#CES2018 Offers Insight into the Near and Distant Future

For those who love gadgets, tech, and consumer products CES is the mecca and can be quite overwhelming. This year, there were a ton of unique applications including connected home, personal, health, entertainment and cars. For attendees strolling through the hall, all senses were involved. There were applications to assist visuals/vision, hearing, and haptics or sensations.

There were things that were automated, customized and digitally enhanced that I hadn’t even conceived. 

·       Training for horseback riding

·       Tents with wireless connectivity for entertainment

·       Wireless hearing aids and glasses that aid vision and hearing and adapt to surroundings and capabilities

·       Home gadgets from cooking to home protection and physical risks like gas and water leaks

·       Wireless recharging from ceiling lights as well as retractable charging cords from outlets

·       Wearables included clothing that mapped muscle performance and others for health performance along with associated graphs for trainers, health personnel or the individual

·       Automated toilets, and water monitors for homes

·       DNA testing for mind and body performance (Orig3n)

There were also drones of every size and one that was equipped to go underwater if you want to find your fish or take pictures.  As for cyber, the most surprising finding was the number of car and associated car companies that advertised their cyber security teams and capabilities.  And although they didn’t talk NIST, FISMA or CUI, they did discuss how important cyber was to their self-driving vehicles. Smart cities included thinking about roads, parks, and streets with new visions for community and not for cars. Smart homes included front doors with separate guest pass codes and biometrics than those used by the home owners so that sharing your garage door opener code is a thing of the past.

Everything conceivable is now connected to a data base, an information association, an application or a cloud database.  At CES the emphasis on connectivity focused on customization, personalization and convenience.  Cyber and Privacy were inferred.  Cloud wasn’t mentioned but it was present as each company presented capabilities with aggregate and specific data trailing back to the cloud.  The few times I mentioned FedRAMP resulted in a questioning look.

Also present was the future, which really seems to be now or within the next 3 years.  There were robots roaming the halls, virtual reality tours of cars that convert and will fly by 2025 (or so they say) and entertainment capabilities so rich in sound and color that they seem to bring reality indoors on thin, curved and borderless screens. 

Visualizing the Impact of #CES 2018 on Cyber and Compliance

As technology changes, so should cyber security and compliance.  The effects of customization, personalization, visualization, augmentation, and other realities from the show demonstrate that cyber security is on the verge of changing once again.

In the early 2000s, cybersecurity as a term didn’t exist and the emphasis of data and information protection looked toward assurance as in Information Assurance.  In the mid 2000s, technical capabilities including the testing operational gaps, software configuration determinations and responses to malicious viruses and malware pushed IA into the new terminology of cybersecurity and technical testing.  As information security companies entered into the 2010 and beyond, advanced persistent threats (APT) and botnets became major issues.  Since 2015, privacy and confidentiality along with supply chain protections related to the cloud have become the priority.  As a result, numerous mandates and regulatory standards were introduced or updated. These include EU-GDPR, PII, and FedRAMP. 

Putting the history of information (cyber) security into perspective is essential to see the next level of complexity that will be demanded by organizations to meet due diligence of protecting privacy information and technical information security protection.  As all the innovations presented at CES become more widely adopted, the top 3 cybersecurity challenges facing organizations and cybersecurity professionals into the future are most likely to be:

·       Dynamic flow

The fluidity of data and information has just gotten better.  With wireless charging and communications among a variety of businesses, differing applications, and personal gadgets, it seems that data will flow in every direction.  To simultaneous match and protection data flows that are unknown when initiated would suggest that the future may bring new issues in coordinating the flow of data among and between the growing supply chain of cloud based applications.  Incident response may very well require external coordination of system incident and event management capabilities. 

·       Anonymizing data

With IP addresses, personalized information from wearables, and homes, the potential of exposing private information and personally identifiable information has become greater.  Privacy issues now face more touchpoints than ever and data management tools that more accurately depict a customer may also more accurately derive an individual’s name and specifics of their lives and locations.  (Think triangulation plus).  In some instances, because of the level of big data that will be amassed from apps, cloud storage and other digital AI and IoT solutions identification may have become temporarily harder as the amount of data now available could act to obscure identities but that is still to be seen.   

·       Establishing supply chain boundary protections

With so many applications being managed through home systems or personal cell phones, the level of potential data leakage and possible attack points have exponentially grown.  The necessary due diligence and potential risks between organizations and solutions could make liabilities, penalties and security protections complex and difficult.  In NIST SP 800-53, Rev 5 (draft), security controls related to access requires validation of safe protection of information before sharing.  In this newly connected future, that will be complicated given the internal and external mesh ecosystems of home, work, and personal connectivity.  Establishing responsibilities will become harder as will due diligence.  Compliance will become even more so.

With the proliferation of connected devices and IoT becoming an integral part of everyday life, businesses and consumers need to think about personal security and their expectations for due diligence and cyber protections from manufactures, employers, health providers and more. Some of the old models of built-in security will need to be augmented or entirely changed to capture this new era of interconnectivity.

As privacy and security become more intertwined than ever, the cyber industry has an incredible opportunity to drive new and innovative approaches that enable, not thwart the adoption of the latest technologies and gadgets.