On Approaches to Internet Security, Cybersecurity, and the Path Forward

On 5 October, I had the pleasure of speaking at the New York Metro Joint Cyber Security Conference, which brings together a community of security practitioners from the New York Metro area. Two talks stood out for me. First, the keynote by Maria Vullo, Superintendent Financial Services for the state of New York, who explained her drivers for regulating cybersecurity requirements for the Financial Sector [link to the presentation]. Second, a presentation by Pete Lindstrom from IDC, who, in a presentation on how perimeter security needs a thorough rethink, kept returning to the economics of security.

The reason I refer to these two talks is because I can appreciate them for their own, almost diametrical approaches for improving security. Pete Lindstrom making a strong economic and risk-based approach, questioning whether patching every vulnerability that comes along makes any sense from an economic risk and scale analysis. Maria Vullo, on the other hand, using capacity-based regulation to incentivise stronger security controls.

Those two points resonate strongly with what I was trying to get across: There is no magic security bullet, there is no security czar, and maintaining trust needs an active approach from all stakeholders.

Starting off with how our community thinks about the future, I zoomed in to what is seen as one of the most important cyber threats. In order to tackle this, we need to work in in a distributed matter. That is what the Internet is still about. We need creative ways for agreeing on what needs to be done; some call this norm entrepreneurship. In the presentation, I give three examples of trying to deal with the hard security problems on the Internet that were identified in the futures report.

  • Risk that online freedoms and global connectivity will take a back seat to national security
    Cyberstability is a piece of the puzzle, a traditionally interstate debate, but now seeking to be broader. The work by the Global Commission on Stability in Cyberspace is an example – an experiment in opening up the creation of cyberstability norms in a multi-stakeholder setting.
  • Need for new accountability, incentive, and liability models
    These are tricky, specifically when we talk about externalized risks. Where taking action has no immediate individual reward, and remaining passive imposes great risk to the environment. Where do incentives come from and how can we be creative in an environment where one does not want to stifle innovation? In this context, I talked about MANRS as a creative incentive developed by the network operator community.
  • The Internet of Things will create new security challenges
    We believe that innovative approaches like the OTA Internet of Things framework contribute to establish broadly carried norms around the security of these devices. The framework provides 40 measurable principles around security, privacy, and sustainability. Not only from a device but also from a data and supply chain perspective.But even then, there will always be security issues to which we may not have good answers. The recent BlueBorne vulnerability is an example. How do we deal with these sort of vulnerabilities? At this moment, I do not know of any attacks that exploit this vulnerability, but I think we all agree that these sorts of new challenges will be popping up.On the other hand, there will also be positive evolution in IoT and security, as my colleague Andrei Robachevsky wrote about recently.

Internet security is more than cybersecurity, because we focus on the security of the Internet as a whole. And if that landscape seems complex and confusing, then that is indeed the case.

There are no ready-made answers and that is the Internet Way: distributed, with good approaches winning from the worst ones, piecemeal, and informed. This is the path to good security, to learn from each other’s experiences, and get better.

All the easy problems were solved 20 years ago.

The post On Approaches to Internet Security, Cybersecurity, and the Path Forward appeared first on Internet Society.

Internet Society

Operators’ approaches to LPWA technology choice

Operators' approaches to LPWA technology choice

LPWA: challenger operators could benefit from using a different technology to that of the market leader.

An article by Michele Mackenzie and Tom Robbeck at Analysys Mason.

Mobile operators have a significant opportunity to offer LPWA solutions, but competition will be intense. The leaders have decided which technology to support – for example, AT&T has opted for LTE-M, Orange uses LoRa and LTE-M and Vodafone has gone for NB-IoT. Many other operators, especially smaller ones, have yet to make a firm commitment, but some challenger operators are planning to deploy different technologies to the market leaders. This article, based on Analysys Mason’s detailed report on approaches to LPWA, examines the options they face and the factors that will affect their decisions.

For the traditional mass-market smartphone opportunity, the technology upgrade path, through flavours of 2G, 3G and 4G, was clear. IoT is a new market and the old rules do not always apply. There are clear benefits for operators willing to take a risk on an alternative strategy from the leaders. This article examines the options they face and the factors that will affect their decisions.

Operators have three main approaches to LPWA technology choice

Mobile operators have three main options to consider when choosing an LPWA technology.
They are as follows:

  • Follow the leader: The challenger operator chooses the same technology as the market leader. For example, if the leading operator is launching LTE-M then the challenger would do the same.
  • Choose an alternative to the leader: The challenger operator chooses a different technology to that of the market leader. For example, if the leader chooses LTE-M then the challenger will deploy NB-IoT.
  • Wait and see: The challenger operator waits for a winning technology to emerge before committing.

With LPWA, challenger operators have an opportunity to differentiate. Figure 1 illustrates some of the technology choices that leading and challenger operators have made. There is currently no clear trend on the approach that challenger operators are taking; some follow the leader, others do not.

Figure 1: Selected operator/markets LPWA technology choices:

Figure : Selected operator/markets LPWA technology choices

Despite the risk, adopting an alternative technology has obvious advantages

Some of the advantages for challenger operators to deploy a different LPWA technology are as follows:

  • The alternative technology will be better suited to particular use cases. It is uncertain how large the differences between NB-IoT and LTE-M will be in terms of price and performance, but if NB-IoT does have clear price advantages or longer battery life than LTE-M, it will be more attractive for some applications such as metering. This could benefit T-Mobile USA. Moreover, challenger operators could benefit enormously if their chosen technology is used for a mass-market proposition. For example, if LTE-M is used by a future Apple Watch, KPN would be in a strong position in the Dutch market compared with its competitors, T-Mobile and Vodafone, which are focused on NB-IoT.
  • An alternative technology could open up the enterprise market. Most challenger operators have a limited presence in the enterprise market. An alternative technology with clearly differentiated performance could help open new enterprise opportunities.
  • It should reduce competition based purely on price. If all three/four operators offer the same network technology and coverage, strong price competition will be inevitable. Different technology options should put some limits on this price competition, which may benefit all operators.
  • The operator may be in a better position to support multi-country contracts. Deutsche Telekom will be able to offer NB-IoT connectivity across all its countries, while Orange can offer LTE-M everywhere it is present. This would not be possible if the operator followed the market leader in each country it is present. Large operator groups, like Vodafone, may also generate some cost synergies from deploying the same technology in all countries.

A strategy that involves selecting an alternative technology also has disadvantages for challenger operators:

  • advantages may only last a short time because it is relatively inexpensive and quick for competitors to upgrade their existing infrastructure to support the same technology
  • big opportunities may be missed, for example, if the strongest area of demand is for NB-IoT-based solutions and they only offer LTE-M
  • local developers may focus on the technologies offered by the leading players
  • they may end up supporting a redundant technology.

Naturally, these disadvantages are inverted if the challenging operator chooses a different technology from that offered by the leading operator.

Should LPWA operators wait and see?

Operators also need to consider the consequences of being late to market if they adopt a wait-and-see approach. The appeal of waiting is clear: the existing enterprise base is limited and NB-IoT or LTE-M are relatively quick to deploy. However, operators with ambitions to play a role in IoT risk foregoing a valuable learning experience in the early LPWA market and the opportunity to capture some of the early demand. Bouygues Telecom, KPN and Swisscom all gained valuable expertise by entering the market early with LoRa, which should help them when developing 3GPP IoT networks.

Challenger operators should consider a fresh approach to LPWA technologies

Challenger operators that are developing strategies to enter the LPWA market should carefully evaluate the benefits of adopting a different technology to the market leaders. Differentiation in the LPWA market will be critical given low connectivity revenue and heightened competition from proprietary LPWA players. This may require a bold strategy but could pay dividends by differentiating the proposition and allowing challenger operators to compete on more than just price.

The post Operators’ approaches to LPWA technology choice appeared first on IoT Business News.

IoT Business News

Romantic and Rational Approaches to Artificial Intelligence

The use of artificial intelligence in the criminal justice system offers a stark example of the contrast between knowing how to produce results and knowing how to consume them intelligently. Systems recommend bail and sentencing but offer little transparency about the basis for the recommendation, leaving the humans who digest the recommendations potentially under informed.

What if we knew so little about the production processes of the food we eat? We know more about what we put into our mouths than what we put into our minds.

Are Organizations Biting Off More Analytics Than They Can Chew?

In 2015, we observed a growing gap between the production and consumption abilities of analytics in organizations. The article “Minding the Analytics Gap” describes how organizations struggle to consume the analytics results they produce. If that wasn’t bad enough, not only did we observe a gap, but it was a gap that grew, not shrank, as organizations got better at analytics.

Yes, organizations were rapidly improving their ability to produce analytical results. They were gathering more and more data. They were building digital infrastructures to process these vast quantities of data. They were developing (or acquiring) the talent required to develop complex models of market behavior. When these pieces all came together, organizations could create sophisticated analytical results.

Unfortunately, managers and executives in those organizations often did not have the expertise to consume the analytics results that the organization was able to produce. Just having the analytics results available wasn’t enough. The organizational ability to develop business insight and strategy based on those analytical results was more limited.

The difficulty lies in the individual rates of improvement in production abilities and consumption abilities. As organizations matured analytically, they were able to improve their analytics production capabilities more quickly than they were able to improve their consumption abilities. As a result, maturing organizations found that, despite the fact that their consumption abilities were improving, they were able to consume less and less of what they produced. The analytics gap gets worse as organizations improve — the opposite of what leaders would hope and expect.

And yet this may have just been the tip of the iceberg. When it comes to artificial intelligence in business, the divergence and resulting gap between production and consumption of data analytics may be an even bigger concern.

Artificial Intelligence Widens the Analytics Gap

Artificial intelligence in business builds off of an analytics foundation. (Stay tuned — we’ve got much more coming about that in our forthcoming report on artificial intelligence and business strategy this fall.) But as a result, organizations will similarly experience a growing gap between artificial intelligence production and artificial intelligence consumption. What’s worse, the rate at which the artificial intelligence production-consumption divide grows stands to be greater than what we’ve observed with standard data analytics. Everything hinges on the relative rates of change for the sophistication of AI data production vs. AI data consumption.

AI production sophistication seems poised to grow rapidly. AI is building quickly on what organizations have learned from analytics sophistication. As new techniques are developed, tools seem to incorporate them quickly — the scarce resource for most AI is data, not algorithms. Algorithms, by definition, are software; they are easily and perfectly copied. At the extreme, complex AI algorithms can be incorporated into AI production processes perhaps without data scientists understanding their details — they just use the library or tool. The result is rapid increase in the sophistication of AI in an organization.

Conversely, managers and executives may find that their understanding of the AI output improves slowly. As complex as analytical models can be, managers and executives likely have at least some basic statistics background to build from — so they have a starting point. But with artificial intelligence models, managers probably have less background. Machine learning is rarely part of a business curriculum core.

Not to mention that many of the algorithms themselves are “black boxes,” particularly when offered by vendors that want to protect the investments in their development. Deep learning neural networks can be trained with organization data to yield high predictive accuracy — but unlike many analytical models with coefficients on observable input measures, AI approaches typically contain a large number of weightings on nodes in hidden layers — not exactly the sort of description that will make AI models accessible for easy consumption.

As a result, the divergence between the production and consumption of artificial intelligence in organizations may increase even more quickly than it has for analytics. Managers then may find that their organizations’ AI models work, yet not understand why.

Peeking Inside the Black Box

The 1974 novel Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig is relevant today because it contrasts romantic and rational relationships with technology. Along the narrator’s motorcycle road trip, maintenance of the motorcycle was inevitable. Treating the machine as a black box — romantically, in other words — led to frustration, breakdowns, and unhealthy reliance on others. Inauthenticity stems from a lack of knowledge. But a rational approach, one that puts in effort to understand the machine, led to independence, stability, and even pleasure in working with the technology.

Without understanding how AI works, we lose the ability to think critically about where the results are strong and where they are weak. We lose the ability to understand how changes outside the scope of the model will adversely affect the model. We lose the ability to know where the AI will fail before it fails. We lose the ability to repair it ourselves when it does inevitably fail.

Stopping gains in artificial intelligence isn’t the right approach, even if it were possible. Instead, managers need to work to close the gap by learning more about AI, by opening the black box, by learning enough to be better managers in a future that relies on AI. Success depends on rational problem-solving approaches to AI, not romantic reliance.

MIT Sloan Management Review