Next week, I’m flying to the US on Tuesday, heading back on Thursday evening, arriving back in Heathrow on Friday morning, and heading (hopefully after a shower) to Cyber Security & Cloud Expo Global to present a session and then, later in the afternoon, to participate in a panel. One of the reasons that I’m bothering to post this here is that I have a feeling that I’m going to be quite tired by the end of Friday, and it’s probably a good idea to get at least a few thoughts in order for the panel session up front[1]. This is particularly the case as there’s some holiday happening between now and then, and if I’m lucky, I’ll be able to forget about everything work-related in the meantime.
The panel has an interesting title. It’s “How artificial intelligence and blockchain are the battlegrounds for the next security wars“. You could say that this is buzzwordy attempt to shoehorn security into a session about two unrelated topics, but the more I think about it, the more I’m glad that the organisers have put this together. It seems to me that although AI and blockchain are huge topics, have their own conference circuits[2] and garner huge amounts of interest from the press, there’s a danger that people whose main job and professional focus is security won’t be the most engaged in this debate. To turn that around a bit, what I mean is that although there are people within the AI and blockchain communities considering security, I think that there’s a place for people within the security community to be more involved in considering AI and blockchain.
AI and security
“What?” you may say. “Have you not noticed all of the AI-enabled products being sold by vendors in the security community?”
To which I reply, “pfft.”
It would be rude[3] to suggest that none of those security products have any “Artificial Intelligence” actually anywhere near them. However, it seems to me (and I’m not alone) that most of those products are actually employing much more basic algorithms which are more accurately portrayed as “Machine Learning”. And that’s if we’re being generous.
More importantly, however, I think that what’s really important to discuss here is security in a world where AI (or, OK, ML) is the key element of a product or service, or in a world where AI/ML is a defining feature of how we live at least part of our world. In other words, what’s the impact of security when we have self-driving cars, AI-led hiring practices and fewer medical professionals performing examinations and diagnoses? What does “the next battleground” mean in this context? Are we fighting to keep these systems from overstepping their mark, or fighting to stop malicious actors from compromising or suborning them to their ends? I don’t know, and that’s part of why I’m looking forward to my involvement on the panel.
Blockchain and security
Blockchain is the other piece, of course, and there are lots of areas for us to consider here, too. Three that spring to my mind are:
- around smart contracts (see my article What’s a blockchain “smart contract”? for more thoughts on that particular gem);
- the assumptions built into many blockchain systems around the long-term safety of various cryptographic primitives (see my article Will quantum computing break security?);
- the implicit trust that is exhibited by many “naive” users of blockchain systems around the various entities and stakeholders in the environment (I’ve written about “zero-trust” here: Thinking beyond “zero-trust”).
Whether you believe that blockchain(s) is(are) going to take over the world or not, it’s a vastly compelling topic, and I think it’s important for it to be discussed outside its “hype bubble” in the context of a security conference.
Conclusion
While I’m disappointed that I’m not going to be able to see some of the other interesting folks speaking at different times of the conference, I’m rather looking forward to the day that I will be there. I’m also somewhat relieved to have been able to use this article to consider some of the points that I suspect – and hope! – will be brought up in the panel. As always, I welcome comments and thoughts around areas that I might not have considered (or just missed out). And last, I’d be very happy to meet you at the conference if you’re attending.
1 – I’ve already created the slides for the talk, I’m pleased to say.
2 – my, do they have their own conference circuits…
3 – not to mention possibly actionable. And possibly even incorrect.
Alice, Eve and Bob - a security blog 