delivery drones will comprise just 1% of the commercial drone sector by 2020. After some high-profile incidents, public authorities are understandably cautious about the prospect of hundreds of thousands of unlicensed drones in low airspace.
The remedy for this is a system that securely logs the identity of every drone
(and its pilot) in the sky. Thales, for example, has developed a ‘certified drone identity card’ to help regulators verify a drone and confirm it has the right authorizations to fly. The company also ensures the connectivity of the devices and encrypts any data sent back and forth. Thales is currently working with the Civil Aviation Authority of Singapore to develop a ‘future ready’ air traffic management system for drones.
GE
TTY
ISTO
CK
16
New York is becoming a smart city. Watch the video at tinyurl.com/New-York-smart-city
SAFETY A grid of smart sensors can not only help citizens move around more efficiently – it can also make them safer. Across the world, governments are exploring how smart things can reduce accidents. None more so than in San Diego. In 2014, it began to install 3,000 LED streetlights with wireless network connections. The project is the centerpiece of San Diego’s Vision Zero scheme to eradicate traffic deaths in the city.
The streetlights relay real-time data to help identify intersections that can be improved for pedestrians and cyclists. Meanwhile, independent developers can use the anonymized information to create apps that can benefit the community.
Looking ahead, San Diego wants to integrate the streetlights into its ‘ShotSpotter’ network, which locates the source of gunfire. It’s not the first city to do this. Los Angeles has tested the same technology on 25,000 lights, and is exploring the possibility of using sensors to detect earthquake tremors, pollution and moisture.
It’s inevitable that more similar initiatives will emerge, not least because of 5G connectivity. 5G is super-fast, but it’s also plentiful. While 4G networks accommodate a few thousand devices per square mile, 5G can support millions. 5G sensors also consume far less power, which will have enormous implications for safety-oriented IoT applications.
HEALTHCAREAs cities grow, the pressure on healthcare inevitably increases. Disease can spread more quickly when people live in close proximity. It can become more difficult to provide safe water and clean air, for example. Smart IoT technology has the potential to counter these risks and it all starts with the citizen placed firmly at the center.
IoT technology can be used to foster a healthier utilities infrastructure in urban locations. Water quality is a case in point. In 2019, Vodafone UK and South East Water started to build a network of digital water meters, sensors and acoustic loggers using Vodafone’s narrowband IoT network. They will analyze the data to help meet environmental standards.
The IoT can also impact how patients take medication using tiny connected sensors. Companies such as Proteus in the US are now harnessing the tech to develop a new category of ‘digital medicines’. Proteus embeds a one millimeter sensor in a pill, which can send a signal to a wearable worn by the patient. This can be really useful to track whether patients have remembered to take their medication, for example.
The smart sensor is indicative of a wider trend toward the ‘quantified self’. Millions of people now use wearable devices to track their vital signs and general activity. This data – when anonymized and aggregated – can prove helpful beyond the individual. City planners can use it to make better decisions that benefit the wider community.
GE
TTY
ISTO
CK
17
ETHICS BY DESIGN
The worst thing that happened to AI was to call it artificial intelligence. So argues Dr Rumman Chowdhury, whose job at Accenture is working with the C-suite at top companies to make sure AI is ethical, explainable and transparent.
To think of AI as artificial intelligence is to perhaps give the technology more humanity than it deserves. “We use these very human words; we call it computer vision as if it [technology] can see. It doesn’t. Algorithms don’t see,” Chowdhury says. By using phrases such as ‘computer vision’ to describe how systems interpret and understand the real world, we anthropomorphize, ascribing human attributes to a technology that is, as the ‘artificial’ part of the moniker suggests, a sophisticated mimic of our own capabilities.
“[Today, what we call] AI is an evolution of traditional analytics, which now includes prescriptive and predictive technologies,” explains Chowdhury, who is a practicing data scientist with a background in quantitative data science, as well as a degree from Massachusetts Institute of Technology (MIT). “What that means is that we have evolved beyond a world of retrospectively looking at purchase behavior or quarterly results. Instead, we are using models that can predict behavior with some degree of uncertainty.”
These models are applied to more than potential human behavior; indeed, AI is at work in nearly every industry – optimizing supply chains, providing predictive maintenance alerts in manufacturing, assisting with drug discovery and enhancing customer support. However, they do not operate in a vacuum. They are created by humans, trained on human-curated data, and may reflect some of the
Bias in artificial intelligence has its origins in human assumption rather than computer code, argues Dr Rumman Chowdhury, Global Lead for Responsible AI at Accenture
AUTHOR SARAH KIDNER
PHOTO CHARLIE SURBEY
18
societal biases of the world we live in, without the self-awareness, intelligence and tools to recognize these flaws on their own, as humans might.
The drive to use AI as a tool for good, and acknowledge the human responsibility in designing and deploying these systems, goes to the heart of Chowdhury’s role at Accenture. While an algorithm is simply maths translated into code, unconscious bias can creep in.
MITIGATING AGAINST BIAS For data scientists, bias is structured, it exists in the data, is often quantifiable and therefore treatable. However, even with perfect data, Chowdhury argues that we still have to consider the societal bias reflected in the information we collect. People may have assumptions that we, as individuals or a society, consider to be unfair and incorrect. However, we still act on those biases, consciously or unconsciously, with those actions then reflected in our data.
To that end, in 2018 Chowdhury spearheaded the launch of Accenture’s Fairness Tool, designed to detect and mitigate bias in AI models. Recognizing and addressing these issues is a
FIRST PERSONDR RUMMAN CHOWDHURY
AI reflects some of the societal
biases of the world we live in, without the self-awareness and tools to recognize these flaws
19 19
Visit gemalto.com/review for our video interview with Rumman Chowdhury
We use these very human words; we call it computer vision as if it can see. It doesn’t. Algorithms don’t see”
RÉSUMÉ: DR RUMMAN CHOWDHURY 2017 Appointed Senior Principal,
Global Lead for Responsible AI, Accenture
2017 Named as one of the BBC’s top 100 Women
2017 Awarded PhD in Political Science from University of California, San Diego
2016 Senior Data Scientist, Metis
2015 Wins Strata/Hadoop Data Impact Award
2014 Worked as an analytics scientist and a manager of data science at Quotient Technologies, CA
2006 MS in Quantitative Methods of the Social Sciences, Columbia University, NY
2003 BS in Political Science, and BS in Management Science, Massachusetts Institute of Technology (MIT)
EMBRACING DIVERSITY The key to eliminating bias is to recognize that it exists, and to work with diverse communities while creating algorithmic models and implementing AI.
“What it boils down to is addressing these problems, or potential problems, with impacted communities. So thinking through who this AI might touch, followed by its impact, and how you incorporate a community’s voice into what you’re building,” says Chowdhury. “The answer here is user-driven design development. Much of what technical teams are grappling with is how to get these voices in the room.”
Chowdhury emphasizes that while the technology is new, the questions we ask – about inclusion, fairness, systemic bias – are not. “We’ve asked many of these questions before, but AI asks us to examine them slightly differently. Rather
20
critical step, Chowdhury notes, but bias mitigation goes hand-in-hand with creating a responsible framework for how AI systems are developed, implemented and governed.
“Systems of governance exist to help us ensure we are building thoughtfully and responsibly,” she says. “Is the data powering our models being used in support of the purpose for which it was collected? Were we transparent in how it would be used? What are the systems of redress in place should the model not perform as expected, or lead to potentially harmful unintended consequences?” Thinking through and codifying governance structures for a variety of organizations is a key focus of the work Chowdhury does with clients.
Addressing societal bias is harder, but can be done if we “embrace diversity in all its forms”, according to Chowdhury. “These systems don’t just exist in a bubble. They exist as part of a system of human beings and AIs interacting with each other. Identifying flaws in your implementation or your data requires a diverse perspective.”
Chowdhury makes that point that this type of bias is mostly unintentional. “People aren’t maliciously trying to make bad things. They’re coming in with the best of intentions. Their blind spots are what may lead to unintended consequences, so part of the work we do with clients is to help illuminate and anticipate those blind spots.”
FIRST PERSONDR RUMMAN CHOWDHURY
While the technology is new, the questions we ask – about inclusion, fairness, systemic bias – are not
Systems don’t just exist in a bubble. They exist as part of a system of human beings and AIs interacting with each other”
21
than ‘explainability’, I push for ‘understandability’, which encompasses the decisions made by the algorithm but, importantly, explains clearly to an individual why the AI made them.”
Understandability goes hand-in-hand with agency, which is the ability to take action if there is a problem with the algorithmic output of the AI technology. This is where good governance comes in, with the ability to address and redress problems a critical component.
CULTURAL CHANGES Business is waking up to the notion of understanding bias in AI. Chowdhury has been working with a traditional bricks-and-mortar business that has a family-friendly reputation. The business had acquired an AI startup and was concerned about how the acquisition might impact the larger organization.
“They are a hundred-year-old company, not very technical, and were trying to merge their culture with that of a small, scrappy, pure analytics AI startup. Leadership was worried about how using AI might impact their reputation or their brand. So we worked with their general counsel to think through their principles of the ethical use of data and ethical use of AI technologies,” says Chowdhury. “They hired us to broker a merger of cultures.”
This cultural element is fundamental to Chowdhury’s work and career. “To serve humanity, we don’t just need people who know how to program and code; we need people who can unpack the complexity of the human condition.”
It is this ability to find patterns in the world and to “right patterns of human behavior” that attracted Chowdhury to the field of data science. She discovered the importance of ethics working in Silicon Valley and explains that some companies
clearly thought the role of technology was to fix people. “There are a lot of problems with how technology gets used. It’s more important to think of these technologies as serving people. How we build it should wrap around what humanity needs.”
Conversely, studying at MIT taught Chowdhury to ask questions. “[MIT] sparks an independent growth spirit. It teaches you how to ask questions and how to interrogate intelligently. I appreciated a culture where a lot of brilliant people were approaching problems in novel and unique ways.”
IMAGINED WORLD Recently, Chowdhury has found inspiration in literature, having discovered the science fiction writings of Roquia Sakhawat Hossain, a feminist author who – like Chowdhury – had Bangladeshi roots. “Just yesterday, I found out that the first female scholar to ever talk about a feminist sci-fi future was this woman who is from where my family is from,” she says. “[Hossain] wrote this imagined future of a world in which technology is used for empowerment and knowledge and not for personal gain.”
It sounds like a utopian dream. However, with the right team in place at Accenture, Chowdhury believes it is possible. “I once asked somebody why we are so willing to spend billions of dollars on this notion of colonizing Mars, but we’re not willing to spend that money on making sure the entire world is educated or making sure everybody has clean water or enough food to eat. Many of these things can be mediated by technology.”
Find out what consumers think about artificial intelligence, tinyurl.com/AI-meets-consumer
To serve humanity, we don’t just need people who know how to program and code; we need people who can unpack the complexity of the human condition”DR RUMMAN CHOWDHURY, ACCENTURE
People aren’t maliciously trying to make bad things but their blind spots can lead to unintended consequences
TRUST IN AIIn a bid to dispel concerns regarding AI as an existential threat that will see machines rising up to destroy their masters, Thales revealed an approach at the 2019 Paris Air Show that places humans at the center of any AI initiative. Called ‘TrUE AI’, the approach embraces Transparent AI, where users can see the data used to arrive at a conclusion; Understandable AI, that can explain and justify the results; and an Ethical AI, that follows objective standards protocols, laws, and human rights.
INSPIRATIONTHE ROLE OF THE CISO
The CISO is under pressure. Failure to keep data, intellectual property or people safe can be potentially disastrous for the whole business, so how to manage this complex set of priorities?
AUTHOR LEN WILLIAMS
ILLUSTRATION ADE AKINRUJOMU/IKON
22
Is the CISO the new CEO? It’s not as bold a question as it first sounds. Chief Information Security Officers (CISOs) need a level of organizational awareness that compares with that of the CEO. It’s a multi-faceted role that involves a deep understanding of the entire business, setting a corporate vision and constantly monitoring the company’s health.
The CISO needs to manage competing demands and create an appropriate cybersecurity strategy that meets the organization’s needs. They need to turn that strategy into policy, educating staff on how to keep safe, constantly scanning the landscape for new threats and deploying technical solutions. They need to define what the business can and can’t do, and find ways of reducing risk while allowing flexibility.
It’s a job that encompasses people, process and technology. It’s also a job that involves stress. With the possibility of a breach occurring at any moment, a survey by IT company Nominet, Life Inside the Perimeter: Understanding the Modern CISO, finds a quarter of CISOs worldwide report significant work-related stress. What’s more, a fifth of CISOs have turned to alcohol or medication to manage the strain.
Being a CISO is challenging. A Deloitte survey, The Future of Cyber Survey 2019, reveals that
Watch our interview on how to reduce data breaches at tinyurl.com/reducing-data-breaches
THE JOB THAT NEVER SLEEPS
23
cybersecurity budgets are still managed as if addressing traditional IT problems rather than leading true organizational change. In addition, the survey suggests that CISOs do not have ‘line of sight’ to executive management and the board, where the chief technology or information officers, for example, do.
So how can CISOs stay sane? And what should they do to manage all the complex priorities in order to reduce the pressure?
THE PEOPLE WHO LIKE TO SAY NO James Rees is the founder of Razorthorn, a company that has a CISO as a service-offering. He explains that information security staff are often seen as “the type of people who say ‘no’ a lot”. Business users may want to launch initiatives or use new technology, yet CISOs may stand in the way. However, this needn’t always be the case, Rees says, as long as the organization has a cybersecurity strategy in place.
“Creating a cybersecurity strategy is a combination of a range of factors,” adds Sarb Sembhi, a CISO and a writer on cybersecurity topics, adding that there’s no one-size-fits-all solution. That said, there are a lot of things any CISO or security-minded IT professional could do to make their lives easier and their organization more secure. He suggests that a smart place to start is to figure out which assets the organization is really trying to protect. Is it customer data? Is it intellectual property? Is it information about their physical property?
Once a CISO has figured out what the organization is trying to protect, they also should create a clear, simple objective for their organization’s cybersecurity, rather than creating dense policy documents that stretch to over 50 pages. Besides the fact that it’s unlikely that anyone will read such documents, they miss the point. The policy needs to be clear, transparent and easy for everyone in the organization to understand so they can get behind it.
The CISO at an internet retail company, for instance, might create a policy that focuses on protecting customer data to ensure it never gets into the wrong hands. While specific technology and processes will play a role in this, having a high-level vision of what the company wants to achieve on a cybersecurity level gives a clear measure of success.
If a cybersecurity employee has made the process too complex, people will become frustrated and engage in risky behavior
INSPIRATIONTHE ROLE OF THE CISO
IT consultancy Willis Towers Watson finds that some 90% of data breaches are caused by human error or behavior. Whether it’s staff clicking on links in spam mail, using weak passwords or even an insider threat, the risks from staff behaviors cannot be ignored.
Successfully dealing with this issue comes down to education and following intelligent strategies. If a zealous cybersecurity employee has made the process too complex, people will become frustrated and engage in risky behavior, such as using weak passwords. As Rees points out, “No one is going to want to type in five different passwords just to get to their company email.”
BUILT INTO THE CULTURE In Rees’s experience, the greatest success happens when cybersecurity is built into an organization’s culture. Is it a small, medium or large business? Is it local, national, or international? Is it processing highly sensitive data? A firm processing medical information, for instance, is going to need to foster a more security-focused culture than, say, a business doing PR.
All these kinds of factors will influence the sort of cybersecurity policy that is eventually developed. Sembhi also highlights the need to speak to different teams across the business to learn how they work with information. By talking to those teams about their current use of IT, you can start to build a picture of what is going on under the surface. Until you meet face-to-face with teams you may not realize exactly what data they’re using – and perhaps how precariously it’s being processed.
In the end, cybersecurity almost always comes down to employees and how they behave. For many organizations, the approach to cybersecurity has been to send out reminder emails and provide occasional (normally voluntary) training sessions
You have to give the employee some sort of buy-in to the information security problem – why should I do this? What do I get out of it?DR LEE HADLINGTON, NOTTINGHAM TRENT UNIVERSITY
24
on the topic. Unfortunately, this approach doesn’t seem to work particularly well. Dr Lee Hadlington is Senior Lecturer in Cyberpsychology at Nottingham Trent University in the UK. He has conducted research that looks at human factors in cybersecurity to understand, among other things, why employees don’t follow the rules when it comes to best practice.
ROCKING THE BOAT Hadlington’s research reveals that individuals who are more agreeable (don’t like to rock the boat, avoid conflict and are sociable) and those who are more conscientious (work hard, take pride in their work and don’t turn up late) are more likely to have positive engagement with cybersecurity. On the other hand, those individuals who take more risks in their social life, be it ethical risk-taking or engaging in extreme sports, are the ones taking risks in the online domain.
For CISOs, having an understanding of the personality types in the organization can be very helpful indeed. If you know that 90% of employees are conscientious, then you only need to really worry about the other 10% of staff who might behave in a more risky way. These people could then be provided with more targeted and relevant training, which will actually impact how they work.
Hadlington stresses that this needs more than generic emails that are sent to everyone about what not to do. He points to alternatives such as “focus group sessions showing the risks and then demonstrating how employees can help prevent attacks or loss of data”.
He also suggests that, in most organizations, regular staff tend to take little or no responsibility for cybersecurity, believing the issue has nothing to do with them. CISOs therefore need to get employees on board. “You have to give the employee some sort of buy-in to the information security problem – why should I do this? What do I get out of it? Can I actually do something that will help?” explains Hadlington.
Requiring a fundamental understanding of people, process and technology, the job of the CISO is set to become more demanding as cybersecurity steadily climbs up the corporate agenda. But no two organizations are the same and there are no cookie- cutter solutions or quick fixes. And while it’s not quite the same as being CEO, it’s not far off.
Find out about the biggest transfer of economic wealth in history at tinyurl.com/cyber-crime-rise
WHY MORE FOCUS EQUALS LESS PRESSUREWhen it comes to reducing the relentless pressure that CISOs can feel under to safeguard against any eventuality, Sarb Sembhi recalls a project he worked on at an online insurance provider. He realized the firm’s key asset was an algorithm that underpinned its insurance premium tool. However, this asset was stored in just one place online and had not been backed up anywhere else. Should a hacker steal that code or corrupt it, the insurer’s business would be in huge trouble. Only once the company had figured out what it really needed to protect could it then take the appropriate measures.
Going forward, rather than trying to create a comprehensive cybersecurity policy that covers every job and imaginable task, CISOs must clearly identify the key assets and data in the organization; what they are trying to protect and why.
25
26
DIGITAL PLANET Provenance in the frame When British contemporary artist Philip Colbert was considering how to create his own catalog system to prove the authenticity of his expanding collection, blockchain came to the rescue. He met Robert Norton, the founder of Verisart, a startup that creates blockchain-based digital certificates for artworks and collectables. By creating a secure provenance for a piece of art from the moment of its creation, Colbert is now able to give potential buyers confidence that what they are buying is the real deal.
According to the Hiscox Online Art Trade Report 2019, provenance tracking and ownership registry remain the most relevant user-case for blockchain in the art market at the moment.Source: tinyurl.com/art-authenticity
Crypto territory Following the introduction of the Digital Ledger Technology Regulatory Framework last year, Gibraltar has granted operating licenses to several crypto companies in a bid to create a supportive environment for this growing sector. The framework is designed to attract cryptocurrency and blockchain companies. It creates a strong relationship between the public and private sector, based on a shared knowledge and understanding. While Gibraltar is just one of several jurisdictions in Europe that have taken steps to become crypto-friendly territories, Minister for Commerce Albert Isola believes that the territory remains the destination of choice for quality fintech companies because of its reputation for being a business-friendly jurisdiction that promotes blockchain education.Source: tinyurl.com/crypto-gibraltar
From tracing fresh food to the provenance of a work of art, blockchain is bringing new levels of transparency, security and efficiency across the globe
BLOCKCHAIN MAKES THE CONNECTION
Follow the fish A San Diego-based canned seafood producer, Bumble Bee Foods, is using blockchain technology to trace the journey of yellowfin tuna from the Indonesian seas to the dinner table. Consumers can now find out where their food originated by scanning a QR code attached to the food packaging. Other information about the fish-to-market journey includes the size of the catch and the fishing community that caught it, as well as fair trade fishing certification. The aim is to assure customers that their food is safe and sustainably sourced.Source: tinyurl.com/blockchain-fish
A problem shared Across the US, major health and pharmaceutical companies are exploring ways in which blockchain could allow information to be more efficiently stored and shared between hospitals.
The current system requires providers to sync their data every 90 days, meaning that the information held elsewhere could be up to three months out of date and have an impact on the treatment received by patients. The use of blockchain technology would allow all pharmaceutical companies to have access to the most up-to-date files, not only saving time but also money – chasing and maintaining provider data costs an estimated US$2.1 billion a year across the US.
Other blockchain applications could improve levels of transparency in the pharmaceutical sector, with Pfizer participating in a pilot that uses a closed blockchain system to track who touched what drug at what time, making it much more difficult for a counterfeit product to enter the chain at a random point.Source: tinyurl.com/us-healthcare-blockchain
ISTO
CK
ISTO
CK
27
Business simplicity Keen to be seen as the business capital of the Middle East, the Dubai government has unveiled a blockchain project aimed at making it easier for companies to set up and operate in the country. The Dubai Blockchain Business Registry project promises a seamless collaboration between the private sector and governmental bodies, enabling efficient digital trading of licenses and documents covering all facets of a business as well as ensuring regulatory compliance with Dubai’s rules. The registry is part of the Dubai Blockchain Strategy, launched in 2016, which aims to power all government services with blockchain by 2020.Source: tinyurl.com/dubai-business-blockchain
Fresh thinkingThanks to the introduction of blockchain in China, customers can now scan QR codes on stickers attached to fresh food produce in order to acquire detailed product information, such as its geographic origin and the product inspection report. The Walmart China Blockchain Traceability platform works by each member of the supply chain sharing their
portion of the data, which is then compiled by Walmart into one platform. By the end of 2020, it is anticipated that the system will see traceable fresh meat account for 50% of the total sales of packaged fresh meat; 40% of the total sales of packaged vegetables; and 12.5% of seafood.Source: tinyurl.com/walmart-qrcodes
Accounting for oil Abu Dhabi National Oil Company (ADNOC) is using blockchain technology to track and manage commodity transactions. The technology helps provide a secure platform for the tracking, validating and execution of transactions at every stage, from the production well to the end customer. ADNOC claims that the new platform is the first blockchain-based accounting system in the world built specifically for the oil and gas industry. The company is also embedding other advanced technologies, including AI, across its business to enhance operational efficiency, drive profitability and unlock new value from oil and gas resources that will keep pace with shifting supply and demand opportunities.Source: tinyurl.com/abu-dhabi-blockchain IS
TOC
K
2020The year by which
the Dubai Blockchain Strategy aims to
power all government services with the
technology
1stADNOC says that its new platform is the
first blockchain-based accounting system for
the oil and gas industry
ISTO
CK
INNOVATIONINTEGRATING 5G
While the connectivity offered by 5G offers huge potential, it also raises significant questions around data management and privacy that need to be addressed now
BRIDGING THE GENERATION GAP
AUTHOR TAMSIN OXFORD
IMAGE GETTY
28
By 2024, 5G will achieve a population coverage of 40% with 1.5 billion worldwide subscriptions. According to analysis of the 5G market by Ericsson, in less than five years, this network generation will become the fastest to be rolled out on a global scale. In the US, Verizon has already launched its 5G network with other networks scrambling to follow, while in the UK EE launched in May, Vodafone in July, and Three in August. Globally, Asia, Australia and Europe are looking at a late 2019, early 2020 start, while Africa stolidly remains behind.
As with any new technology brimming with potential and innovative opportunity, there is the hype and the hope. 5G is the enabler of fully embedded automation and intelligence systems, it will burst the smoldering embers of the Internet of Things (IoT) into flame, and it will be fast… so very fast.
What 5G provides is faster download and upload speeds, more stable connectivity and connections, faster access and wider coverage, and all these factors pulled together improve accessibility, device capability, communications across systems and devices, and so much more. However, 5G also introduces its own fair share of risk. As the networks and systems adapt to what 5G can bring, now is the time to have serious conversations around the security implications.
“The innovation brought by 5G standards, the usage of cloud-native virtualization alongside microservices that 5G will massively use, will all have to be secured,” explains Benoit Jouffrey, VP, 5G Expertise at Thales. “It introduces multiple moving parts and new challenges around security that have to be addressed to ensure that authentication and data protection are managed correctly.”
With 5G comes the ability to connect billions of devices, bringing a set of security challenges with them. In an ecosystem made up of third-party devices and vendors, manufacturers and mobile network operators, each touchpoint introduces potential vulnerabilities and new security threats.
According to Majid Ali, Principal Cyber Security Consultant, NTT Security, with any great advance comes the risk of someone wanting to cause harm, be that for ego, financial gain or state-sponsored espionage: “The ability to know what is occurring, how it occurs and when it occurs, provides these
There is a need for a unified industry framework on the most pressing cyberattack protocols to have in place for 5G architecture
actors with the means to launch sophisticated attacks to gain access to data.”
The new technologies used by 5G, such as cloud-native virtualization, come with new constraints to ensure data protection compliance. The introduction of the General Data Protection Regulation (GDPR) in Europe, along with similar cybersecurity compliance regulations in Australia, the US and Africa, has had far-reaching effects by introducing substantial penalties for anyone not compliant. And the regulatory environment will become even stricter with the introduction of the ePrivacy Regulation, which enhances aspects of GDPR and is set to be enacted by the start of 2020.
SECURITY MEASURES The 5G Network Architecture and Security collaborative paper released by the University of Surrey outlines four key security measures that should be put in place for a robust 5G framework that will help with data and privacy. These measures include cross-layer security; end-to-end security; cross-domain security; and secure-by-design concepts.
“There is a need for a unified industry framework on the most pressing cyberattack protocols to have in place for 5G architecture,” says Gordon Bailey McEwan, Systems Engineer, F5 Networks, who advocates a multi-layered policy and procedure to coordinate different security methods for each security layer, such as applications or the IoT. There also needs to be secure connections for the communication paths between the user and the core network, and the distributed nature of 5G networks makes this a challenge.
Another challenge to consider is the threat of cyberattacks, which can target ICT networks,
To understand what a 5G SIM is and its benefits, go to tinyurl.com/understanding-5G-sim
It introduces new challenges around security that have to be addressed to ensure that authentication and data protection are managed correctly”BENOIT JOUFFREY, VP, 5G EXPERTISE, THALES
29
and platforms transforms how businesses and people work, innovate and collaborate.
“5G is not only a new chapter in connectivity, it’s a cultural change for organizations and a skillset change toward ongoing practice of operating your company as a virtual environment,” says McEwan, adding that 5G’s deployment will eventually transform all avenues of industry as it expands into gigabyte-per-second mobile device performance, self-driving cars and virtual healthcare services, as well as IoT and machine communications for smart factories, homes and cities. “It’s therefore critical to educate teams on changing technology and the impact it will have in leapfrogging organizations forward.”
INNOVATIONINTEGRATING 5G
5G is essential to making the Internet of Things model work, and it will have a profound impact on the success of AI and machine learning too”JASON CHESTER, DIRECTOR OF GLOBAL CHANNEL PROGRAMS, INFINITYQS
including mobile telecoms. If a 5G network is compromised, it could bring cities, transportation and communications to a halt.
“There is no doubt that when 5G coverage becomes part of everyday life we have to make a conscious decision as to what devices are connected to the internet,” says Ali, who suggests that with all the concerns about malicious attacks, threat modeling can be an invaluable process that will allow organizations to map out attack vectors and provide adequate countermeasures.
“It is critical that we look to address the new challenges introduced by 5G and the new technologies such as slicing and virtualization,” agrees Jouffrey. “There has to be regulation that defines the data management and access, and there has to be industry understanding of how data locations, specifically in virtualized deployment, access management and security, are managed properly. In a global deployment, there are some network functions that may require higher security than others, or need to talk securely to other network functions, but we need to find more robust solutions for the industry as a whole, and this is being investigated at the moment.”
CULTURE CHANGE Of course, 5G is not just about security, it’s also about potential, connectivity and smart innovations. Its potential should not be limited by the need to embed security from the outset; rather, security should be seen as a critical step in the chain to 5G implementation that ensures it can achieve its potential. One of the biggest questions asked is whether or not there really is a race to 5G and, of course, which industries are set to lead the way. As with any emergent technology, the answer isn’t definitive.
The consumer market has already seen 5G provide enhanced mobile broadband and this will likely spread into using the technology to develop ultra-low-latency networks that drive automation, artificial intelligence (AI) and IoT. Sectors such as manufacturing and agriculture will see rapid and immediate benefit as 5G turns the smart factory into a reality, while areas such as healthcare will draw upon 5G to provide mission-critical services to remote and rural locations. This will then slowly evolve into the smart city, smart home and smart world where communication across devices, systems
WHAT DOES 5G MEAN TO IOT?“The Internet of Things will be fostered by 5G as it creates new ways of communicating across mobile networks with lower latencies and a massive usage,” says Thales’ Benoit Jouffrey. “It addresses a huge variety of devices with the goal of providing better efficiency, reliability, latency and so much more.”
But what would be the reality of connecting billions of devices and managing the data they create? If data is already pooling in lakes that are so dark and deep that analytics engines can struggle to interpret them, what will these become when every device is connected and communicating?
“Privacy concerns must be a driving force behind what we enable these devices to collect and send into the cloud,” says NTT Security’s Majid Ali. “We will also see that providers and manufacturers collecting vast amounts of data in various formats will start to leverage advancements in AI technology to translate these data sets into more meaningful information. We just need to ensure that this data is legally collected.”
The data has the potential to provide machines with the information they need to act intelligently, to perform on the edge of computing. This will create an interconnected web of machines, sensors and devices that will work in collaboration to optimize complex processes in real time.
“5G is essential to making the Internet of Things model work, and it will have a profound impact on the success of AI and machine learning too, as those algorithms are predicated on large amounts of data,” says Jason Chester, Director of Global Channel Programs, InfinityQS. “5G will enable data to be captured from a greater number of sources and at much higher data rates with very low latency, which will be vital in making intelligent algorithms more successful at fulfilling their purpose.”
30
SOCIETYSOCIAL ENGINEERING
Act now! Don’t miss out! Please help! Con artists have used psychological manipulation for centuries to trick their victims out of money and information. In the digital world, these fraudsters have a new name, social engineers. Is there anything enterprises can do to outwit them?
AUTHOR TIM GREEN
ILLUSTRATION ISTOCK
There are two ways to hack a business. The first is complex and time-consuming: the attackers hire a team of programmers to research the business’s IT security systems. They find holes in the defenses, and then retrieve sensitive personal data. The second approach is easier: they just email the finance director and say, “Send us some money.”
The latter scenario sounds unlikely. No one would fall for that, surely? But it happens all the time – as the toy giant Mattel can testify. In 2015, the CEO of the manufacturer instructed his finance executive by email to set up a US$3 million transfer to a new payee in
China. She did so. Only later did the truth emerge. The email did not come from the CEO but a scammer.
The Mattel incident is an example of social engineering – a type of attack in which a criminal manipulates someone into revealing confidential information. No advanced coding skills required.
Mattel was lucky. It sent the money on a bank holiday, and was able to freeze the stolen funds before they arrived. Regrettably, many other attacks succeed. Indeed, social engineering attacks on enterprises are growing fast. The 2018 Data Breach Investigations Report by US telco Verizon reported that 33% of all
DIGITAL
SWINDLERS
31
one email account, that might get me into a company-wide platform like Salesforce. Once I’m in there, I can find more people to social engineer.”
Though De Vere has breached more than 250 clients, he says there is plenty companies can do to protect themselves. It starts with educating staff to be cautious about any request to access sensitive information or send money.
But what about technical defenses? Is it possible to ‘patch’ this very human problem? Jenny Radcliffe, founder of The People Hacker, believes so… to a degree: “You will never stop these attacks. But you can put protections in place to slow them down. Social engineers are patient. But eventually they have to make a call to action: click this link, download this file, pay this fee. It’s at this point that education can combine with technology. Education should put a flag in the person’s brain. Tech should put a flag in the system.”
NEVER IN PLAIN TEXT Enterprises need to start with the obvious: encryption. All personally identifiable information should be encrypted and never be in plain text. This means that if any social engineer gains access, what they find will be meaningless. Another must-have is two-factor authentication, which prevents attackers performing any sensitive task without physical access to their victim’s device.
Two-factor authentication can deter most attacks, but not all. Why? Because sometimes, as in the Mattel example, the attacker is not performing the task. They are directing an authorized employee to do it. To defend against this, an enterprise should instigate ‘access control and key management’ – limit how many employees can decrypt data or carry out sensitive tasks.
Radcliffe says: “You should restrict access to sensitive data to just a few named individuals and make sure employees can only access small pools of data, not the whole network. You can also set up systems that
SOCIETYSOCIAL ENGINEERING
Education can combine with technology. Education should put a flag in the person’s brain. Tech should put a flag in the system”JENNY RADCLIFFE, FOUNDER, THE PEOPLE HACKER
recorded attacks included social techniques. It revealed C-level executives were 12 times more likely to be the target of these incidents than other staff.
There’s a reason why this type of crime is proliferating: it works. In one test, security specialist Positive Technologies sent 3,332 phishing emails to employees, with an ominous 17% of them leading to a data compromise.
In the era of over-sharing, social engineers can quickly find the information they need to successfully impersonate someone. Richard De Vere knows this well. He is the principal consultant for UK-based consultancy The AntiSocial Engineer. Companies hire him to hack them. He calls his operation ‘compromise as a service’.
“It’s very easy to find company staff on social networks. You then work out what triggers them, create a list of email addresses, and start phishing,” says De Vere, who explains that once this homework is done, the rest is easy. “If I send 500 SMS messages, it will take 10 seconds for at least one of the recipients to click through. Thirty seconds later they will reveal a password. By the time I’ve finished my coffee, I’m in.”
De Vere adds that there is no need to seek out sensitive information at this stage. “If I can just get into
In the era of over-sharing, social engineers can quickly find information to successfully impersonate someone
32
SIX TRICKS OF THE TRADESocial engineers are patient. They take time to research their victims, and then win their confidence. Finally, they use age-old psychological tricks to pressure their victims into action. Jenny Radcliffe, founder of The People Hacker, says: “Social engineers always try to create emotional confusion, and then offer a route out of that confusion by saying: pay this, click this, do that. In hindsight, it may seem an obvious scam, but in the moment, people like to follow a lead.”
Here are six of their techniques.
1. Building a connectionPeople are more likely to respond when they sense a connection with someone. Criminals can easily create fake connections by mining social media for clues. “Hey, we went to the same conference/love the same music...”
2. Applying time pressureOnce a criminal has gained an employee’s confidence, he or she can use urgency to succeed in a request. “I have to do a presentation in five minutes, and I’ve forgotten my log in details...”
3. Using authoritySocial engineers often phish – and then impersonate – senior management. They know that a request that comes from the boss will be more likely to succeed.
4. Asking for helpHaving established a connection with a target, a social engineer can then ask for a favor. “Please download this file for me. I can’t open it…”
5. Offering an incentiveThis is one of the oldest and most obvious tricks. Most frequently it involves a free gift. But it can also exploit other basic human desires such as romance. “You have a secret crush – click here to find out who it is…”
6. Exploiting social conformityAs a rule, people don’t like to be awkward. They will go with the herd. Social engineers routinely exploit this trait. “Everyone else has done this. You’re the last. Please respond now...”
flag unusual behavior such as downloading large files or setting up regular payments.”
A good rule of thumb is to only give users the privileges that are essential to perform their intended job. This is called the principle of least privilege (POLP). Companies can set POLP policies by user, process, file type, time of day and other parameters. POLP can even be extended to applications that perform authorized activities.
HIJACK RISKSAnother recommended strategy is to encourage employees to use secure digital signatures when they communicate with each other. Today, many organizations use public key infrastructure (PKI) systems to digitally sign and encrypt email. Obviously, this provides a good defense. Yet there is still the risk that an attacker could hijack a legitimate user’s email.
Adding a physical layer of authentication can mitigate this. Gemalto’s Swat device, for example, gives a signatory the ability to put their unique smart card into a reader and enter a PIN before sending a highly sensitive request.
The user can add a description of the request, which shows up on the recipient’s Swat reader. This is called ‘understand what you sign’ (UWYS) and counters any request sent by an attacker who does not have a smart card and reader. It’s one of the technical ‘flags’ Jenny Radcliffe described.
All of the above defenses will help an enterprise to reduce the incidence of successful social attacks. However, it can only enact them when it knows exactly what kind of data it holds, where that data is stored and which groups of people have access to it.
This knowledge can be termed ‘situational awareness’ and surprisingly few companies have it. Enterprises need to understand what data they are trying to protect, who is coming into contact with it and which systems retain that data – whether it’s cloud, CRM or third parties. Only when they have this situational awareness can they start securing the data.
Determined attackers, however, will remain hard to repel. Employees will always be vulnerable to psychological manipulation. But investing in anti-social engineering education and tech is still worth it. “Only a small percentage of attacks are targeted at specific organizations,” says De Vere. “Most social engineers want an easy win. If you make it hard for them, they will give up and move on.”
Find out how organizations are improving their cybersecurity at tinyurl.com/cyber-security-agenda
33
INNOVATIONMACHINE LEARNING
Machine learning works on the principle that systems can learn from data and then carry out tasks without human intervention. While this approach may create efficiencies in the way organizations run and protect themselves, can it always be trusted?
AUTHOR ADAM OXFORD
ILLUSTRATIONS LIDIIA MOOR/GETTY
SECURITY LESSONS IN MACHINE LEARNINGFrom smartphone assistants that help you to find the nearest gas station, to applications that improve your writing style, artificial intelligence (AI) is changing the way we interact – it makes web searches fast and typo free; enables banks to approve loans in seconds; and powers real-time translation in hundreds of languages. AI and machine learning are delivering efficiency and productivity gains in factories around the world, and it’s easier than ever for organizations to use the technology.
Recent research from Gartner suggests that businesses expect to almost double the number of AI and machine learning deployments every year from now until 2021, raising the average number from four to 35 in just four years. The main factor currently holding them back is access to skills. “Finding the right staff skills is a major concern whenever advanced technologies are involved,” explains Jim Hare, research vice president at Gartner.
AI is becoming critical to physical and virtual security. In the UK, the Post Office claims that the deployment of a cloud-based video camera network
that can identify aggressive behavior has been key to reducing attacks on staff by 36% in three years. Network security solutions increasingly use AI to detect malicious activity, such as a data breach or ransomware infection starting to spread.
AI has become so ubiquitous, in fact, that it can be hard to define. To some people, for example, the terms ‘AI’ and ‘machine learning’ have very specific and distinct interpretations. To others, they are almost interchangeable.
A common way to differentiate between algorithms, AI and machine learning is to think of them as a hierarchy. Berend Berendsen, CTO of AI developer Widget Brain, describes an algorithm as a simple automated instruction, such as ‘if x then y’, or a more complicated sequence of mathematical equations.
“Machine learning is a set of algorithms that is fed with structured data in order to complete a task without being programmed how to do so,” Berendsen says. “A credit card fraud detection algorithm is a good example of machine learning. Ever received a message asking if your credit card was used in a certain
34
In July, a bot called Pluribus beat some of the world’s most celebrated poker players in six-person matches for the first time
country for a certain amount? Thank machine learning for that.”
AI, meanwhile, encompasses machine learning, but also includes the broader ability to learn using ‘neural networks’ to understand subject matter without being given explicit labels about context. It can also learn using unstructured data – such as a collection of text messages, invoices and emails – as
opposed to structured data, such as a spreadsheet or database. Examples
could include a robot learning to navigate a landscape without
knowing what sorts of obstacles to expect.
Find out how machine learning is driving sustainable biometrics at tinyurl.com/sustainable-biometrics
Regardless of the definition, advancements in AI and machine learning are coming thick and fast. In July, a bot called Pluribus beat some of the world’s most celebrated poker players in six-person matches for the first time. One of its creators, Professor Tuomas Sandholm, described the victory as “superhuman” because, “thus far… milestones in strategic reasoning have been limited to two-party competition. The ability to beat five other players in such a complicated game opens up new opportunities to use AI to solve a wide variety of real-world problems.”
THE DARK SIDE There are, understandably, concerns about where AI and machine learning are heading. One particularly visible problem, which has captured many column inches, is that of ‘deep fakes’: multimedia clips that look like real (usually famous) people but have in fact been generated by algorithms and actors. In June, a highly convincing – but completely fake – video of US President Donald Trump was played to an audience
at the G20 summit in Osaka, Japan.Yet at the same time, these tools are also
essential in providing safety and security in the real (and virtual) worlds in the future. Deep
fakes, for example, may look convincing to a human eye, but AIs have been trained to
catch invisible signs that an image has been manipulated. They do this either
by looking for physical flaws in an image or, as a team of researchers
from the University of California recently demonstrated, by
comparing deep fake videos to other footage of the
person in question.At the University
of Washington, a team of scientists
built a ‘fake news’
Machine learning is a set of algorithms that is fed with structured data in order to complete a task without being programmed how to do so
Ever received a message asking if your credit card was used in a certain country for a certain amount? Thank machine learning for that”BEREND BERENDSEN, CTO, WIDGET BRAIN
35
deep faked audio has been used to impersonate a CEO’s voice to authorize cash payments.
In the digital world, being able to authenticate users based on their identity is the gold standard for security, whether it’s when you’re making a mobile payment or logging into a business application.
“Deep fakes might be used for jokes and pranks online,” says Raphaël de Cormis, Vice President of Innovation and Digital Transformation at Thales, “but in our industry we need to master these technologies so that we can prepare and defend ourselves against identity theft.”
One of the big questions in research at the moment, says de Cormis, is how organizations should balance convenience, security and privacy. It’s important for firms to engage in the debate if they are going to retain public trust.
“A lot of the debate is about identity,” he explains, “and how identities are converging. We are merging our physical identities, our digital identities and our civil identities – who we are to the state.”
While this can raise concerns, there are also many positive benefits. AI and machine learning can deliver better cybersecurity in a more convenient manner: for example, by drawing on many different signals for identity verification.
“The trend is toward ‘silent authentication’,” explains de Cormis, “and to move us away from usernames, passwords and SMS messages to [instead] being able to access a particular resource based on an AI’s determination that you are who you say you are.”
One of the big questions in research at the moment is how organizations should balance convenience, security and privacy
INNOVATIONMACHINE LEARNING
text generator called Grover. Rowan Zellers, who led the team, explains that after training Grover on 120 gigabytes of real news stories, “Given a headline like ‘Link found between vaccines and autism’, Grover can generate the rest of the article. Humans find these [Grover] generations to be more trustworthy than human-written disinformation”.
What’s the solution? It turns out that because Grover knows how to write fake news, it’s also very good at spotting it. In fact, a second instance of Grover was able to pinpoint fakes written by the first with 92% accuracy. “The best defense against Grover turns out to be Grover itself,” says Zellers.
THE BOTTOM LINE There are hard business reasons to be interested in how machines are being deployed in culture wars online. The same tools used for creating deep fakes and fake news also present challenges that businesses need to prepare for. Symantec, for example, has reportedly identified at least three instances in which
FALSE CONCLUSIONSAlgorithmic bias has become a hot topic in AI research, and relates to a system drawing false inferences based on the data it has been trained on. In the early days of using facial recognition to unlock smartphones, for example, one Chinese woman claimed that a co-worker had been able to get past the security. Researchers speculated that this may have been because the dataset used to train the AI didn’t contain enough examples of Chinese women to be able to differentiate correctly.
These kinds of episodes are at least embarrassing for technology companies and at worst dangerous. There has been much written about systems developed to suggest sentences for criminals based on their likelihood to re-offend displaying a racial bias, for example.
The solution, says Thales’ Raphaël de Cormis, is to test any new application vigorously and ensure that it is trained on carefully selected balanced datasets. The problem is that many AI deployments are a ‘black box’ in which the training data is unknown. According to professor of international law at Harvard Law School, Jonathan Zittrain, this may get worse as new AI models are trained using data from old ones, which means some training data could be two or three steps removed.
“We need to be able to audit and certify new models,” says de Cormis. “We have already started with performance benchmarks.”
Deep fakes might be used for jokes online, but in our industry we need to master these technologies so that we can defend ourselves against identity theft”RAPHAËL DE CORMIS, INNOVATION AND DIGITAL TRANSFORMATION, THALES
36
SEAMLESS SECURITY Silent authentication relies on machine learning algorithms being able to assess multiple sources, such as what appointments are in your diary and the time of day you’re logging in, through to biometric information such as heartbeat, voice pattern or even the way you walk. A complex risk profile might recognize that you’re logging in at an unusual hour, but if everything else is recognizably ‘you’ it will leave you unchallenged. If a few things seem suspicious, it would then ask you to confirm your identity.
“We can associate all these modalities to increase our ability to authenticate people,” explains de Cormis, “but we have to have the debate around ethics and questions, such as how do you establish informed consent?”
AI and machine learning are also being used to check credentials, says de Cormis, who points to know Your Customer (KYC) applications that can recognize photographs of state-issued identity documents submitted via a smartphone, and then pick up on indications that the documents are fake. These are being used by organizations such as car hire firms, as well as financial services.
Passing through an airport, too, is becoming less onerous thanks to AI used for identity verification. Gemalto and Thales have installed solutions around the world that can enable airlines to check-in and board passengers based on facial recognition and other biometric signals, so that they don’t have to produce documentation at every gate.
The same systems can also deliver better physical security and safety, for example by detecting
if a weapon is drawn or if someone falls over. There are other benefits: by tracking the way
passengers move around airports, they can help planners to optimize retail spaces
and marketing messages. They can also be used to locate passengers
who are needed for boarding, or to help find lost luggage.
What’s the difference between AI and machine learning? tinyurl.com/AI-and-machine-learning
IN THE QUANTUM ERABreakthroughs in quantum computing are becoming a regular occurrence, and the evidence is that AI and machine learning will become more powerful as a result. In March, researchers from IBM and Massachusetts Institute of Technology demonstrated an experiment using a quantum processor alongside a conventional CPU to perform a machine learning task around object classification. “The use case for quantum computing is that the ability to learn will increase a lot,” says Thales’ Raphaël de Cormis, citing the use of accelerator chips as the shape of things to come. These dedicated pieces of hardware have been designed to speed up AI and machine learning algorithms that are highly taxing for traditional CPUs.
De Cormis says that AI can help to improve the security and processing of personal data through the increasing capabilities of local devices. These are able to run AI routines without sending data to the cloud and have new learning algorithms that require less data to train on.
Using local technology has been vital for building decision-making engines for scenarios where data simply is not available – such as for use within military applications. It can also help to make AI more accessible and less reliant on centralized computing.
FILLING THE GAPS Adopting AI solutions may seem daunting, but de Cormis says the truth is that most businesses are probably using it without being aware. In security, AI is being used to improve network monitoring, added as a new capability to existing solutions.
It can also be habit forming. One fact about AI algorithms that may surprise business users, according to PwC in its 2019 AI predictions, is that there aren’t that many of them.
“The same algorithms are capable of solving most business problems for which AI is relevant, so if you can successfully apply them in one area of your business, you can usually use them in others,” says PwC. “You can then modify and use the AI component to speed up other parts of the company – such as customer service, marketing, tax and supply chain management.”
In other words, if you’re not using AI yet, you soon will be.
37
When we discuss the future of transportation, the connected car is only one part of the debate. It’s a conversation that must also embrace the automation of the transportation sector as a whole, with a radical adaptation of interconnected infrastructures and the evolution of the urban environment.
Starting with cars, the Institution of Mechanical Engineers has predicted that the UK could have a completely automated fleet by 2050 and it is likely that this will have a significant impact on the city landscape and the environment.
Euro Car Parts’ research into the driverless future reveals that with the introduction of autonomous vehicles, roads and highways would become half as wide as they are today because autonomous cars are capable of traveling closer together. Thanks to this precise control over vehicle range and space, road requirements will shrink, with urban spaces redefined to take advantage of the space left behind.
“From the width of the roads to the reduction of parking spaces and cleaner air across cities, this visualization and research make some interesting revelations around how the landscape and the environment will adapt to these changes in the automotive industry,” says Martin Gray, CEO, Euro Car Parts.
EARLY ADOPTERSTRANSPORTATION
AUTHOR TAMSIN OXFORD
IMAGE GETTY
background, which will result in optimized flows, more efficient capacity usage and lowered prices.”
Connectivity across rail, land, air and sea is not limited to the capabilities of the vehicles that traverse them. It will transform how individuals communicate and collaborate. From something that takes people from A to B, it will become a hub of entertainment, a workplace, a personalized experience that adapts to individuals and journeys.
“The rise of global connected vehicle uptake through to a fully autonomous driving future will revolutionize how vehicles are manufactured and used,” says Kitchingman. “Cars will no longer be viewed as purely a means of mobility, but also as a way of ensuring people remain connected for business and leisure purposes, with things like news updates via smartphone connectivity or in-car telematics services.”
This connectivity will be powered by 5G, which will allow connected vehicles to receive information before the passenger, adapting its speed, route and direction to match traffic or pedestrians. Vehicles connected to a 5G network can communicate at around five milliseconds – a human response time is around 150 milliseconds. This not only transforms how vehicles respond to potential accidents and save lives, but also the rapidity of
Virtual design and collaborative tools will play an important role in the digital transformation of the transport sector and its operations. “Automakers can immerse themselves in hyper-realistic environments, simulating their designs with digital twins to test usability and functionality, all before creating physical reproductions,” says John Kitchingman, Managing Director of the Northern European region of Dassault Systèmes.
“As the automotive industry continues to evolve digitally, manufacturers and businesses will increasingly be able to address longstanding issues such as pollution, traffic congestion, and the enhanced safety of drivers and pedestrians.”
LIVE TRACKING The live tracking of goods and vehicles has already allowed organizations to get more out of their transportation networks. This optimization will accelerate, with enhanced freight capacity, shortened delivery cycles and increased accuracy.
“Empty cycles of transportation capacity will be reduced and the various transportation modes of road, air, water will be synchronized,” says Stefan Marxreiter, COO of Mobica. “Communication across road, rail, air and water will be managed through cloud processing in the
communication across platform, vehicle and network.
The connectivity that allows different modes of transport to talk to each other will create an infrastructure where traffic lights and the bridges can alert the driverless car of a delay or congestion; where the passenger that falls ill can be taken directly to the nearest medical facility as the vehicle has detected a critical change in their vitals; and where transport networks can evolve to streamline traffic flows at peak times of day or night.
NEW INFRASTRUCTURE All of this will require existing infrastructure to be adapted. Roads will get smaller, the digital coverage richer and the devices that harness the Internet of Things more prolific and robust. With improved connectivity will come a need for increased security that can effortlessly authenticate people and things; that can protect communications so that data can be shared securely between the infrastructure and vehicles; and that will monitor infrastructure in real time to ensure that any cybersecurity attack is dealt with.
The change will be subtle and remarkable as devices and systems evolve. And it’s already begun.
For the latest technology news, check out the Gemalto
blog at blog.gemalto.com
IT’S THE JOURNEY NOT THE DESTINATION
The automation of transportation is set to transform both the way we use and perceive road, rail, air and sea travel
38
Barely a day passes without a reminder of how digital technology continues to transform businesses and offers innovative opportunities to create new services. But alongside these new service offerings is another output: an explosion in the volume of data. Harnessing this data, and making sense of it, is a huge challenge that requires the kind of processing power that can only be delivered by the application of artificial intelligence (AI).
But how can we trust AI to manage and protect these vast amounts of data? And what kind of decisions should we allow AI to make based on the data? Gemalto, a Thales company, understands that crucial to successfully applying AI will be building trust both among organizations and the customers they serve.
In this first edition of the magazine since Thales acquired Gemalto, we lay out how the combination of our business with Thales’ existing digital expertise has created a company that’s capable of addressing the key pain points in today’s connected world; finding the right blend of security and ease of use that is building trust in digital services – whether it’s speeding up the process of customer onboarding in financial services or flight check-in time for air passengers. If you want to see these solutions at first hand, then come and visit us at the conferences and exhibitions we attend, such as Milipol or the Thales InnovDay (see page 7 for the full list).
On page 18, we meet Dr Rumman Chowdhury, Global Lead for Responsible AI at Accenture, who is building trust in AI by making sure it is ethical, explainable and transparent. She is working with organizations to codify AI governance structures, looking at whether the data powering their AI models is being used in support of the purpose for which it was collected and if organizations have been transparent about how it is used.
As AI evolves, it will create new possibilities but also new challenges, not least in the rise of attacks that subvert AI algorithms – deploying ‘deep fake’ images and other biometric manipulation. On page 34, we look at how AI is getting smarter, with machine learning algorithms able to assess multiple sources, such as what appointments are in your diary or the time of day you’re logging in, and combine this with biometric information, such as voice pattern, in order to confirm identity.
One thing is certain: without AI we will struggle to make sense of the huge explosion in data from our connected world. Managing the after-effects of this explosion will therefore be crucial in building trust. We hope that by working sensibly with AI, we can make everyday life more convenient and secure for all.
Philippe Vallée Executive Vice President, Digital Identity & Security, Thales
gemalto.com @gemalto LinkedIn.com/company/gemalto
Cov
er p
hoto
grap
hy: C
harl
ie S
urbe
y
The Review is published by Gemalto Corporate Communications – www.gemalto.com
© 2019 Gemalto – www.gemalto.com. All rights reserved. Gemalto, the Gemalto logo and product and/or service names are trademarks and service marks of Gemalto NV and are registered in certain countries. The views expressed by contributors and correspondents are their own. Reproduction in whole or in part without written permission is strictly prohibited. Editorial opinions expressed in this magazine are not necessarily those of Gemalto or the publisher. Neither the publisher nor Gemalto accepts responsibility for advertising content.
For further information on The Review, please email [email protected]
The Review is printed on Cocoon Silk 50 paper. Certified as an FSC mixed sources product, Cocoon Silk 50 is produced with 50% recycled fiber from both pre- and post-consumer sources, together with 50% FSC certified virgin fiber from well-managed forests.
Stronger identityContributors
Tim GreenTim was a senior analyst at Screen Digest before launching B2B title Mobile Entertainment in 2005.
Sarah KidnerSarah has 20 years’ experience writing about technology, including being editor of Which? Computing.
Adam OxfordSouth Africa-based Adam has been a technology journalist for the past 15 years, writing for titles across the world.
Tamsin OxfordA journalist and editor for nearly 20 years, Tamsin specializes in IT and has edited titles such as PC World.
Len WilliamsLen is a technology journalist who has written for a number of companies, including Microsoft and Dimension Data.
The Review is produced for Gemalto by Wardour, Drury House, 34–43 Russell Street, London WC2B 5HA, United Kingdom +44 (0)20 7010 0999 wardour.co.uk
COMMUNICATIONS MANAGER, THALES Laurence ManouelidesHEAD OF EDITORIAL Luke TurtonGROUP ART DIRECTOR Steven GibbonPRODUCTION MANAGER Jack MorganPRODUCTION DIRECTOR Angela DerbyshireACCOUNT MANAGER Daniel BradleyHEAD OF CLIENT SERVICES Emma FisherCREATIVE DIRECTOR Ben BarrettMANAGING DIRECTOR Claire OldfieldCEO Martin MacConnol
WELCOME
2
GEMALTO.COM
View on all devices
FACIAL RECOGNITIONThe new science of identityIn the online economy, where activity happens remotely, reliable authentication and identification can be hard to achieve. An email is not a failsafe proof of identity, people forget passwords and PINs, which is why attention has turned to biometric alternatives and the potential of facial recognition. We look into the development of this technology, its many real-world applications and why the ethics of facial recognition need to evolve in tandem with its deployment.
Discover the future of facial recognitionwww.gemalto.com/facial-recognition
Issue 2 2019
Smart insights for a digital world
Dr Rumman ChowdhuryWhy artificial intelligence needs to recognize human assumptions
utopian dream
sophisticated
mimic
algorithmic models
the
huma
n co
ndit
ion
While the technology is new, the questions we ask are not
sci fi future
inclusion
diversity
social bias
ethical use of data
beha
vior
s
fairn
ess
A ROAD MAP FOR SMART CITIES • BLOCKCHAIN MAKES NEW CONNECTIONS • BEWARE THE SOCIAL ENGINEERS