"We do not want to trust anyone but us to make important decisions because we consider ourselves the trusted authority, but I think we will have to rely on artificial intelligence." Alissa Johnson (Albany, 1973) is convinced that this technology will be the first major disruption in the field of cybersecurity, but imposes its nuances. "First we'll have to make sure the data is clean. Only if we work with the right information will we get the right results. "
Johnson speaks with the authority that gives him the experience. The one that was responsible for information technology of the White House during the second mandate of Barack Obama currently heads the security department of the multinational Xerox. We spoke with her after her intervention at the Digital Enterprise Show, one of the largest European forums on digital transformation, which held its third edition in Madrid.
Is it possible that we live a future in which the normalization of microhake and blackmail to the citizen?
Definitely. More and more devices that are not originally intended to be connected suddenly begin to be. And we talk about the most everyday thing we can imagine: a thermometer, the thermostat of your house … The more intelligent devices we have, the more the threat they pose will expand. Now we are starting to worry about issues such as privacy, but even if we improve certain aspects of this area, our data may be used for more purposes each time. Someone who knows what time I put the oven and what time I open the garage has too valuable information about me.
Imagine it's awful cold in Washington, someone hack my thermostat because I have it connected and it tells me that it gives me back control if I pay a bitcoin ransom. It's just an example: the possibilities are immense. It is time to face the debate on the treatment of personal data to avoid being late and, therefore, in the cybersecurity sector are discussing issues such as access or identity management.
Are people aware of the security threat they will face in their homes in the near future?
I think that in most cases we think about the problems of the past bull, after having suffered the consequences. The best example of this is the case of Facebook. Nobody has thought too much about the risks of the internet of things because we still have not suffered in our flesh the problems that entails. Nobody reads the terms and conditions that they accept on the internet. They accept it thinking that everything is fine because they enjoy their comfort plot with the service they provide in return. But I think now we start asking questions about what companies do with our data. How long will they be stored? When my mother opened a Facebook account, she did not stop to think that the information she shared then would continue on the social network three years later. Much less think about what a hacker You can do with your data that you do not even remember having published.
What responsibility do companies have in the face of these threats?
You can not understand the responsibility of people without talking about the companies. Companies play a very important role, they have to make technology accessible to users, because, after all, they are ultimately responsible. The General Data Protection Regulation (RGPD) aims precisely at this: that people have control over their privacy. But to achieve that kind of control, organizations have to make it easy for them to understand how they can manage their digital information.
The companies are not transparent, but the governments also
What does the user have to know in order to make responsible use of their information?
You need to know where your data is, what it is used for, how you can access it, and who else can do it. The important concepts are identity and access. Without identity or access, a company can only handle a mass of anonymous data. I think it's great that my data is used anonymously to improve my quality of life, the problem is when they know who I am and they do not tell me what they do with my data.
We have talked about the responsibility of companies and users. What is the Government's responsibility?
The Government of each country is responsible for protecting the data of its citizens. Each country is concerned with protecting its borders, its interests …
But we are in a connected world.
True, that's why our politicians have to share more and discover how to cooperate together in the right way to achieve common goals. And the first one is transparency in the use of data. This is where the majority fails. The companies are not transparent, hence the need for the RGPD, but neither are the governments. And I do not speak only about the US: everyone uses the data as if it were free, a free bar where you can use whatever you want, however you want and when you want. Let's see if this madness really ends.
Does security justify attacks on privacy?
We are entering an era with different types of wars and we are talking about different battles: on the one hand security, on the other, privacy. It is a curious situation, especially in the US. How do you live in a country with so many freedoms and protect your citizens at the same time thanks to your data? There are two questions: how to be free and how to stop worrying about my safety. With companies, this debate does not exist, because it is enough to tell them that you do not want them to use your data, but the Government needs your personal information to offer you greater security. The line is very fine and we have to try to discover strong solutions to this problem, since there is still no answer.
Some countries like China seem to have gone beyond this line, prioritizing security over privacy.
Each country has different thresholds and manages cybersecurity in its own way. The strange thing about this matter is that there is not one answer: it depends on each nation and on what its culture is willing to accept. It is the same as if we talk about the risk that a company can take on: some have more tolerance and others are more conservative. Although the risk assumed by citizens is not to obtain economic benefit, but to have greater comfort in their day to day. Well-being in exchange for information: that's what it's about.
According to the Global Information Security Workforce study of 2017, one of the reasons that aggravates the lack of experts in cybersecurity is that only 11% of the sector are women.
We have a great challenge ahead as a society. I used to be the only woman in my department, the only one in meetings. I was already used to it and I am still surprised to see more and more women in the congresses participating in the conversation that is established around this topic. This visibility is helping a lot. The need for more women in cybersecurity and other technological fields is a matter of diversity of thought, diversity in the workforce. But not only women; also people of different ethnicities, religions … In this way you expand the number of perspectives you can handle. It helps open minds and find more synergies to achieve greater impact.