Opening session and session 1: AI and cybersecurity: The state of play

Event report

Opening Session

The Opening Session of the 2018 Global Symposium of Regulators (GSR-18) began with speeches from Mr Brahima Sanou (BDT Director of the International Telecommunication Union (ITU)), Mr Sorin Grindeanu (President of the National Authority for Management and Regulation in Communications (ANCOM) of Romania, and Chair of the GSR-18), Ms Nerida O’Loughlin (Chair and Agency Head of the Australian Communications and Media Authority), Mr Mahmoud Mohieldin (Senior Vice-President of the World Bank Group), and Mr Manish Vyas (President of Communications, Media and Entertainment Business, and CEO of Network Services at Tech Mahindra). They introduced the topic of the symposium, New Regulatory Frontiers, by stressing the need to understand how Information and Communication Technologies (ICTs) and Internet of Things (IoT) devices can both change our daily life, as well as but pose important challenges. It is important to understand that the application and implementation of new technologies challenges everything in the daily life of people and businesses.

Session 1: AI and Cybersecurity – The State of Play

The first session of the Global Symposium of Regulators (GSR) focused on emerging technologies such as Artificial Intelligence (AI), both in terms of emerging threats and vectors strengthening and improving the effectiveness of cyber-attacks. The session was moderated by Mr Joe Anokye (Director-General of the National Communication Authority (NCA) of Ghana) who introduced the discussion by exploring the current situation, and the relationship between AI, the Internet of Things (IoT) and cybersecurity. For instance, according to Anokye, AI should be considered with regards to its application in IoT devices: AI allows IoT’s devices to be intelligent. However, attention should also be given the occurrence of cyber-attacks. In the past two years, these attacks have increased. As a result, questions are arising related to the regulation of technologies that are still hard to understand.

The first panellist was Dr Kemal Huseinovic (Chief of the Department of Infrastructure, Enabling Environment and E-Applications, ITU/BDT). He talked about the dual use concept of AI. Indeed, AI can be used for good, as well as being the means for cyber-attacks. Thus, it is necessary to support research and engage with different stakeholders using a multistakeholder approach.

The second panellist was Mr Philip R. Reitinger (President and CEO of the Global Cyber Alliance). He argued that AI can improve the chances and abilities of the defender. To this extent, the notion of risk has to be contextualised. The risk of cyber-attacks is growing because of three factors: complexity, criticality and connectivity. The IoT is going to push these factors exponentially. He proposed thinking about security, not in terms of securing things, but in terms of securing the Internet and the network on which things work and are connected. He argued that the current use of the domain name system is a good way to protect IoT. Moreover, in the long term, there is a need for strong authentication, use of automation, and interoperability.

The third panellist was Mr Manish Vyas (President of Communications, Media and Entertainment Business, and CEO of Network Services at Tech Mahindra). He followed the line of the previous argument: using AI to enable IoT systems. Currently, there is consensus on taking advantage of technology and balancing its negative implications. He further argued that ‘the world of innovation has changed – has changed for good and forever’. However, there is a need to gain the trust of intermediaries.

The fourth panellist was Ms Giedre Balcytyte (International Development Director NRD Cyber Security). She started her speech by explaining the concept of cyber resilience and how essential it is to have infrastructure in place, to rely on for resilient purposes. Technology is often used as a means for development and modernisation; however, it must be understood that technology does not tackle issues by itself. Moreover, in order to have an effective system in place, there is a need to emphasise the capacity of the organisations and to understand that knowledge has to move and adopt faster.

The fifth panellist was Mr Serge Droz (Director of the Board Forum of Incident Response and Security Teams). He talked about the danger of the evolution of large scale attacks and the effects they could have. The human component in the management of response situations has to be implemented; and it has to be implemented through collaboration on a large scale. Indeed, it is necessary to communicate because of the global scale and extension of the various issues.

The sixth panellist was Mr Neil Sahota (IBM Master Inventor and WW Business Development Leader IBM Watson Group) followed along the same lines. He stated that risk does not necessarily have a negative connotation and that the main danger we should consider is whether there is a possibility of creating AI that is the ultimate hacker.

The final speaker was Mr Aleksandar Stojanovic (Executive Chairman and Co-Founder AVA). He argued that the missing key element to collaboration is trust. The market is more and more fragmented, and the combination of AI and technology is to some extent extremely new. Thus, the question of trust is migrating to the hardware level. There is a need to trust the impressive amount of information and data coming in. Ensuring the trustworthiness of information will become the pillar of trustworthy AI.

Replying to questions from the audience, the panellists argued in favour of a regulatory framework that merges bottom up and push down approaches, stating that a micro regulatory framework for technology would be dangerous. Moreover, further issues discussed were the concept of trust and interoperability of devices; and the fact that a framework does not necessarily have to come from the regulatory side, but it could also be from the market side.