Pascal Steichen gives us his vision concerning the development of digital society in general and of cybersecurity in particular. He takes a clear look at a world in upheaval and adds a touch of philosophy … like a cyborg perched on the shoulders of Darwin.
2019, the year of the digital revolution?
I do not know if we can talk about a revolution … When we are in a revolution, usually, we do not realize it. But it is clear that digitization is disrupting the business world, not to mention the whole of society. For 2-3 years, there has been a growing need and demand for cybersecurity.
Awareness has brought about progress. In polls, cybersecurity is now one of the top five factors that will impact businesses.
Our task today is to ensure that supply increases as needs grow. On the one hand, we must develop new services and training for companies that have already identified their needs. And, on the other hand, continue to raise awareness among SMEs / VSEs that have not yet become aware of new cyber risks.
Well managed Data, it’s the top priority for a “digital nation”. How are we doing?
The fuel of digitization is data, its manipulation, its management. This is what will guide its evolution. It is not for nothing that the Ministry of the Economy is launching a strategy to develop a “data driven economy”. For its part, the regulation of data processing favors the development of the digital economy.
In this context, mechanisms must be put into place to assure the proper management of data. It is necessary to guarantee both the integrity and the availability of data, because without access to it a company will not be able to function. And cybersecurity will have to address new aspects, such as the Internet of Things (IoT), artificial intelligence and the emergence of hybrid systems (“Cyberphysical”).
It is here that two totally different worlds meet and have to get to know each other. Quality and IT security standards are generally not applied by manufacturers of interconnected objects, or cars, because those who created them are technicians or engineers who are not necessarily sensitive to the challenges of cybersecurity.
About “Cyber Human Rights”
The Internet is rattled from all sides, how should we react?
It is very clear that the Internet is being buffeted. Many voices say that it is becoming too lawless, that we should regulate it like we do with airspace or the sea. It would need stronger rules compared to the codes of conduct that are currently in place.
There are also a lot of discussions at the UN level or in various other international forums. This approach has been called “Cyberdiplomacy”. There is a series of standards that have been identified, but they are still in the form of “good practices”, not rules of international law. However, we can hope that one day “cyber rights” will be the subject of an international convention that will have the same value as the Universal Declaration of Human Rights.
It’s a long-term undertaking, it started over 10 years ago and some would like to move faster by signing multilateral agreements with the most motivated countries. This is particularly the case for initiatives such as the Paris Appeal, the “Charter of Security” or the “Contract for the Web” launched by Tim Berners Lee. Each has the same philosophy: to give the government, businesses and citizens clear guidelines in terms of good cyber practices.
Quitting Facebook, was this your new year’s resolution for 2019? Did you really do it? Isn’t it a little radical?
I announced it and I did it, live at Cybersecurity Breakfast Number 28, on 31/01/2019. It may have sounded radical, but it was a concrete action, both symbolic and simple to achieve. This is obviously related to the repeated scandals that Facebook experienced in 2018. I have already received several positive reactions to this position. Many told me that they also wanted to do it, and some had already done so. Respect for privacy is one of the major strengths of a safe and mature Internet. I am confident that 2019 will be a pivotal year.
Was it really easy to do?
Yes, but it is obvious that the difficulty is not technical, it is above all psychological. And depending on whether you have been active on a social network for 10 years or only for a few months, this changes your relationship to social media as well as to your digital community.
Never lose a day without learning something
You studied astrophysics? How does this relate to cybersecurity?
There is no direct link between the two. Conversely, there is actually a big difference, in space we can only look, try to understand, to interpret, but we cannot experiment or try to influence the path of the stars. In cybersecurity, the opposite is true: we must intervene, act and help others protect themselves. What brings these two worlds together, however, is their level of complexity. There is a form of “relativity” in cybersecurity, which means that according to one’s point of view, one’s perception is not the same. In one area as in the other, it is absolutely impossible to spend a day without learning something, which is also my creed in life.
Let’s comme back on earth. Cybersecurity is progressing. But still lacking structure, associations…
Absolutely, for some time SECURITYMADEIN.LU has invested in this direction. It is necessary to federate all actors of the cybersecurity ecosystem. We must first identify them, understand their role, and their needs. And in a sector that has been evolving for a few years, it was not useful to lock things in too quickly. The system has been self-regulating, in the biological sense of the term. Now we come to a stage where some regulations come from the outside. This is the right moment to structure and strengthen the ecosystem.
Overall, companies should not consider the new rules as constraints or as marketing opportunities, but as tools for progression, as a means to become more efficient and resilient.
With the Cybersecurity Act, a whole new global digital certification framework will be put in place. We must prepare for it now by adopting a good posture.
What are the big challenges for 2019?
First of all, in terms of resources: IT experts are becoming rare. This will be felt more in the months and years ahead. In response to this shortage, we will launch a series of initiatives that will offer new training, including continuing education.
We also want to talk to young people, to encourage these vocations. We need technical profiles, but other profiles as well: Cybersecurity is a cross-cutting discipline that also requires organizational, legal, and communication skills. Efforts also need to be made to include women who are severely underrepresented in the cybersecurity industry.
In short, there is work to be done, and we are counting on all the actors in the Luxembourgish ecosystem to participate in the effort. We also want to work on collective skills, which are not sufficiently taken into account in conventional training, but which are crucial in crisis situations.
Although it has gained credibility, cybersecurity is still a booming sector that requires the participation of everyone in order to meet its future challenges.