Podcast

Podcast: IEEE shows Zero Trust protects post-pandemic industries

May 26, 2022

Posted by: IoT global network

IEEE senior member and Professor of Cybersecurity, Kevin Curran discusses the lack of protection from ransomware, but tells us how Zero Trust Architecture can build stronger protection for businesses with remote and in-office staff. If all else fails, says podcast host, Jeremy Cowan, buy yourself a nuclear bunker in Arizona. Proposed uses include a porn studio, growing medical marijuana, and escaping cosmic ray bit flips. Just $400k. 


Listen on

Jeremy Cowan  00:04

Hi, and welcome to the latest trending tech podcast. My name is Jeremy Cowan, and I’m co-founder of the websites IoT-Now.com, VanillaPlus.com, and The Evolving Enterprise. Now here on the pod, we recently received some news about a global study done by the IEEE. For those who don’t already know it, the IEEE is the world’s largest technical professional organisation dedicated to advancing technology for the benefit of humanity. Its publications and conferences are regularly quoted. It’s technology standards, our industry wide standards. So, when it speaks, we tend to sit up and take notice. And it’s on the impact of technology in 2022 and beyond, and is a new survey of global tech leaders from the UK, US, China, India and Brazil. So rather than write about it, we thought it would be great to hear more about it from Kevin Curran, IEEE senior member and professor of cybersecurity at the University of Ulster. I’m absolutely delighted to say he agreed. So Kevin, welcome to the Trending Tech Podcast.

Kevin Curran  01:21

Thanks, Jeremy.

Jeremy Cowan  01:23

It’s great to have you here. Now, as regular listeners will know, we have our interview section in the middle. But the first thing we want to do is have a look at some of the serious news that is in the market at the moment. And we want to look at the things that are causing headlines and ripples around technology in the broadest sense. Kevin, what have you seen in the news that really intrigued you?

Kevin Curran  01:50

I follow all the cybersecurity stories closely. The one I’ve seen was the Glupteba botnet. Again, it’s not that we don’t have botnets before. They’re used for ransomware, or they’re used for spreading malware, they’re used for extortion. But this was a particularly sophisticated botnet; what it does is it actually uses the blockchain. So, of course, most of these botnets can generate random IP addresses, which is kind of core to be able to remain under the radar as such, but this particular botnet actually dials into the blockchain. So, in future, whenever they want to have new IP addresses, they just do transactions in the blockchain, and literally it gives the IP addresses that they can use for further continuation of this botnet. It’s the first time we’ve seen a botnet which is chained to the blockchain.

Jeremy Cowan  02:35

How do you think that’s going to affect the market as a whole?

Kevin Curran  02:39

Ransomware is one of the biggest scourges at this moment. It’s a particularly devastating crime, really, and it pays for these criminals, so there is no real solution to the problem of ransomware apart from maybe, you know, legal processes where jurisdictions are removed and countries come together. But there is always a problem with this, because most of the malware we get, most of the hacking we get comes from the East. It is that simple. These countries, again, just remain aside the laws, there’s no extradition process for any of these hackers. So, it’s very, very difficult as such, it just causes devastation. The Irish health system is still trying to return to normal capacity after the ransomware attack, which happened about two months ago. So we’re seeing devastation across all types of industries.

Jeremy Cowan  03:23

What impact has that had on the Irish healthcare system?

Kevin Curran  03:26

It’s kind of shocked them to the core. Because you know, I have friends that work in the health system, and they’re using paper for weeks and months. Not an all systems, but it just showed that a complete it system, especially healthcare systems, as you can imagine, you have everything from heart monitors to you know, blood oxygen monitors, again and most of these are connected to the IT systems. Then you have so many legacy systems again, you know, you have third parties, you have hospitals which deal with pharmacies and supply chain and everyone else, when all that goes down because we’ve become so reliant on technology.

A number of years ago – and it wasn’t to do with hacking, it was when the Visa (credit card) network went down in the UK – for almost 24 hours people were stuck without being able to get taxis, travel home, buy food, because no one carries cash anymore. So we’re seeing what happens when IT systems fail. And we really don’t have fail overs, because no one expects it to happen. But again, in the future, I think a lot of people will have to buy notepads and pencils, again, to cope with IT systems, failing to ransomware or just maybe on technical failures, somewhere along the way. But again really, as you know, computers have been the most impressive tool that we have ever created as a human race. All the other things we’ve had, we’ve had impressive things like bicycles, motor cars, planes, all these things, but nothing has changed society the way that the computer has.

Jeremy Cowan  04:50

Yeah, you’re so right. And in fact, somebody was pointing out to me that the IoT is in fact the biggest machine that man and woman has ever created. So, yes, it has to be seen as such.

The story that caught my eye Kevin was something else related to healthcare. The other day Lynx MD, the healthcare AI platform for real world clinical and operational data collaboration, announced that it’s raised $12 million (that’s 10-plus million Euros) in seed financing. Now, the size of that financing is not particularly earth shattering. That’s not perhaps the story in itself. But real-world data is absolutely critical to drive innovation and improve care in the healthcare industry. But, of course, there are throughout this security hurdles and privacy concerns that we need to be aware of. And additionally, for research organisations, accessing data is one of the main bottlenecks in innovation cycles – it can take months to gain access to the required quality data sets. So, I was interested in the report on The Evolving Enterprise, which iswww.TheEE.ai , where Lynx claims to have solved these challenges by making scalable data access and rapid innovation cycles actually a reality for the first time in the industry. In what they’re calling a secure sandboxed environment, Lynx enables users to access really massive amounts of real world medical data and facilitates decisions using data science and AI. Clearly, Kevin, this has been a problem for a while for the industry. We are not very far away in times of ransomware from going back to pen and paper, but when we are able to use IT to its full, clearly this is going to be an advantage. What was your take on this?

Kevin Curran  06:48

Yes, we’ve seen the artificial intelligence make stunning breakthroughs in so many areas of business really. So, of course, in medicine, because it can have, you know, it may be improved patient outcomes, and might speed up things, it might discover there’s so much you can do, because really, machine learning when it comes to it is pattern matching. And of course, we have access to a lot of healthcare data, and profiles again, you know, we could see things and trends which maybe were not possible without that.

Machines can crunch the numbers and see patterns that no human might see again. So, I’m sure we’re going to have a lot of breakthroughs, where things were just discovered, because machine machine learning algorithms were on particular systems. But, of course, there’s always a danger. But most data scientists understand the risks and you know. I’ve worked with many doctors, on healthcare projects, data science, we have a large team here in our university, and they’re pretty good at stats, understanding correlation. Because you can make wrong inferences about any aspect of whatever, you have to understand the data as well. But that’s what data scientists do. They are people who understand the actual raw data, and then they let the machine you know, whatever algorithms are going out there. So, yeah, I mean, it should have a major outcome in the future for us.

Jeremy Cowan  08:05

What I find particularly encouraging about this is, you know, AI is now clearly playing a role in enabling companies of all sizes, whether they’re enterprises or SMEs, to deploy this kind of technology, and not to take months or years about it, but to do it in days, even weeks. The One Stop Shop platform says that a full AI development workbench can be deployed in days, and it doesn’t take huge customer IT resources to do it. So, I find that enormously encouraging. Do you?

Kevin Curran  08:39

It is. I mean that’s why we need frameworks really, tools to put into the hands of people who are not, you know, don’t have a PhD in data science or statisticians as well, and that that’s crucial, really. What we need is tools and frameworks which enable ordinary people, you know, with some background, again, computer science or stats to be able to make use of these tools. Again, that’s very important. I mean, that’s what we see with development frameworks and how people code and you know, these tools are very important. So again, any frameworks which help medical people again, who are not necessarily trained in data science to be able to look at patterns and data. That’s welcome.

Jeremy Cowan  09:16

Yeah, hugely welcome. Kevin, one of the reasons we wanted to get you on this pod was to be able to ask you about the survey. So, let’s turn to that because this is a survey of big hitters, and not a few of them, you know, technology leaders in five countries. As I say, we don’t post many stories about predictions on our sites for the year ahead. Because so often, they’re just one person’s view. But clearly, the IEEE has gone many steps further than that by producing a global survey on the impact of technology. Can you tell us a little bit about who you spoke to and what you learned from it?

Kevin Curran  09:55

Okay. The study included 350 Chief Technology Officers, Chief Information Officers, and IT directors, and again was covering the most important technologies in 2022. And the industries most impacted by technology in the year ahead. So, of course, what we found is the most important technologies innovate in sustainability in the future. What we found was one in five said that AI and machine learning, cloud computing and 5G would be the most important technologies next year. But of course, also because of the global pandemic, these leaders surveyed said that they accelerated adoption of cloud compute by 60%, AI and machine learning 51%, and 5G 46%.

Jeremy Cowan  10:35
I find that extraordinary, that’s quite significant figures. It’s perhaps not surprising that because of the pandemic tech leaders said that their use of cloud computing grew in 2021. As did AI and machine learning and 5G. How exactly do they expect to use these technologies in 2022?

Kevin Curran  10:56

One of the markers which has really increased and whether the pandemic speeded up, is cloud computing, and everything is moving to the cloud, really.  Again, every single platform, very few people have in-house now, even private clouds again, so the cloud market has really taken off. And of course, you know, there’s parts of that which help. The pandemic took IT officers by surprise, but before that they had their, as much as they could, had the desktops nailed down. Software was all on there, tablets were managed, and all the sudden the pandemic comes, and people are using their sons’ and daughters’ laptops (Laughter) and whatever else they have. And in some industries there’s critical information on these, they’re logging in on browsers to a portal, where they might have sensitive financial information or medical data, whatever else. People did whatever they could to survive, but one thing for sure is, the cloud is here to stay.

Jeremy Cowan  11:51

Yeah, absolutely. This has been a fact in telemedicine, in remote learning, in day to day communications. And it seems to have affected everybody, that these sort of technologies are now in further use. How do you think CIOs and CTOs are going to build strong cyber security in such a challenging environment for a hybrid workforce of remote and in-office workers? I mean, this is clearly viewed by those surveyed as massively challenging.

Kevin Curran  12:00

It is. There was a framework coming out from Google a few years ago, the Zero Trust framework really, Zero Trust architectures. And that is where you just presume every connection has to authenticate and authorise again, you just presume that everyone has to at every step. And again, it was a framework that was dreamed up prior to the pandemic, but because Google, like a lot of large organisations had noticed that the traditional kind of network model didn’t really work because they had offices all around the world, they had people on the move, they had different hybrid systems again, so they realised that we need a zero trust architecture as well.

That is one thing that CTOs can do, or CISOs again, but with that it depends on the framework you want to use. Are you going to use Amazon, are you going to use Microsoft, are you going to use Oracle Cloud, whatever? You know, there’s offerings from a lot of these people, Alibaba, Tencent, all these people, these companies control the cloud market. So the tools vary, but again you’ve got to be upscaled, you’ve got to understand the actual cloud platform you’re using. Again, you’ve got to know the primitives, you got to know what are the settings, the default is always the enemy of cybersecurity master. So again, you just got to make sure that you have a solid cloud environment with all the parameters taken. And you understand again, about all the other aspects that you have to guard and it’s become really, really complicated.

Even the cost model, once you found at cloud conferences have been to the best attended. sessions have been about cost and managing costs, because it is a different paradigm. You have servers here and you got packet requests, and you’re trying to work out, you know, how can I save money here, especially if you’ve got a large installation. It is just something that we didn’t have, there was no such equivalent thing 10 years ago, or maybe 20, where you had this pricing architecture. Generally, you bought your servers, you installed them, you put enough hard disk of RAM, and you’d know when you’d run out of memory. But there was really no cost apart from the electricity. But in a cloud model, again, with the scalability and the way it’s priced and everything, you know, a lot of companies actually just hire people to reduce their costs on these cloud platforms.

Jeremy Cowan  14:31

Yeah, which is a solution but perhaps not a viable long-term solution. I mean, one of the things that really has struck me throughout this last year, perhaps it’s because I’ve got young of this age who are going through the recruitment process at the moment, is how technology companies are struggling to bring in new talent, why they’re using AI and how they’re using AI to employ new people. But also how they’re actually coping with situations that you’ve already alluded to, where many of us have been forced to be working from home using devices, you know the Fisher Price laptop might be slightly the joke extreme, but it’s actually a serious problem. You know, bring-your-own-device into a high tech environment is another aspect of the same thing. So recruitment and equipment of new staff is a massive issue. Was this touched on in your survey?

Kevin Curran  15:28

Those surveyed have seen that it was challenging to hire, to recruit. And we’re seeing that, especially in the UK, especially after Brexit, it just doesn’t help. You know, we have such some strict border controls here as well. But it really is difficult in technology, because, you know, apart from probably the health system, the one area that has always recruited people from overseas – from Bangladesh, from India, from China, whatever – it has been a tech sector. And this has become much more difficult now with Brexit.

So, again, the hardest areas to recreate in are cloud, cybersecurity, and data science, of course. Last year, whenever I read reports that Stanford data science graduates were being offered $250,000 in starting salary, because there’s such a demand for data science, especially now with the rise of AI and cloud and everything else. So, it’s just become more powerful, but it is difficult.

I am a co-founder of a company. We just raised £3 million a few months ago, we have 21 people working for us. But some of these people we have in Sweden, we have in Brazil, we have different places because of the visa problems at the moment. And also COVID making it quite awkward for us. But we have not found it that easy to recruit or to get people to come to Ireland and relocate here, because well, that, in some ways COVID is just not helping at all. What I find is we know we had a team meeting a few weeks ago, and to be honest, it was over a weekend but really their whole weekend was taken up with trying to get the test (PCR test) to get back to the airport. Because it’s so complicated now, and they had find test centres. I thought, ‘Why would anyone go anywhere now unless they had to know, for a few days, because it is just such a pain. And literally they were even during the meals, and they were trying to concentrate then and they were trying to get the PCR test and find a location and then find out the regulations. Is it 24 hours? It’s 72, so it’s just become very complicated travel.

Jeremy Cowan  17:20

And it’s a moving picture as well, because you just get the rules nailed down, and suddenly they’ve all changed again. Argh, yeah, it’s a nightmare for recruiters right now and it’s not much better for those being recruited.

Moving on a little bit, most of your survey respondents, I think it was 78%, agreed that in the next 10 years half or more of what they do in their daily work will be enhanced by robots. What types of robot deployment do you think are most likely to be benefiting humanity first?

Kevin Curran  17:53

Yeah, 81% agreed that in the next five years, a quarter of what they do will be enhanced by robots. And almost 80% agree that robots will be deployed across their organisation to enhance most business functions, you know, from sales to human resources. But they say that in manufacturing and assembly it’s 33%. And then hospital and patient care was 26%. And then Earth and space exploration is where they next see that maybe robots will be deployed to benefit humanity as well. And, of course, we’re seeing the rise of the Roombas now, the home robots, and they’re becoming a lot cheaper, and they’re quite efficient, you know, they really are good. And I think most homes will have robot vacuums in the future just by default.

Jeremy Cowan  18:35

Which brings us to the question of how you make that secure.

Kevin Curran  18:38
It’s like anything that’s connected, yeah, I mean robot vaccums will also be hijacked in the future and used for botnets. Anything which has an IP address, which is connected to the Internet can be compromised, of course. I haven’t seen the robot attack. You know, we’ve seen everything else being compromised from the Ring doorbells to baby cam monitors. And these are used in botnets, of course. That’s the thing about the IoT market, that manufacturers have no onus on them to provide a roadmap of updates, and they go for a quick buck, they release something cheap. They sell it but there is no updates coming, and people forget about them and use default passwords. but they have been taken over by so many botnets. One of the leading cybersecurity journalists in the world is Brian Krebs and his website was put under enormous denial of service attack a number of years ago, and that was all mostly monitors and baby cam stuff that was compromised because a lot of this hardware can’t even run some of the stronger crypto. But again, that there is inklings of a law coming in; in California, one of the first ones is to say – you might have seen in the UK we’re moving to it – they’re preventing any devices to be sold in the future from having a default password, a static key. That ensures that every device that’s manufactured in the future should have a unique password on that, and that’s a good move.

Jeremy Cowan  19:55

It’s a good move. It’s one that I mean, now we see it, it looks like a statement of the blindingly obvious and we wonder how it was ever anything else. But it is a good move. Kevin, that’s really fascinating. Thank you so much for telling us about the survey. Where can people find out more about this? If they want to?

Kevin Curran  20:16

Yeah, well they can visit the ieee.org website and the reports are there. You know, they do a lot of reports. So, they’ll find that they’re in the main page, actually.

Jeremy Cowan  20:25

And I was searching on the IEEE website earlier for the full name behind the abbreviation. What is it? And is it no longer used?

Kevin Curran  20:34

Oh, it’s always been a long one, but it’s the Institute of Electronic and Electrical Engineers. And it’s been around since the early days. You know, they predate really computers to some degree. Yeah, it was electronic engineers back then working on Analog Devices. And, you know, some of the most famous names in computer science and technology have been members of the IEEE.

Jeremy Cowan  20:59

Yeah. Well, it’s a fascinating organisation with really great kudos. So, thank you so much for sharing your thoughts on that. We’ve now got to that part of the podcast where we have in What The Tech a chance to look at some of the lighter side, the amusing or amazing stories that caught our eye, as we looked around the technology market. Kevin, what caught your attention?

Kevin Curran  21:28

Mine was simply the app which rewards people for picking up rubbish. So, you know, you walk around in the country. And as it was made in Israel. So you walk around, you see any rubbish, you take a photograph, you tag the location, and of course, you collect the rubbish and you get rewards. So, it allows you to spend these in different applets again, but it was just an example of an app which could take off around the world and it could make the world a bit cleaner, and it is gamifying rubbish cleaning. And that’s not the worst thing ever.

You just reminded me of something; there actually is an app, believe it or not, for the iPhone, which can blow out a candle. (Laughter) It does, you put the mic at the bottom of your iPhone towards the candle, and it literally blows air. It uses high frequency sounds again, it’s actually using high frequency sound waves. (Laughter)

Jeremy Cowan  22:21

I’m looking at the data and wondering is this April Fool’s Day? (Laughter) I find that fascinating.

The story that caught my eye was in The Guardian newspaper in the UK, headlined, Nuclear missile bunker: Yours for less than $400k. So, if you’re struggling for the ideal present, then we think we may have the answer for you. Because decommissioned nuclear silos are, well one in particular, is now being made available on the open market in the US, of course, accessed via a 40 foot staircase leading to the underground missile station, which was once home to the USA’s largest intercontinental ballistic missile ever deployed. I mean, apparently, one local newspaper has described this bit of real estate as a “mid-century fixer upper”, which I really like. But it’s an underground bunker built to withstand a nuclear attack and ready to house the firepower to retaliate? It’s in Arizona, if that is important to you, and I’m sure you can find it. It’s very close to a US Air Force Base. Apparently, the silo’s owner told the Arizona Daily Star newspaper that he was selling the property because he’s bored.

It has been suggested that there were various other potential buyers who might have gone for it. One wanted to open a greenhouse for medical marijuana, and another who planned to use it as a porn studio. Your own use for this is entirely up to you. But I personally think I may be keeping the $400,000 in my pocket. Kevin, what about you? Is that of interest to you? Is that on your wish list?

Kevin Curran  24:14

I can see the uses for it because you can imagine how thick those walls are. And actually, there is a problem in computer science. Now, it doesn’t affect most of us on a daily basis, but the cosmic rays can cause your blue screen of death, right? It’s where a bit flips within memory, and NASA are all over this. Of course, the Space Shuttle has got four computers and if one of them has an error it takes the answer from the other three as being the ground truth. And again, NASA are well aware, I think they’ve tracked a few hundred cosmic ray bit flips. A number of years ago there was it was a candidate in some country, and she got 4,096 extra votes and they couldn’t figure out what the hell happened. But what it was … because that’s, you know, 2, 4, 8, it’s binary. And what it was, it was a bit flip, they worked out. It was a bit flip. And then there was a famous video online on YouTube where a guy is playing a game with his friend and it’s all being recorded, of course, and then all of a sudden, he’s jumped a level. And he’s gone, ya know, Holy, Holy God, or whatever else and the guy’s laughing. And the other guy went and said, ‘What, how did it happen’? But when the guys went back, reverse engineered the code, inserted a bit flip into the place where he was with the coordinates, and lo and behold, he could recreate the cosmic ray bit flip, which caused the guy to move up to a different level. (Laughter)

Jeremy Cowan  25:42

Well, if anybody is interested in seeing more about the bunker that’s available for sale, Premier Media Group have apparently created a 3D tour of the bunker, which showcases pools of stagnant water and 6,000 pound blast doors, which can be closed with one hand. I’m speechless. I don’t know what to do with that information. But I’m probably not going to be in the market. Kevin, what about you?

Kevin Curran  26:10

The … for the bunker?

Jeremy Cowan  26:11

Yeah, for the bunker.

Kevin Curran  26:12

I mean, yeah, I mean, it would be good data centre there. I just don’t know the location. But then again, location doesn’t matter too much when it comes to data centres really. I mean, one of my favourite things to watch is Nazi Mega Structures on Disney Plus, and I am amazed at some of the bunkers they built, how tough they were, you know, like, incredible over time. But of course, they would make great data centres, too.

Jeremy Cowan  26:39

Yeah. Well, I bet they don’t have problems like I have with the domestic plumbing falling apart, so maybe I should be looking at it. Kevin, that’s really fascinating. Thank you so much for all your thoughts. And thank you so much for joining us on the Trending Tech Podcast to share your expertise.

Kevin Curran  26:58

You’re welcome Jeremy, and thank you.

Jeremy Cowan  26:59

Sadly, that is all we have time for today. We’ll be back with another Trending Tech Podcast very soon. In the meantime, don’t forget to like the podcast, not just to make us feel good, but to help others find us. And wherever you find us today. We hope you’ll find us again. Share us with friends.

I’ve been Jeremy Cowan talking to Kevin Curran of IEEE and join us again soon for the next Trending Tech Pod. Bye for now.