Trust and Cybersecurity: In search of a multi-disciplinary theory and practice
Presented by Claire Vishik, Global Cybersecurity Director, SPE, Intel Corporation.
Cybersecurity has become a global priority, but it encompasses a set of problems that are difficult to resolve. This is due, in part, to its multi-disciplinary nature. The broad definition of cybersecurity encompasses a range of subfields, from computer and network security to cryptography, psychology, human behavior, economics, policy, and international collaboration. The interplay of the subjects is important for the theory and practice in cybersecurity, but the underlying relationships between the components of the big picture remain elusive.
Trust is a foundational concept in cybersecurity because it provides a common thread linking its many components. But this link is not straightforward. People develop trust in other people, polices, information and conventional products in ways that don't easily translate to the models used to define trust between devices and networks or between organisations or between organisations and their employees.
For a device, an application, or a system, trust is based on the premise that the other party behaves in an expected way under the same conditions. Trust complements security requirements, enabling various security models.
For people, trust may be based on their experiences and expectations, as well as the reactions of other people. In organisations, trust may be linked to the affiliations and credentials of individuals, organisational relationships, and regulations.
For governments and in international relations, trust may be defined by policies, agreements, and national and international norms.
The talk will examine trust in different contexts. From the human side of trust, to cryptographically-supported trusted systems, to policies that maintain trust, a broad view of the topic will be presented. What are the foundations of the individual’s trust in technology and what are the consequences of the lack of trust? How can trust between systems depend on subtle differences in the integrated circuits in their hardware? Can technical trust be nuanced, allowing a system to trust another system a little or a lot, depending on the circumstances? How is trust misused by cyber criminals, and how can technology and cyber norms stop them? How is trust connected to privacy? We will touch upon many of these questions. Trust is complex and multi-faceted, but it is a concept that can explain many successes and failures in cybersecurity.
Claire Vishik’s work at Intel focuses on hardware security, trusted computing, privacy enhancing technologies, some aspects of cryptography and related global policy issues. Claire is a member of the Permanent Stakeholders Group of ENISA, the European Network and Information Security Agency, Council member for the Information Security Forum, and is an advisor for numerous R&D and strategic initiatives in Asia, Europe and the US. She is active in standards development and R&D strategy and is on the Board of Directors of the Trusted Computing Group and TDL (Trust in Digital Life), a co-chair of NIST Cyber-Physical Systems initiative and active in similar efforts. Claire received her PhD from the University of Texas at Austin. Prior to joining Intel, Claire worked at Schlumberger Laboratory for Computer Science and AT&T Laboratories, studying security, electronic commerce, and other aspects of Internet and computing technologies. Claire is the author of numerous peer reviewed papers and book chapters and inventor on 30+ pending and granted US patents.