Innovation in connectivity is so rapidly paced and multi-dimensional across integrated technology spaces today that there is a tendency to be overwhelmed with the concomitant risk of hacking. But this situation is definitively not hopeless. Critical advances in cybersecurity, in fact, are being achieved around the world, and there are clear indications that the world is getting serious about addressing the threat on multiple fronts.
New risks naturally present themselves with each new technology innovation. Consider, for example, the challenges introduced by the Internet of Things (IoT).
IoT deployment is intensifying around the world, bringing perhaps billions of devices globally into the cyber domain for the first time through Internet Protocol (IP) interfaces. The associated cybersecurity threat is rapidly evolving. In the IoT, systems that were once largely self-contained—their components connected only to one another—are now being interlinked through an IP backbone, introducing challenging new questions for the global technology community to consider. For example, how likely is a scenario in which a breach at one “thing” on the global IoT opens whole systems or even enterprises to vulnerability through interconnectedness, and what steps must be taken to manage such a multi-faceted threat?
It is an encouraging sign that the severity and dimensions of the threat are coming to be understood even beyond technologists—and that cybersecurity, in turn, is rising in the public consciousness as a matter of “social good” to be enforced and preserved. The 13 February 2015 White House Summit on Cybersecurity and Consumer Protection engaged far-reaching stakeholders from across the United States “to collaborate and explore partnerships that will help develop the best ways to bolster our cybersecurity.”1
At today’s White House Summit, President Obama says the future will be all about privacy, community, and connection. #IEEECybSI #Cybersummit
— The Institute (@IEEEInstitute) February 13, 2015
What is the role of the professional organization in grappling with the globally shared cybersecurity challenge?
As a globally scoped professional organization spanning an unmatched range of technology areas, IEEE is uniquely positioned to help facilitate collaborative progress in multiple ways.
For example, the IEEE Computer Society, the leading association for computing professionals, in 2014 launched the IEEE Cybersecurity Initiative with the aim of expanding and escalating its ongoing involvement in cybersecurity. The first step was to establish the IEEE Center for Secure Design, which is working to shift some of the focus in security from finding bugs to identifying common design flaws in the hope that software architects can learn from others’ mistakes. A report released by the center, “Avoiding the Top Ten Software Security Design Flaws,” delivers a valuable resource based on real-world data.
Also in 2014,with the launch of the IEEE Internet Initiative, IEEE expanded beyond its traditional scope and positioned itself as a bridge between the technical and political communities. The initiative is working to amplify the voice of the technical community in global technology policy-making in the areas of Internet governance, cybersecurity and privacy, in order to inform and influence debate and decisions and help ensure trustworthy technology solutions and best practices. By providing a consensus of sound technical and scientific knowledge and guidance to the process, the IEEE Internet Initiative seeks to pursue a vision of public policy informed by technology for the benefit of society.
Furthermore, the IEEE Standards Association (IEEE SA) has a long heritage of enabling trustworthy exchange of sensitive data via technology. Through education and open, interoperable standards, the IEEE SA helps foster a trustworthy framework for connectivity. IEEE 2413™, IEEE Standard for an Architectural Framework for the Internet of Things (IoT), for example, is currently in development to define an architectural framework to promote cross-domain interaction and aid system interoperability for the IoT. The standard is intended to provide a blueprint for data abstraction and the quality “quadruple” trust: protection, security, privacy and safety.
The IEEE SA facilitates global collaboration in cybersecurity at earlier stages of technology development, as well. For example, out of the desire by many in the security industry to more efficiently address growing cyber threats in a coordinated fashion, the IEEE SA Industry Connections Security Group formed in 2009 as a global effort to pool experience and resources in combating the systematic and rapid rise in threats to computer security. IEEE SA Industry Connections provided the much-needed collaborative environment for technologists in the computer-security industry to come together quickly and tackle the most pressing issues as they arise. The IEEE Anti-Malware Support Service (AMSS) that the group created is a set of shared support services that enables the individual security companies and the industry as a whole to respond more effectively and efficiently to the rapidly mutating universe of contemporary malware threats.
There is a growing range of ways for you and/or your organization to engage in the global cybersecurity effort through IEEE. Your unique perspectives on the challenge and lessons learned are needed at the table. You can learn more about how to get involved at www.standards-qa21.ieee.org.
Nothing less than the global technology community’s best, combined efforts to manage security risks are required in today’s quickly evolving cyber age. IEEE provides a proven, globally open collaborative environment through which to marshal those efforts for the benefit of humanity.
Oleg Logvinov is chair of the IEEE Internet Initiative and IEEE P2413 Draft Standard for an Architectural Framework for the Internet of Things Working Group and Director of Special Assignments in STMicroelectronics’ Industrial & Power Conversion Division.
Greg Shannon is chair of IEEE’s Cybersecurity Initiative and chief scientist at the CERT Division of the Carnegie Mellon University Software Engineering Institute.