Technical Marketing Engineer Intern Gives Take-Aways From the Cyber Security 2017 Event
Written by Marwan Ghalib; Student Technical Marketing Engineer
CENGN was excited to attend the 3rd annual Cyber Security conference organized by the Conference Board of Canada (CBoC) February 27–28. While this year’s theme focused on Securing the Smart Cities of the Future, the speakers discussed several other cyber security issues and experiences they have in the sector.
The conference started off with opening remarks from Dr. Satyamoorthy Kabilan, the conference chair, who emphasized on the role of cities in driving the economy and that the modern urban environment will see the largest IoT deployment. While the increased number of connected devices provides great opportunities, it also proposes the challenge of securing all those devices. Dr. Kabilan ended his introduction by advising the attendees not to look at cyber security only from the perspective of their own industry, but from different perspectives as well.
In the first session of the conference, Owen Key who is the CSO working for the City of Calgary, demonstrated Calgary’s experience with IoT and the challenges they have faced. He simplified the definition of IoT, stating that “at the end of the day, it is about sensors and information”. Owen went on to discuss the unique cyber security issues facing Calgary today. Unlike Toronto and Ottawa who use 3rd party providers, the City of Calgary itself is a service provider, and receives around 2,500 attempted cyber-attacks per week. Finally, he emphasized the importance of educating the public on cyber security as clearly as possible.
Automated vehicles and transportation is one of the vital aspects of a smart city. Barrie Kirk, ExecutiveDirector of the Canadian Automated Vehicles Centre of Excellence, and Dr.
Josipa G. Petrunic, CEO of the Canadian Urban Transit & Research Innovation Consortium, discussed the latest developments in automated transportation and their cyber security implications. Barrie talked about examples of hacking vehicles through their entertainment system. Dr. Petrunic went on to give insight on the significance of testing vehicle supply chains to discover malicious chips.
Speaking about protecting a smart city from cyber-attacks, Faud Khan (Chief Security Analyst at TwelveDot) identified how mobile devices are a gateway to attacking a network. Surprisingly, a lot of attacks are possible because default usernames and passwords on a lot of devices on the network are never changed. He talked about how a system overview at the network headquarters or administrator portal can sometimes be misinformed. One of the main things he spoke about, which became a recurring topic throughout the rest of the conference, was the concept of “security software”. According to Faud, security software is created to protect bad software. In other words, it is like packaging for a bad product. Instead of looking to security software for protection, he stressed the importance of addressing bad software development. This includes implementing in-field updates to facilitate protection from cyber-attacks. Finally, he talked about the social implications of a smart city. The access to a tremendous amount of information can be good and bad. Threat modeling, which implies that we need to understand who attacks the network and how, is crucial to a secure smart city because “it’s not about if (an attack happens), it’s about when”.
David Goodis, Assistant Privacy Commissioner of Ontario, spoke about the relationship between privacy concerns and smart city cyber security. He gave a quick guide for planners and providers to design the IoT infrastructure of a smart city while keeping privacy in mind. This was an important session to learn about the laws and legal processes regarding privacy in a smart city.
From Blackberry, Alex Manea who is the company’s director of security, gave numerous examples
of cyber-attacks from around the world, from cars all the way to baby monitors. One example that shocked most of the crowd was how hackers were able to connect to a business network through a smart tea kettle in the office that stored the Wi-Fi password. “Security needs to be built in, not bolted on”, said Alex. This goes back to what was mentioned earlier in the day and would be a recurring idea throughout the rest of the conference. Alex also highlighted the importance of securing data flowing through the network and not just securing the devices. The City of Ottawa was present at the conference as well through Chris Fulton, who is the Program Manager for Technology Security. From Toronto, Andrew Faber, who is the Director of Information Security at the Greater Toronto Airports Authority, spoke about the Toronto airport’s experience with IoT. He mentioned that the Toronto Airport, in itself, can be considered a smart city. Tens of millions of people travel through the airport per year. What was interesting in his session was how he educates employees on cyber security in the home so that they can become interested and aware about cyber security in the workplace.
Dominique St-Martin, Sales Engineer at HPE Aruba, kicked off the second day by discussing
how we should build a trust-based model for IoT in smart cities. “IoT is about turning data into action”, he said. Dominique spoke often about using NAC (Network Access Control) to secure IoT, and about isolating the IoT infrastructure from other networks that it doesn’t necessarily need to speak to, such as the finance department of a business. According to Dominique, powerful edge processing is also important when it comes to IoT, also called converged IoT systems. This results in less processing in other network devices.
From Hydro Ottawa’s perspective, IoT security is definitely an important topic as they are adopting
IoT and smart technologies to support the energy grid. Charles Berndt, Smart Grid Technologies Supervisor, and Chandrasekhar Krishnamurthy, Director of Internal Audit and Enterprise Risk Management, approached smart development from the perspective of risk management. They focused on combining risk management and foresight, while emphasizing the important role local utilities can play as the source of power for IoT infrastructure.
Michelle Chibba from Ryerson University discussed the 7 Foundational Principles of Privacy by Design. “You don’t need to relinquish privacy to get the benefits of IoT”, she said. The last session of the conference was presented by Patrick Vandenberg, Program Director at IBM’s Security Product Marketing department, who gave the audience insights into the era of Cognitive Security.
A big thank you goes out to the Conference Board of Canada for hosting such a successful event. The event was a great opportunity to learn about the latest cyber security challenges and latest trends in how to overcome them. This is something that, for students, won’t necessarily be taught in a classroom. It was a great opportunity to network with industry leaders in IoT, cyber security, and the technology industry in general.
One of CENGN’s main priorities is supporting SMEs through the commercialization and acceleration of their innovative technology. Here at CENGN, we also know the importance of networking for SMEs to get their ideas and products into the mainstream of the ICT sector, which is why CENGN also provided two of its SME partners with tickets to the Cyber Security 2017 Conference. Along with Technical Marketing Engineer Student, Marwan Ghalib, CENGN SMEs InBay Technologies and InfoSec Global were able to take advantage of the two-day event’s informative discussions and professional networking. If you are an SME looking to submit a technical project or accelerate your technology’s push to market, please contact us by clicking here!