Embed Size (px)
Citation preview
NOTES ----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
INTRODUCTION
The Internet of Things (IoT) is essentially a giant network of connected objects. It generally refers to situations in which everyday items, like cars, watches, sensors headphones and wearable devices, as well as industrial and utility components (that are not normally considered as computers) are connected to the Internet and to each other. This connectivity allows these devices to autonomously generate, exchange and consume data to help us with a specific task, or to learn from a process, and is transforming the way we work, live and play. Analyses predict that by 2020, there will be more than 20 billion connected devices. Some analyses state that IoT has a total potential economic impact of $3.9 trillion to $11.1 trillion a year by 20251.
This is all very well, but the future of IoT will not be without significant challenges that could prevent it from realizing its full potential. Concerns about hacking, surveillance and privacy have already made headline news and the need to secure every connected device will be critical. As well as these technical aspects, the IoT is also generating new regulatory, ethical and policy issues that will need to be addressed urgently 2.
The insurance industry is joining the “IoT revolution” – not only for the new business opportunities that it is creating but also because of growing concerns about data protection. It is anticipated that IoT will lead to future insurance products that are much more personalized and include sophisticated risk underwriting services related to risk prevention. On a more fundamental level, IoT is in fact challenging traditional insurance concepts such as liability while producing new information security threats (for example, data leakage or system disruption). Purpose of the AXA’s Matchmaking Conference on “IoT and Data Protection” Jointly organized by the AXA Research Fund and the Group Information Risk Management team, the Matchmaking Conference will be held on October 6th at AXA Group Corporate Offices.
During this conference, researchers and business experts will tackle topics of mutual interest and explore how scientists, insurance industry and society can work together to address IoT related challenges in order to better protect IoT data in the future, while creating value for all concerned parties.
More specifically, the discussions will:
Provide insights into how best to assess the main technical, regulatory and legal challenges regarding IoT and data protection;
Help researchers better understand corporate challenges and reach out to business practitioners;
Inform Chief Risk Officers and risk managers on the recent advances in the field and how the insurance industry is being affected;
Raise awareness on the evolving world of interconnectivity and associated issues.
1 The Internet of Things: mapping the value beyond the hype, McKinsey Global Institute, June 2015 2 The Internet of Things: An Overview - Understanding the Issues and Challenges of a More Connected World, Internet Society, October 2015
As a conclusion to the October 6th conference, an AXA White Paper on challenges raised by IoT technology and data protection will be produced.
AXA’s current approach to the “IoT and Data Protection” topic AXA is progressively including IoT solutions in its insurance products and services, depending on customer needs and Group appetite. It is particularly involved in developing IoT insurance for connected homes, connected cars and the “connected self”. As an insurer, AXA is also trying to identify and measures the risks that IoT is inducing, from safety of apps to cyber risks, and is committed to the development of a secure and private-by-design IoT. Finally, AXA is exploring the regulatory and ethical questions raised both by IoT itself and by the data treatment and exploitation that power IoT-based insurance. For AXA, the main practical questions regarding IoT and data protection are as follows:
What are the new insurance products and services that could be developed using IoT? How to insure IoT (complexity, liability and privacy)? How to combine data protection constraints with the opportunities for operational
excellence afforded by IoT?
Focus of the science and insurance industry dialogue Researchers and AXA experts will take a cross-look around the following perspectives.:
A. Legal and ethical challenges: A European-American comparative approach
B. IoT and Blockchain: The challenges for Information Security
C. Interconnectivity and IoT: data security & privacy risks at stake
The presentations will be followed by a round table for inter disciplinary discussions.
The above orientations are preliminary thoughts that aim at nurturing exchanges during and after the conference. Joint discussions should help refine and complement this point of view.
Legal and ethical challenges: A European-American comparative approach
To what extent ethical and legal frameworks can drive the development of a fair, inclusive and profitable IoT?
---------
Academic Leader:
Prof. Paul OHM (Georgetown University, USA)
AXA Leader:
Dr. Cécile WENDLING (Head of Foresight, GIE AXA) Recent scientific studies have revealed a strict distinction between the technical aspect of IoT architecture and its maintenance, and the question of sophisticated data treatments (such as data mining, for example), often described as (unintentionally) discriminatory and unfair because they can inherit prior “prejudices” (Barocas & Selbst, 2016; IoT Security Foundation, 2017). Based on their experience, Dr. Cécile Wendling and Prof. Paul Ohm will try to bridge the gap between these two complementary fields of research. This session aims at investigating IoT from a legal and ethical perspective with Dr. Cécile Wendling providing European and business insights and Prof. Paul Ohm discussing the American and institutional view point. They will both adopt a holistic approach to address IoT not only as an end-point sensor but also as a complex data value-chain (Goodman, 2015). They will move beyond pure information security towards compliance and consumer protection by studying algorithmic processes. Paul and Cécile will discuss the technical, ethical and legal aspects of IoT data exploitation. The emergence of new challenges and the transformation of existing mechanisms will be detailed. Additionally, attention will be given to the concepts of liability and fairness in data intensive products (US NHTSA Report on Driverless Cars, 2016; EU Consultation on Civil Law and Robotics, 2017). The differences between EU regulatory pressures and the “softer” US stance will also be outlined by our speakers. Topics for further discussion
How could the insurance industry address legal and ethical challenges linked to IoT? What trends can be foreseen regarding IoT development and accompanying
frameworks? What technical solutions and tools could be developed to address IoT ethical and legal
issues (for example, anonymization, variable visualization and training)? What are the current and future regulations affecting both governments and the
private sector? What type of data regulations should we expect in the near future in both the US and
Europe?
Selected references:
‐ Gilad Rosner, “Privacy and the Internet of Things”, O’Reilly Media, October 2016;
‐ Barocas & Selbst, “Big Data’s Disparate Impact”, California Law Review, 2016;
‐ Paul Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization,” UCLA Law Review 57 (2010): 1701-1777
IoT and Blockchain: The challenges for Information Security
Will blockchain fairly improve IoT devices security and trust?
---------
Academic Leader:
Prof. Bryan FORD (DEDIS lab, Ecole Polytechnique Fédérale de Lausanne, Switzerland)
AXA Leader:
Laurent BENICHOU (R&D Director - AXA Next, GIE AXA) The vast amounts of data being generated today need to be better protected so that they are safe from corruption, unavailability and being hacked. The Decentralized/Distributed Systems (DEDIS) laboratory at the EPFL is an information security research group focused on building prototype software and cryptography-based architectures and aims to eliminate problems like so-called single points of failure.
In this session, Prof. Bryan Ford will describe his holistic approach to security, with a need for systems to be designed from the “ground up” and not simply patched around weak links – for instance, after a cyber-attack. Laurent Bénichou will bring his experience of implementing and piloting new insurance and service proposals within AXA, with one example being the recently launched “fizzy” platform, which is the first insurance product ever to rely on blockchain technology. Bryan will also discuss the need for users to educate themselves regarding information security. “Systems like blockchain that spread trust across different entities and that do not simply rely on individual nodes are a promising alternative to traditional ‘crunchy on the outside, soft on the inside’ server architectures, such as clouds, which suffer from the ‘weakest link’ problem,” he says. “However, these new technologies are far from perfect and researchers and engineers are busy working on developing and improving these.” Topics for further discussion
How can we ensure security, robustness against failure, and privacy in future blockchain-based insurance applications?
What trends might be foreseen regarding the development of blockchain and related cryptography-based technologies?
What types of new system architectures are being developed in response to the risks involved in this new era of cloud computing?
Selected references:
Papers:
- ByzCoin: https://www.usenix.org/conference/usenixsecurity16/technical‐sessions/presentation/kogias - Chainiac: https://www.usenix.org/conference/usenixsecurity17/technical‐sessions/presentation/nikitin
Blog posts:
- on ByzCoin: http://hackingdistributed.com/2016/08/04/byzcoin/ - https://bford.github.io/2017/08/01/skipchain/
Interconnectivity and IoT: data security & privacy risks at stake
Which are the means available to mitigate IoT risks?
---------
Academic Leader:
Prof. Robert DENG (Singapore Management University, Singapore)
AXA Leader:
Scott SAYCE (Global Head of Cyber, AXA Global P&C) As connected objects become cheaper to manufacture and buy, their security is often neglected. This means that they can be easily attacked at all levels of operation - that is, during data acquisition, transmission and storage.
In this session, Scott Sayce and Prof. Robert Deng will be discussing both the technology available today to secure IoT (including the main challenges that lie ahead for when it comes to embedding protection mechanisms, such as encryption and authentication techniques) and the insurance aspects of cyber risks when looking at its fast-evolving nature and the constant need to adapt the legal environment.
Robert will explain that there are three main categories of IoT risk. The first is unauthorized access to, and misuse of, connected devices. An example of this includes the recent Mirai bot that took down major websites such as Netflix and Twitter. The second is risk to human safety – for example, when hackers attack hospital equipment or manipulate a vehicle to deliberately force it off the road. The third is the risk to other physical systems or infrastructures. One example here is a potential attack on a nation’s power grid.
Although secure computation is still in its early stages, sophisticated technologies are already available but they need to be incorporated into existing standards in a cost-effective way, Robert will explain. Industry-specific regulations are also needed and IoT users need to be made aware of the precautions they should take to protect themselves against cyber criminals while using cloud storage.
Scott will introduce the history of cyber insurance and future state, which included IoT. He will describe how a cyber policy works and finally how insurance (cyber and non-cyber) can be part of risk transfer framework.
Topics for further discussion
How could encrypted data be shared and manipulated over un-trusted servers? How could users be provided with the means to protect themselves against cyber
criminality? What are the trends regarding new security models, cryptographic algorithms, security
protocols and security analysis techniques for the cloud computing environment?
Selected references:
- Cryptography and Data Security in Cloud Computing. : 53-55 (2017)
- Resonance Attacks on Load Frequency Control of Smart Grids, IEEE Transactions on Smart Grid (2017)
- Opting in: Using IoT Connectivity to drive differentiation, Deloitte University Press
NOTES ----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
