Supply Chain Fortification: Safeguarding the Cyber Resilience of the Global Supply Chain

Ryan Chilcote

Summary:

According to the global cybersecurity community, there is a strong belief that a major cyberattack is imminent. Michael’s comment hinted at the possibility of an upcoming cyberattack, further raising concerns. Cyber threats target both individuals and nations, indicating that no one is exempt from the potential dangers.

Ryan believes that nation-states pose a greater danger in terms of cyber threats compared to individual hackers. This reflects the increased sophistication and capabilities of nation-states in carrying out cyberattacks. It is crucial for nations to remain vigilant and enhance their cybersecurity measures to protect critical systems and infrastructure from cyber warfare.

The importance of focusing on the security of supply chains and collaboration is emphasized, particularly in relation to artificial intelligence (AI). Addressing the challenges associated with AI and supply chains requires collaborative efforts. The Global Cybersecurity Forum (GCF) recognizes the need for collective action in addressing these issues.

One potential pitfall related to AI is the inclusion of sensitive information in text transcripts. Anecdotal experiences have highlighted concerns about privacy and security when using AI transcription software. For example, the software transcribed the entire conversation, including parts before and after the call, and shared it with all participants. This raises significant questions about the protection of private and confidential information and the overall security of AI systems.

In conclusion, the global cybersecurity community is increasingly concerned about the growing threat of cyberattacks. Strengthening cybersecurity measures and fostering international collaboration are crucial to mitigate these risks. It is also essential to address the potential pitfalls associated with AI, such as the exposure of sensitive information, to ensure privacy and security.

Dr. Saad Saleh Alaboodi

The disruption of the global supply chain in the cyber context is already an issue, with targeted attacks on various sectors. For example, the Shamoon attack on Aramco in 2012 had a profound impact on energy supplies. Additionally, the healthcare sector has been severely affected, as seen with the propagation of COVID-19. Furthermore, targeted attacks on the IT supply chain, such as the SolarWinds attack in 2020, pose significant challenges.

On a positive note, emerging technologies such as AI, quantum computing, and mobility tools are becoming increasingly fundamental to businesses and organizations. These technologies are no longer just plugins or interfaces, but offer opportunities for innovation and optimization.

However, the adoption of emerging technologies also presents risks. For instance, misuse of generative AI can lead to the creation of disinformation, with adverse consequences. Furthermore, disruptions and potential misuse in the adoption of these technologies must be carefully managed to prevent harm.

Business models that leverage emerging technologies, like robotics and drones for packaging and delivery, have the potential to drive significant innovation. It is crucial, however, that these models are implemented securely, especially in times of peace.

The adoption of emerging technologies also necessitates a shift in required skill sets and talent development. Decision-makers must be equipped to make decisions on a larger scale and at a higher speed in order to accommodate the influx of material brought into the decision-making process by emerging technologies.

To ensure supply chain security, international collaboration, robust regulations, and information sharing are crucial. Collaboration among “good guys” must be as efficient as that of “bad guys” to effectively counter cyber threats. It is also important to inject sovereignty in policy-making and industry to uphold supply chain security.

Securing the cyberspace is vital as more assets and items are being digitized and pushed from the physical space to the cyberspace. This shift towards securing the cyberspace leads to the security of the economy and the prosperity of nations. Some tech companies have already started the shift towards sovereignty, recognising its importance in securing the cyberspace.

Moreover, it is suggested that tech companies should focus on building sovereign versions of their technology and offerings, as this is seen as the future. The sovereign version of hyperscaler cloud services might soon become the default version, significantly impacting the global ICT markets.

Efficient integration between the physical and digital supply chain spaces is necessary for optimization in operational supplies, including cost, performance, and delivery. The intertwined relationship between different domains across the value chain can have catastrophic consequences in times of crisis. Therefore, there is a need to establish efficient integration between these two spaces to maximize benefits.

In conclusion, the disruption of the global supply chain due to cyber attacks is a pressing issue. While the adoption of emerging technologies presents opportunities for innovation, it also introduces risks that need to be vigilantly managed. Furthermore, ensuring supply chain security requires international collaboration, robust regulations, and information sharing. Securing the cyberspace is essential for the prosperity of nations, and tech companies should consider building sovereign versions of their technology. Efficient integration between physical and digital supply chain spaces is crucial for optimization and resilience.

Amin H. Nasser

The rapid digital transformation of our world has made us more vulnerable to cyberattacks, and the energy sector has become a prime target. Last year, approximately 97 zettabytes of data were generated globally, with a predicted increase to 175 zettabytes by 2025. This exponential growth in data provides cybercriminals with more opportunities to exploit vulnerabilities and gain unauthorized access to critical systems.

Aramco, a notable company in the energy sector, recognizes the importance of building resilience against cyberattacks. They have implemented a comprehensive defense strategy focused on safeguarding their operations. Aramco has established cybersecurity standards for all their service providers, creating a security-oriented ecosystem that strengthens their overall defense against cyber threats.

Artificial Intelligence (AI) is a powerful tool with enormous economic potential. Generative AI alone could contribute between $2.6 trillion and $4.4 trillion annually to the world economy. However, along with these economic benefits, AI also presents unique risks. To mitigate these risks, guidelines and controls have been established to promote the responsible and secure implementation of AI technologies.

Aramco’s commitment to cybersecurity is also reflected in their emphasis on continuous innovation and comprehensive cybersecurity measures. They believe that by actively pursuing innovative solutions and incorporating robust cybersecurity practices, they can ensure the safe and continuous supply of energy. The digital transformation of Aramco’s business has brought significant benefits, highlighting the importance of maintaining a secure digital ecosystem.

In conclusion, the rapid digital transformation has increased our vulnerability to cyberattacks, particularly in the energy sector. Aramco’s approach to building resilience through a comprehensive defense strategy and setting cybersecurity standards for service providers is commendable. It is crucial to guide the deployment of AI with strict guidelines and controls. Aramco’s focus on continuous innovation and comprehensive cybersecurity underscores its commitment to the safe and uninterrupted supply of energy.

Michael Ruiz

The analysis highlights several significant points related to cybersecurity and supply chain disruption. First, there is widespread belief among cybersecurity experts and business leaders that geopolitical instability could trigger a major cybersecurity supply chain disruption in the next two years. This consensus reflects a concern about the vulnerability of supply chains to global political tensions.

Furthermore, the global cybersecurity community predicts an imminent cyber attack, with particular focus on the threats posed by nation-states and evolving cybercriminal organizations. Nation-states are considered more dangerous due to their significant resources, while cybercriminal organizations have evolved from operating as individuals to working together as conglomerations or consortiums of bad actors.

To address these imminent threats, there is an urgent need to protect supply chains from cybersecurity threats and to enhance cybersecurity in Operational Technology (OT) networks, which are considered less mature than their IT counterparts. It is argued that best practices from both OT and IT need to be combined, and organizations must have a comprehensive view of their security posture. This entails ensuring visibility of all assets in the OT environment and bridging this information back to IT.

With the propagation of AI technology, new challenges in cybersecurity have emerged. It is cautioned that AI technology is often adopted earliest by bad actors to overcome security barriers. Consequently, there is an increasing need to stay alert to more sophisticated attacks resulting from AI.

The analysis also emphasizes the importance of policies for AI and cybersecurity, and the significance of public-private partnerships in developing such policies. It is recognized that policy-making lags behind innovation and that partnerships between corporations, governments, and global forums are crucial for finding effective solutions.

In addition, the analysis highlights the need for a multi-layered approach to cybersecurity, involving local, regional, and global efforts. It is argued that local regulations and solutions, along with regional strategies and global solutions, should work in tandem to address the complexities of cybersecurity. Notably, recent collaboration among 40 countries to refrain from paying ransom in malware cases demonstrates the importance of aligning strategies from a local to global level.

In conclusion, the analysis underscores the need to proactively address cybersecurity challenges posed by geopolitical instability, nation-state threats, and evolving cybercriminal organizations. It highlights the importance of protecting supply chains, enhancing cybersecurity in OT networks, leveraging best practices from both OT and IT, and adopting a comprehensive security posture. The potential risks associated with the proliferation of AI technology are also emphasized, as well as the necessity of developing policies and engaging in public-private partnerships to mitigate these risks. Finally, a multi-layered approach to cybersecurity at local, regional, and global levels is advocated for comprehensive and effective solutions.

Christophe Blassiau

The analysis explores the impact of emerging technologies on critical infrastructure and cybersecurity. One perspective suggests that major transformations and mega trends in critical infrastructure have the potential to bring about both opportunities and challenges. These transformations include an increase in decentralised energy production in homes, buildings, and cars, as well as the implementation of smart technologies like buildings and factories, leading to connectivity and data intelligence. Furthermore, the sustainability agenda promotes decarbonisation, which is another significant aspect of this transformation.

On the other hand, there is concern that such major transformations and mega trends put critical infrastructure at risk. Increased connectivity and data intelligence can create a major attack surface with vulnerabilities that attackers could exploit. The systemic approach of these transformations also raises the possibility of cascading risk, where an attack on one element of the infrastructure could have a domino effect, impacting other interconnected systems.

In the realm of supply chain and operational technology cybersecurity, emerging technologies are seen as reshaping dynamics. These technologies enable more automation, sustainable initiatives, and increased operational efficiency. The integration of operational technology (OT) and informational technology (IT) within the same environment is a significant development. However, challenges arise due to increased exposure of assets, demanding operational excellence and the need for a human-centric approach. Bridging the gap in terms of skills becomes crucial in addressing these challenges effectively.

The analysis also highlights the impact of artificial intelligence (AI) on various aspects. While AI has been used for data tracking, preventive maintenance, and advanced analytics, the advent of generative AI poses a major shock. The technology of generative AI was introduced without considering the potential risks, and there is a concern about the need for regulation and standardisation to ensure AI safety and security. The importance of regulatory measures to guard against impersonation, deepfake, and information manipulation is emphasised.

Collaboration in cybersecurity is deemed essential, as the current approach of assessing cybersecurity through security questionnaires is seen as inefficient. Furthermore, the analysis stresses the necessity of standards and frameworks in the field of cybersecurity. The need for a trust ecosystem in cybersecurity is also highlighted, with cybersecurity being based on the pillars of security, sovereignty, and survivability.

In terms of securing critical services during crises, efforts need to be taken to ensure that critical services can continue to operate even in times of crisis. Respecting data rights and intellectual property is deemed crucial, with the need to protect the data of every citizen and the intellectual property of every nation.

Overall, the analysis provides valuable insights into the impact of emerging technologies on critical infrastructure and cybersecurity. It underscores the importance of understanding the opportunities and challenges associated with these technologies, while also emphasising the need for regulatory measures, collaboration, and the protection of data rights and intellectual property.

Ryan Chilcote:
Now, sir, I mean, which is correct, first and last name, yeah? Well, I hope you all enjoyed that discussion. I certainly did. Very interesting, the role of education in tackling the problem of cybersecurity going forward. And we now move it on with a very special guest. Please join me in welcoming the chief executive and president of Saudi Aramco, Mr. Amin.

Amin H. Nasser:
Your excellencies, distinguished guests, ladies and gentlemen, it is a pleasure to join you once again at the Global Cybersecurity Forum here in Riyadh. A lot has changed since last year, and there is much to speak about. In this era of hyper-connectivity and digitalization, new technologies are rapidly transforming how we work and get things done. Digitalization enable us to complete tasks in seconds that once took countless hours. The Internet of Things has turned every piece of equipment into a smart device. The software we use today provide us with real-time access to data to make better and faster decisions. To put these changes into perspective, last year the world generated approximately 97 zettabytes of data, which is equal to 97 trillion gigabytes. As the world continues to digitalize, the volume is predicted to reach 175 zettabytes by 2025. All of this can be a force for good, helping businesses to be faster and better serve their customers. However, the rapid transformation we are witnessing has also made the world more vulnerable with increasing risks of cyberattacks. While every industry faces threats, the energy sector in particular is an attractive target for those who want to do harm. We play a critical role in the lives of billions of people. We supply the products that the world economy needs to make modern life possible, enabling everything from transportation to manufacturing. Any large-scale disruption to the steady supply of energy would have an immediate and significant impact around the world. At Aramco, digitalization has made us more agile and has helped us to deliver energy more safely, efficiently, and sustainably. To safeguard against the risk of cyberattacks, we have implemented a defense strategy focused on building resilience throughout the entire ecosystem because one weak link can hurt everyone. It is for this reason that we created a supply chain cybersecurity program, which established strident cybersecurity standards for all service providers. Throughout the entire lifecycle of engagement, each entity would do business with, must demonstrate, they uphold these cybersecurity standards and best practices. And to help extend cybersecurity capability across our affiliates in the kingdom and around the world, we have established Sibrani Solutions. This venture offers specialized cybersecurity services to help businesses protect their operations and data. We have also partnered with the Georgia Institute of Technology to create a master of science cybersecurity program with a cutting-edge curriculum. It has already produced 140 graduates with specialized cybersecurity expertise, with many more to come. At the same time, we know that cyber threats are rarely localized to any one organization or industry. Our collective security requires close collaboration between all stakeholders, regionally and globally. As part of that, we are a founding member of the World Economic Forum Center for Cybersecurity, which was established in 2018. We are also a strategic partner of the Global Cybersecurity Forum Institute and a founding partner of the new Operational Technology Cybersecurity Center of Excellence. Through this new center, we aim to shape the future of operational technology cybersecurity for any sector that uses industrial control systems. While we have made great progress with these and other initiatives in cybersecurity, there is another C word that we must be careful about, and that is complacency. It is absolutely critical that we keep our guard up. That’s why we must carefully assist every current and new technology to identify whether there can be a potential pathway for hackers to breach our system and address any vulnerabilities before the technology is deployed. This approach enables us to harness the powerful potential of new digital innovation while mitigating their risk. Which brings me to my next point, the power of AI. It’s new, it is exciting, and it is a game-changer for many industries, including energy. With generative AI tools now part of the daily life for hundreds of millions of people, the economic potential is truly astounding. According to one recent study, generative AI could add between $2.6 trillion to $4.4 trillion annually to the world economy. But as with all major innovations, it has its own unique risks, and some governments and businesses are taking a cautious risk management approach in the use of generative AI. As we consider these powerful new tools, it is important that we assist them as carefully as we have every other technology. The kingdom has already established robust AI control and guidelines to advance AI capabilities in a safe, secure, and responsible way. Moving forward, further collaboration between all stakeholders can help to establish international standards and best practices that keep pace with the rapid development of AI. This forum is a great opportunity to carry on that work. At Aramco, we believe that continuous innovation backed by comprehensive cybersecurity measures is critical to our future. Our digital transformation has brought vital benefits to our business. As we continue to adopt new technologies, we will uphold our commitment to cybersecurity and safely supply the world with the energy it needs today, tomorrow, and long into the future. Thank you.

Ryan Chilcote:
Well, good morning again. You don’t need me to tell you that the importance of securing the global supply chains and global supply chains in the context of our digitized world is of unparalleled importance. It’s actually quite easy to understand how one problem at one link in what have become and are even increasingly becoming extraordinarily long and complicated supply chains can have devastating consequences down the road. So, in the next 35 minutes, we are going to delve into the vulnerabilities in global supply chains, and because we’re at the Global Cybersecurity Forum and we’re focused on how to collaborate and solve problems, how we do that. We have some extraordinary panelists for this conversation. Let me begin with CEO of Cite, Dr. Saad Al-Boudi. Thank you very much. Michael Ruiz, Vice President and General Manager for Cyber Innovation at Honeywell. And Schneider’s Christophe Blasio, in charge of Cyber and Product Security. Thank you all for joining us. Michael, if I could start with you. Obviously, we’re here to talk about how we increase the resilience of global supply chains in the context of our increasingly digitized world. So, set the stage for us. How big of a problem, how dangerous is the situation we’re in today in the world when it comes to that job?

Michael Ruiz:
Absolutely. It’s a huge problem today. When I think about this, I tend to think about it in two major buckets. Nation-state bad actors that are looking to move a political agenda and cyber criminals. As we’ve done surveys in this area, 93% of cybersecurity experts today and 86% of business leaders that were surveyed believed that we were, because of the geopolitical instability in the world today, that we’re on the precipice of a major cybersecurity supply chain disruption within the next two years. And we need to do something in order to be able to protect those supply chains.

Ryan Chilcote:
Extraordinary. Christophe, I want to come to you. But before I do that, let’s just do a sound check. How can everyone hear in the room? At the back of the room, are you hearing okay? Everyone hearing all right? Fantastic. So, we shall continue. Okay. So, Christophe, let’s put that problem in the context of global supply chains. Obviously, extraordinary that we have near unanimity in the cybersecurity community that we’re staring down the barrel of a very big gun and we’re looking at a major disruption in the next couple of years. So, what does that look like in the context of global supply chains? And what other vulnerabilities should we be on the lookout for?

Christophe Blassiau:
So, if you think about the critical infrastructure or maybe energy sector more particularly, there is massive transformation and mega trends. So, first, this is becoming increasingly decentralized. So, think about it. Every home, every building can produce its own energy. Think about it. Any car will charge itself to get electric. So, decentralization is a big trend. The second one is digitization. So, everything is becoming smart. Smart buildings, smart cars, smart factories. So, this connectivity to get data, to get intelligence is really also transforming the landscape. And really, the third one is our sustainability agenda to attack climate change is pushing for decarbonization as well. So, these three mega trends is really pushing us to connect everywhere, to have data for more intelligence, and it’s creating a major attack surface with a lot of open doors for attackers in a very systemic approach with cascading effects, with cascading risk. So, this is really pushing an agenda. more pressure for critical infrastructure over, and vis-a-vis the critical infrastructure at risk.

Ryan Chilcote:
Thank you. Saad, if I might turn to you. So we’ve heard a little bit about the future and the trajectory. To what extent are disruptions of the global supply chain in the cyber context already an issue?

Dr. Saad Saleh Alaboodi:
Thank you, Ryan. It’s great to reconnect with our friends, partners, and guests from all over the world here in Riyadh again as part of the GCF. If you look at the recent years, I believe the world has gone through different scenarios of multiple hits that are impacting the global supply chain in one way or another. Starting with the targeted attack on the global energy supplies. One famous attack was the Shamoon attack targeting the IT infrastructure of Aramco in 2012. This was followed by another attack targeting the OT infrastructure of Aramco in Rabu facility in 2017. And another hit, which was employing the emerging technologies, in particular drones, targeting the energy supply in 2019 for the facilities of GIG and HRACE. So if you look at these three attacks, they’re targeting the global energy supplies from IT to OT to the emerging technologies. Another category of hits is coming from different industry, from the healthcare. Well, we’ve seen how COVID-19 in early 2020 propagated in a way that never been anticipated, impacting all other industries, not only the healthcare, and impacting both ends of the spectrum of the supply chain, the supplier or the manufacturing and the consumers as well. And another hit in the same year, which was the targeted attacks on the IT supply chain, the solar ones in 2020, was a famous one, putting more than 30,000 of entities from both public and private globally in all industries at risk of data exposure, with more than 18,000 entities confirmed to have installed the malware. And then after that, the fourth category can be the economical slowdown that we have seen over the past three years. It’s impacting, in particular, the production and the supply of goods. And the last hit is the unfortunate scene that we see in the geopolitics today. So all these different hits, and in the aftermath of all these issues, is the adverse social impact, especially on our young generations. So I believe if we look at all these hits, they are, in a way or other, either the cause or the consequence of the global supply chain issues. And that means that the global community needs to do something much more, something better when it comes to sharing and charting the priorities. I believe the announcement that was done today for establishing the GCF Institute Center of Excellence for addressing the challenges of the OT technologies is a very important move, because the OT technologies today exist in all the critical grids of the global supply chain.

Ryan Chilcote:
Very interesting. Thank you very much for that. Michael, I have two quick questions for you. First off, if you could expand on your initial comment there, where you told us that the global cybersecurity community is pretty convinced we’re going to get an attack very soon. And you said that, you know, when you think about cybersecurity, you think about two different entities, individuals and nation-states. I guess, and maybe everyone here in the room would agree with this, that when we talk about this, the bigger danger out of those two groups is nation-states. Is that right?

Michael Ruiz:
When we think about this problem, I mean nation-states are absolutely, you know, the more dangerous or concerning component, because they have significant resources that they can bring to bear to prosecute their missions and to accomplish what they want to do. But we’re also seeing cybercriminal organizations that are starting to collect. So cybercriminals are no longer individuals. They’re really conglomerations or consortiums of bad actors working together. And these are not mutually exclusive groups. In a lot of cases, we’ll start to see nation-states also act like cybercriminals, in that they’re looking to be able to create funds, increase their war chest in order to be able to go after, you know, larger targets.

Ryan Chilcote:
And we heard Saad there give us some great examples of attacks that we’ve already seen. I wanted to ask you, in the context of security of energy supply, I immediately thought in the United States of the Colonial Pipeline, which was disrupted, cyber disrupted, a few years back. What does that incident tell us about the threats? Was that an issue of operational technology, an interruption of that?

Michael Ruiz:
Yeah, I think when we look at things like Colonial Pipeline, what we see really are IT systems that are being affected at this point. We still haven’t seen any major significant OT cybersecurity threat. But imagine the difference between being able to shut off a building system that shuts off a pipeline and creates disruption, versus actually going ahead and trying to weaponize that system. Shutting off a pump at one location or a valve at one location, increasing pressure, and now having a pipeline explosion that becomes both an environmental catastrophe, as well as a supply chain disruption, is a huge problem that we need to really be thinking about. And OT cybersecurity systems today, by and large, are way behind from a cybersecurity perspective than their IT counterparts. The level of maturity just isn’t there. One alarming statistic that I’ve seen is that in OT networks, an intruder will spend 200 days observing the network before taking any action. Imagine a situation in an IT network where we would have a bad actor working unobstructed in an IT network for 200 days. That would be unconscionable to us today. But that is what we’re seeing in the OT cyberspace.

Ryan Chilcote:
Extraordinary. And, Saad, it was so interesting to hear about the Center of Excellence that the Institute is going to be running, which will really be a leader when it comes to providing the newest operational technologies. Christophe, if I could turn to you, since we’re now on to the subject of emerging technologies, how do you see emerging technologies reshaping the dynamics of the global supply chain and operational technology cybersecurity?

Christophe Blassiau:
So, here, it’s about connecting assets. At the end of the day, it’s making assets under visibility, speaking about data, speaking about intelligence for operational efficiency, for more automation, for a sustainable agenda. So, here, it’s not only an OT space or an IT space. I don’t like to oppose the two because, at the end of the day, in an operational environment, you have both OT and IT in the same environment. So, it’s connected to the cloud, the intelligence is at the edge, we’re sending data to the cloud to get some insight, analytics, predictive maintenance, efficiency. And here, that’s really a gap and I’m happy that we have initiative to bridge this gap in terms of skills because we need people in charge of cyber, but also in charge of the operational environment. And this attack, like Saad was mentioning, is just becoming kinetics, becoming physical, that pushes every government, every nation, to protect its citizens and critical infrastructure with a national security strategy. So, these emerging technologies are a great opportunity for more visibility on every asset that we want to talk to data and to the cloud, but at the same time, it’s bringing some challenges, both in terms of exposure, which means that we need to have an operational excellence there, and we need to have a human-centric approach in this operational environment with the right skills to be able to manage them. And that’s really the challenge that we have.

Michael Ruiz:
What I would add. So, Christophe makes a great point. We need to think of IT and OT at the same time and the convergence of the two. That’s what success looks like at the end of the day. However, OT environments that they operate are fundamentally different. They work on a different model. If I have a petrochemical plant, I can’t just reboot it if I have a problem. I can’t isolate a network. I’m in the middle of a control process and I have to go through it. I have to maintain accessibility to all of the control systems, and so, therefore, the problems in OT and IT are somewhat different in how you can resolve them or find resolution to them. But we do need to find that convergence between the two spaces and be able to take the best practices from both environments, bring them together. But I think that we still have the challenge that OT cybersecurity or OT networks in general are just at a far level, far lower level of maturity today than their IT counterparts. And there’s a lot of work that needs to be done in order to be able to bring that to bear, starting with just being able to have full visibility of all the assets that are sitting in the OT environment and being able to bridge that information back to the IT space so you can have one comprehensive view of the entire security posture for that organization.

Ryan Chilcote:
The accounting is just not there yet. It’s not. Saad.

Dr. Saad Saleh Alaboodi:
Well, I believe that the emerging technologies has been overwhelming all of us today in this room. However, the thrilling combination of AI, quantum computing, and the mobility is increasingly empowering the world in a way that we’ve never seen before. And it’s becoming like the brain and muscles for making disruptions to businesses from both the public and private sector organizations. And I believe in the very near future, these technologies will be an infrastructure technology as opposed to plugins or interfaces as we see today. However, the adoption of these technologies will lead to pushing more assets from the physical space to the cyberspace, creating so much opportunities for innovation and optimization, but at the same time, leading to sometimes devastating risks and scenarios. So, if we look at an example at the risks of generative AI, well, with good intentions, it can be the hallucination of the algorithms and analytics. But with bad intentions, it can be fabrication of a truth. So, this is true disinformation. So, imagine the consequences. And if we look at another example, which is Amazon model, we’ve seen live experiments of Amazon deploying robotics on the shop floors for doing the packaging and using drones for doing the delivery. So, imagine the world today with an expanded view of this model where clients and consumers browse the internet and market stores for doing the purchase all the way to employing drones and robotics for doing the packaging and delivery. That’s a tremendous opportunity for innovation, but only if done securely and in times of peace. Otherwise, it will create unprecedented consequences if done insecurely or in bad times. Another angle to the adoption of emerging technology, and I think His Excellency, the Minister of Education, Ben-Yan, shed some light on this, is related to the impact on the paradigm shift of the skill sets that we need today. I believe decision-makers today, they need to be prepared to make decisions at scale and speed at the same time. And the reason is very simple, because the emerging technologies is bringing so much material, so much material to the decision-making process. So, we need to co-op with this level of complexity of understanding of the data and advanced technologies. And that will be, I believe, also very impactful on the way we do the skill set development and the talent development today.

Ryan Chilcote:
Thank you very much. Michael, we heard Saad there talking about everyone’s favorite emerging technology. What challenges does AI and generative AI, which we’ve already been talking a bit about here this morning, present in the context of the global supply chain?

Michael Ruiz:
Well, look, I love AI. My academic career was in advanced analytics and evolutionary computations, genetic algorithms. So, this is an area of passion for me, and I’m amazed at how this technology that was in labs and sitting in innovation centers within organizations have now propagated into the world, and the explosion of AI is amazing. It keeps me up at night as a person that worries about my clients’ OT environments. These kinds of technologies are often adopted earliest by bad actors, trying to be able to move up a very steep barrier curve that they’re trying to overcome. And I think we’re going to see some more incredibly sophisticated attacks that are going to come out, and many more attacks. So, I think we’ll continue to see more and more attacks on a year-over-year basis. The level of sophistication is going to increase, and there are going to be more coordinated attacks, because the level of planning that a generative AI model would allow you is pretty amazing.

Ryan Chilcote:
Thank you, Michael. Christophe, what would you add to that? And I guess if we think about solutions, which we want to get into now, is there an opportunity with AI in addressing some of these cybersecurity challenges, if we kind of turn things on their head?

Christophe Blassiau:
Yeah, we need to add a positive note to the AI threat, of course. And hoping that we are as fast as the bad guys to cope with new technologies and to defend ourselves, of course. And at the same time, AI is new and not new. So, we have been using AI to track data, to do some preventive maintenance, to do some advanced analytics. What is really new is really the shock of generative AI of this year. And we have been saying for the last 10 years, before you introduce a technology on the market or in an environment, so you check the risk before. And for once a year, we just put the technology out there without having any clue about the risk that it can pose. So, that’s an interesting play, and then we are running behind the topic. But it’s a major shock because, of course, it will transform every company on very standard elements like customer relationship, like R&D, like coding. So, if you code, and Michael, you were saying that you are coding, so the coding experience will be very different now with GNI and GPT or BARD or others. But the key point with this innovation, with this opportunity for ourselves to defend our critical infrastructure for developing new technology… My hope and hope will not be enough. I think regulation we will come strong here and We see a you a I detect, but we saw so two days ago The u.s. Executive Order for AI safety and security from mr. Biden so It needs to come with some galleries and innovation Need to obey this guardrails on security and privacy In beauty environment in protecting the data because it’s not only personal data. It’s about sensitive operational data That that we care about This is about also taking care about impersonation deepfake or information manipulation So we see a rise of perfect fishing Back to awareness that raise the bar for every of our employee citizen to be aware And we need to guardrail These this topic we with regulation Hoping also that regulation will be harmonized Between country there. So a lot of hope and at the same time Certainly an opportunity to create tech champion Take films in every location of the world Because AI adoption will be very different here and there there is a sovereignty agenda in every region as well Let’s make sure the sovereignty agenda is not opposing with the benefit of AI Everywhere on the planet.

Ryan Chilcote:
I’ll let you on in a little secret. I discovered some of the perils of AII use some software that transcribes my zoom calls. So it just takes the voice and turns it into text and also backfills it with information Summarizes the call what I didn’t realize is That it summarizes it transcribes all of the text even before the other participants in the call have joined the call And after the calls over it sends it to them so We are learning as we are living when it comes to AI, which is very dangerous. So let’s talk about the way forward side You know, what do you think are the most important areas for us to focus on when it comes to ensuring the security of supply chains and The big focus here at GCF is how we can collaborate to address these problems before they blow up in our face

Dr. Saad Saleh Alaboodi:
Ithink taking all these discussions and different views in mind I believe for the way forward we need to inject sovereignty in In both streams the stream of policy makers and the stream of industry players and then on the policy makers front I believe we need more robust regulations and international collaboration and info sharing It’s unfortunate truth today That’s that the bad guys sometimes are more efficient and info sharing and collaboration Than the good guys and on the industry players front, I believe Sovereignty is becoming an innate need for securing the cyberspace and as we see today more economical Assets and items are becoming digitized and they are being pushed from the physical space to the cyberspace So the security of the cyberspace leads to the security of the economy and and therefore the prosperity of nations So although these domains and notions are distinct, but their impact on each other is very intertwined So I believe embedding sovereignty is the new logical step in the evolution of technology all the way from the inception and design of technologies to development to operations and That will lead to the operational control and data a province and for tech companies I believe the new logical mindset is to inject sovereignty as well into their solutions Now some of the companies have started this shift already Cisco For example a few weeks ago. They announced their move towards establishing regions in other nations to cater for some of the Regulatory aspects when it comes to the security Amazon last week announced the establishment of a European Hyperscaler cloud seven cloud for the European Union, which is separated from the Amazon public cloud another example also by Microsoft announcement In early October where they said that they announced that they will make a sovereign version of their hyperscaler cloud They will make it public and available to other nations by end of this year so There is a clearly there’s a mind should I think there is a need for a mindset shift and to take companies toward the 70 and If you reflect on the example of the cloud computing for example Today that the cloud can the global cloud markets is about 10% of the global ICT markets So that’s around six hundred billion dollars out of the six trillion dollars globally for the ICT market and I believe the market share between the sovereign version and The public version for any tick offer for any tick offering is a zero-sum game So what is changing is actually the distribution of the market share between the sovereign and and the public? Version as and in light of this, I believe very soon we will start seeing the sovereign version of the hyperscaler cloud is the default version on the expense of the On the public version and the impact of this and tick companies is very obvious. I believe the way forward for tick companies is to inject sovereignty and to their offering because that’s the way forward to sustain their businesses and Maintain their market shares outside their home country at the end of the day This is a win-win to both ends of the spectrum of the supply from the technology vendors. They will Maintain their business and from the consumer side They will have a much better offering when it comes to the mitigation of risk and sovereignty

Ryan Chilcote:
And just very briefly a clarification for me that I wanted to get to earlier but left aside We we heard the former foreign secretary of India Ambassador Sham Saran talking about you know, what we’re really trying to do is is wrap our analog minds around complex Problems in the digital space. So what just very briefly what’s the difference between solving a problem in the physical real world if you will analog Supply chain space and the digital space

Dr. Saad Saleh Alaboodi:
Well, I think you know the challenges and opportunities into the global supply chain when it comes to to to these two spaces is Is very interesting. Well in good times when both spaces are functioning Well, there is there are tremendous opportunities for optimization with respect to the operational of supplies when it comes to the cost performance and delivery And this is as a result of the gained benefits of the integration between these two domains And also Depending on the reliability of the building blocks of the global Supply chain grids, of course is starting with them with the energy grid as the fuel for the rest of the value chain All the way to electricity grid logistical grid and the last but not least the data grids as well however in bad times Imagine this intertwined relationship between these different domains across the value chain. The impact can be catastrophic. So I believe that’s that’s a big distinction between Between the digital space and the cypress space because at the end of the day it can be like few lines of code traversing the cypress space Not going multinationally and checked by border customs Can cripple the grids of critical supply chain in other places and sometimes maybe in other jurisdictions

Ryan Chilcote:
Thank you Michael question for you and we heard Christophe they’re talking about how he hopes that we’re faster at solving the problems that AI can present when it comes from the perspective of cybersecurity then AI is itself so is that actually a Real problem because if you think back to our plenary session we heard Jose Manuel Barroso talking about how it took the European Union Nine years to agree on GDPR. And so they got that beautiful scale of whatever it is 1.2 billion people But it took a long time to get the standards Do we have the standards in place when it comes to AI and is the solution like we heard from? The former president of Estonia that the private sector gets us there because maybe governments can’t

Michael Ruiz:
We definitely don’t have the policies today, I mean policy lags innovation every day all the time And and it’s I think it’s forums like this like the global cybersecurity forum Public-private partnerships that are going to be crucial for us to be able to create the level of policy needed I absolutely agree that we need to be able to kind of bridge that gap between the way our analog laws and our digital Implementations or innovations need to come together All the things, you know as the president Estonia said, right? We need to just agree that all the things that are wrong in the analog world are also wrong in the in the cyber world And then we need to move forward from that perspective So I think that there’s a road to get there with better more informed policy I think the challenge that we run into is that we have to do it in this public-private partnerships We have to be able to have bring corporations Governments globally interconnected forums like this together to be able to solve those kinds of problems

Ryan Chilcote:
Krista

Christophe Blassiau:
Yeah As we say you are not alone So you are not alone with your security posture. You are not alone With your suppliers with your customer with the cyber agencies with a critical infrastructure, so I’m really advocating for more symmetry in that domain meaning that We should collaborate with our suppliers in the way we collaborate with our customer There is a very inefficient way of working or assessing cyber security these days is to send a security questionnaire This is still happening Okay, and everybody’s answering a cyber security questionnaire for multiple customer multiple suppliers, etc So there is really a call for collaboration horizontally in the supply chain and at the same time roles and responsibilities on technology vendor technology suppliers and responsibility also of the operators or Operational environment that are using this technology. So we’ve digitization as we saw before And we saw also that during the pandemic Environment that should be locked down behind Close gates are just open For attackers, so that’s the first thing. So there is open Opportunity in the technology play as we saw I Had one of my engineer showing me that it was possible to reverse engineer a firmware or software With AI, so it was at the same time really interesting and super scary So I think we need to balance these two things together and innovate with this in mind Not to do a big mistake and at the end of the day It’s That’s why I value this forum and I thank GCF and NCA for that. This is a perfect example where we need to collaborate on standards on framework on the intercept when it comes to To answer really to harmonize. I see there is a session this afternoon on harmonizing the standards to speak the same language because when it comes to a Catastrophic attacks or incident that we were mentioning There will be a worldwide response to such an attack We cannot hide behind a regulation or a standard a and standard B, etc And at the end of the day, it’s about trust in the ecosystem between Suppliers to source securely some technology Operator customers agencies really on three pillars So one is security. Of course, we need to mitigate the risk of such cyber attack on critical infrastructure The second one is on sovereignty because we need to protect data of every citizen and we did also to protect Intellectual property of every nation and the third one is the third S on survivability of resilience whenever things happen and Things will happen or is happening already. We need to make sure that critical services are able to operate even in term of crisis, so Having the B plan Ready before it happen. It is mandatory for all of us

Ryan Chilcote:
Michael I’m gonna give you the last word square the circle for me here because We have sort of competing views. We heard from our panelists this morning that they’re concerned about You know the our fragmenting world polarized world getting in the way of international collaboration when it comes To cyber security and yet we have a real-world example. What just in the last 48 hours 40 countries coming together agreeing To not pay ransom in cases of malware. So how optimistic are you and because we’re about solutions We just got 30 seconds or I’ll give you a couple extra seconds What’s the what’s the practical thing we can do to forge this collaboration and what should we be working on?

Michael Ruiz:
Look, I think I think it starts with the fact that we have to recognize that there are layers to this problem You need local regulations and local Solutions you need regionalized solutions and then you need global solution and they all come together and interplay at some level I think what we’ve done is that we we kind of believe that we can operate as one global society And I think that’s great and to the degree that we can make that happen That’s wonderful But I think we also have to have regional strategies and regional solutions and local strategies and local solution The problem is too big to try to tackle all at once and working both from the bottom up in the top down allows us to be able to align in the middle and get to a Better end state at some future.

Ryan Chilcote:
All right, Michael Ruiz vice president and general manager for cyber innovation at Honeywell Schneider’s Christophe Blasio in charge of cyber and product security and CEO of site. Dr. Sad all booty Thank you very much. Please join me in giving me giving a big round of applause For our panelists. Thank you