Participants of the Digital Trust Summit on a panel in Zoom. Learn more about ASU's Digital Trust Summit: https://tech.asu.edu/events/digital-trust-summit-2022

Navigating the future of cybersecurity and trust: top 5 challenges and opportunities

200 global cybersecurity professionals identify ‘security equity’ and ‘redesigning consent’ as moving targets for the field at ASU’s 2022 Digital Trust Summit.

For many, our internet-connected devices know more about us than our closest friends. Every day these devices are privy to a constant stream of information about us. From how many steps we’ve taken to the courses we’ve completed, humans now come with rich data histories that speak to their interests and skills. 

The rise of the digital world has raised many questions about security, privacy and most importantly – trust. And, for the 2022 Digital Trust Summit, teams at ASU’s Enterprise Technology surfaced a key theme for the nearly 200 cybersecurity leaders, faculty, researchers and students that convened virtually on October 12: How much do you trust the websites and products you’re using?

“We’re committed to learning from this diversity of thought leaders and folks doing amazing work across the globe, and then taking those wonderful lessons and then figuring out how to adapt them locally,” said Summit host and ASU’s Chief Information Security and Digital Trust Officer, Dr. Donna Kidwell. 

Here’s a look at the five key themes that emerged from the various keynotes, discussions and panels: 

1. New technologies require new human skills.

Waymo, a global leader in self-driving vehicles and the world’s first autonomous ride-hailing service, leverages various emerging tools to power their fleets. To prevent malicious interference over the networks the vehicles are connected to, wireless security and machine learning are paramount. 

“You have to assume that things can go wrong,” shared Waymo’s head of cybersecurity, Stacy Janes. “You can’t just design for this success case – you have to design for the worst case.” 

Future jobs will call for machine learning data specialists – those who can identify and work with synthetic data that enables the car to continuously learn as it drives, ensuring safe rides for all.

Beyond acquiring the technical prowess, organizations and individuals should hone their data privacy knowledge and strategies. 

2. Consent processes must be human-centered.

According to Statisa, a staggering 97% of adults do not read the terms and conditions of online services. 

The first panel of the Summit was called “Consent & Sensibility: What did I just sign?” Panelists agreed that the dense language of current Terms of Service and consent processes is antiquated and prioritizes the business – not the customer. 

Moderated by Joanna Grama, Vice President at Vantage Technology Consulting Group, the group featured Ben Gansky, an ASU PhD student; Bogdana Rakova, Senior Trustworthy AI Fellow at the Mozilla Foundation; Tushar Tyagi, an ASU undergraduate student; and Jamie Winterton, the ASU Global Security Initiative’s director of research.

“There are vague definitions that companies put into their terms and conditions that teenagers like me could find confusing,” said Tyagi.

“Any relationship is built on communication, and we need improved communication on this,” mused Winterton. “Being specific about usage, being clear about how to opt out, and making it easy for people to opt in and out [is key].”

Later in the day, a discussion on the future state of cybersecurity between Dr. Kidwell and Shailaja Shankar, senior vice president and general manager of the Cisco Security Business Group, emphasized the need for such checks and balances.

“For a future state, security should work for you, not against you,” said Shankar, “When you talk about trust experience, it’s about everybody feeling secure where the right controls at the right time are applied.”

3. Everyone must participate in cybersecurity training.

Addressing security equity – defined as providing the tools, resources and knowledge to ensure all individuals can protect their data – means providing opportunities for people in every role in an institution and organization to learn. 

Deborah Watson, Resident Chief Information Security Officer at Proofpoint, illuminated the ways in which our blended reality of digital and analog exposes us to a diversity of cybersecurity threats. For example, call center and customer service professionals get such a large volume of calls and messages it is necessary to create new protocols to ward off phishing threats.

She emphasizes that our current blind spots can be often attributed to inadequate workplace processes rather than people. 

Using language like ‘negligent,’ ‘careless’ and ‘weakest link’ creates a defensive culture within our employees that already don’t like security,” Watson cautioned. Instead, organizations should consider more targeted and personalized training for people and teams that have access to critical systems and networks.

4. Open-sourcing our resources will enhance the security of our communities.

The panel titled “Open Science, Open Source: innovation for all,” focused on the power of collaborative work in science to improve healthcare for underserved communities.

Moderated by ASU Knowledge Enterprise chief information officer Sean Dudley, the panel featured Janet Walkow, clinical professor of molecular pharmaceutics and drug delivery at The University of Texas at Austin, Jim St. Clair, executive director at Linux Foundation Public Health, and ASU PhD student Ben Gansky. Their discussion quickly identified a socioeconomic gap – not every institution can afford or has the technical prowess to acquire or maintain licenses for technologies.  

“In science, the tradition is to hold closely any data of value as long as you can grind all value out of it,” shared Dudley. “Then maybe if you find the time, share it with somebody else if they discover something.”

Even when licenses and products for trust-based technologies – including blockchain – are made publicly available, the technical skills to deploy and maintain them are still relatively scarce. The need for open science has outpaced the global workforce’s understanding of it.

“We really have to change company and university culture to [make scalability] part of somebody’s job accountability,” Walkow concluded. 

5. Closing the security equity gap is a choreographed team sport.

Government, academic, industry, and nonprofit organizations must work in concert, aligning funding with educational programs, research and technology development. 

At the Summit roundtable, Ryan Murray, Deputy State Chief Information Security Officer for the State of Arizona, encapsulated the challenge by posing a question. “How do you provide these modern services to communities that aren’t really in an equitable location for digital inclusion – and then trying to stay safe online?”

Murray was joined by Joseph Bettencourt, Customer Champion at Thales; Jason Edelstein, Manager of Customer Assurance at Crowdstrike; Jeff Hooper, Senior Sales Engineer at Gemalto, a Thales Group Company; and Chloe Medosch, Customer Success, Public Sector at Cloudflare; with ASU’s Dr. Kidwell moderating.

Universities and governments increasingly rely on industry players to deliver more than just technology. Devising programming that resonates with various levels of digital equity and fluency is vital. “We’re focused on collaboration – working with everyone to design these in a way that isn’t overwhelming the entities who are part of the program, putting together training and support resources,” Medosch shared.

At the closing plenary session, Crowdstrike’s Edelstein emphasized the chasm that still exists between government intervention and equitable community support. E-Rate, the $4.4 billion federal program established in 1996 has enabled schools and libraries to access internet technologies at significant discounts; yet, it has neither included security technologies nor training.

The result is a pervasive lack of knowledge needed to safely navigate digital environments. According to the Fletcher School at Tufts University, only 40% of American adults can answer basic questions on topics including phishing, privacy and cookies. Confronting those deficiencies head on over the next year will necessitate including underserved and undereducated communities in the design process. 

In her closing remarks at the Summit, Dr. Kidwell shared her personal a-ha moment from the day about building a more diverse, inclusive cybersecurity workforce that better serves all communities. “A lot of the paths that I see today are folks coming to an interest in this space because they’re concerned and they’re advocating,” she shared. “It’s the mission that drives all of us.” 

By Samantha Becker, Strategic Communications Advisor to the CIO