Just call it the “bear in the room.”
There was no getting away from the issue of cybersecurity at The Technology Expo this week. Security was front and centre as almost 1,100 members of Manitoba’s information and communication technologies (ICT) community converged on the RBC Convention Centre Winnipeg for the annual event on April 26 hosted by Epic, an MTS company.
“When you talk to pretty much any technology professional and many businesspeople, cybersecurity is that one thing that’s really top of mind, whether they’ve been a victim of attacks, or know people who have and are trying to better protect their organizations,” said Ryan Klassen, Vice-President of Business Solutions for Bell MTS and General Manager of Epic.
Klassen said businesses are increasingly understanding the need for a comprehensive and well-thought-out cybersecurity strategy. Security can’t be solved by one company alone.
“Security is all about an ecosystem, and that ecosystem means a variety of vendors coming together to solve or address issues. That’s the key thing about bringing all these vendors, businesses and the ICT community together at the Expo to share and collaborate. It gives them a forum to talk about what they’re seeing, what they’re doing, what they’ve experienced, what’s worked and what hasn’t.”
Manitoba’s ICT infrastructure expanding
Before the largest ICT conference on the prairies got down to the business of security, Dan McKeen, Vice-Chair, Bell MTS and Western Canada Senior Vice-President of Small Business spoke to the crowd about what the Bell MTS acquisition means for ICT and business leaders in Manitoba.
“The recent launch of Bell MTS is an exceptional opportunity for the Manitoba business and IT communities to build on our shared commitment to service and innovation,” said McKeen. “Combining Bell’s scale with local knowledge and execution will increase the critical network infrastructure built in Manitoba, which in turn will result in the building of bigger and more advanced networks.”
McKeen highlighted the company’s commitment to a five-year, $1-billion capital investment in Manitoba for new technology and expanded networks and the fact Bell MTS has already launched new 4G LTE wireless service in Churchill.
“We’ve also announced sponsorship for Innovation Alley,” McKeen said of Bell MTS’s support for the Exchange District community of innovators, entrepreneurs and artists. “It’s to support Manitoba’s digital economy, and we’re going to have the fastest Internet and wireless services available anywhere in the country there, which is going to be our Gigabit Fibe Internet service and LTE Advanced wireless.”
Businesses must take extra steps for cyber-protection
The focus of the day’s presentations from the main stage was put squarely on security.
The morning session featured a panel discussion called “Security for the Rest of Us,” moderated by Epic’s Director of Professional Services, James Morris, that featured Scott Smith, Director, Intellectual Property and Innovation Policy with the Canadian Chamber of Commerce, Mike Lloyd, CTO of RedSeal, Zach Zahradnik COO of the Deposit Guarantee Corporation of Manitoba, Jason Maynard, Cybersecurity Consulting Systems Engineer with Cisco, and Doug Scott, Director, Technology with Epic.
A number of different strategies were put forth to improve cyber-defences — from the integration of security systems and network safety standards to the more macro view of creating a U.S. cyber ‘czar’ and nurturing tech-savvy elementary schoolers. However, a common thread linked all the security chatter onstage at the Expo: It’s high time we take our network security much more seriously.
Smith, who recently led a project for the Canadian Chamber of Commerce that examined cyber-threats on the business landscape, said Canadian businesses of all sizes need to take a more serious look at cyber-security — a fact that should especially resonate with small businesses, since the bulk of data breaches happen in their demographic.
“Three years ago, there was a report that came out and said 50 per cent of businesses were not backing up their data,” Smith said. “So, through a series of surveys, workshops and roundtables we did across the country, we found 88 per cent now are backing up their data. That’s a good sign.
“But that’s really the only thing they’re doing — that and using anti-malware software. They don’t have any other technology wrapped around what they’re doing, and 50 per cent don’t even understand what their assets are.”
Cisco’s Maynard spoke further about this issue, citing the reality most companies will face. “Most people don’t understand what ‘normal’ looks like in their network, so if you don’t understand what normal looks like, then how do you know when something bad is happening?” Maynard said.
“The reality is, something will get in. And when it does, you need tools and mechanisms to help you truly understand that. There’s not a single answer, at least not today.”
Technologists in short supply; but not your security
RedSeal’s Dr. Mike Lloyd took the lunch keynote talk, focusing on security integration. Even when businesses already adhere to cybersecurity standards, they may want to have a re-think, according to Lloyd.
“Open-ended compliance standards create a lot of difficulty,” Lloyd said. “If we all have to roll our own standards, we’re on our own and we’ll have to build our own ways of demonstrating compliance. If we want to drive costs down, we have to have a bit more uniformity.”
Lloyd said there’s even a need for a more common and prescriptive language of regulatory requirements when it comes to cyber-safety standards.
“The bad news is, a lot of regulatory requirements don’t mandate that you do exactly (one specific thing). They just say, ‘Go do something. Demonstrate to me what it is you think you’re supposed to be doing.’ ” he said. “That gives you enough rope that you can hang yourself and can actually be a serious problem.”
It’s not about ‘if,’ but ‘when,’ so cyber-defence is all about resilience: being tough to attack, detecting attacks immediately and responding rapidly. With a big shortage of security professionals right now, it’s all about integrating technical security solutions with the technologists companies currently have access to, and not believing there’s a quick turn-key fix out there.
“There are good reasons why we have to have consensus among the technologists and the businesspeople about how to keep these security rules fresh,” Lloyd said. “A lot of that is about meetings like this. It’s about having communication about what we’re using now and as the threats keep changing we have to keep adapting what technology we build to go hunting through networks.”
More education needed to protect financial sector
The day’s last keynote, called the “State of the Nation — The Cyber War Update” was hosted by Daniel Ennis, former director of the Threat Operations Centre at the U.S. National Security Agency and current CEO of DRE Consulting and Executive Director of the University of Maryland’s Cyber Initiatives.
Ennis put forth the idea that we need to view cybersecurity as a new paradigm and move away from defensive ideas based on traditional military mindsets. According to Ennis, the financial sector is rightly at the vanguard as being the most advanced and cyber-savvy industry right now.
“In terms of the cyber-war, it’s the economy, stupid,” Ennis said, repurposing the slogan from Bill Clinton’s successful 1992 U.S. presidential campaign. “We are not a manufacturing economy anymore. In Canada, the U.S. and the West, we are an economy based on intellectual prowess and innovation.
“The adversary is really about taking down our economy, or at least that’s where we’re vulnerable.” Ennis sees the financial industry as the most “mature” sector, in terms of cyber-defence, and said it has much to recommend in terms of a collaborative approach on a broader level.
“They actually have created shared-service organizations and entities that allow small and medium-sized banks to benefit from some of the things they’ve deduced and decided to focus on,” Ennis said.
The ex-NSA staffer said he’d like to see a three-pronged approach to cybersecurity in the U.S., involving the government, education and the private sector (which would follow a similar trail to that blazed by the financial industry).
Ennis said he’d like to see a boost in early-years tech-education, an increased valuation and promotion of women in tech, science and math, and more cyber-focused post-secondary programs at all levels.
“We’re not fundamentally turning out enough people with the technical skill and acumen that we need,” Ennis said. “And we’re certainly undervaluing women in the space.”
Ennis said a more agile government tuned to the new paradigm of cyber-war, plus a “Secretary of Cyber” in the U.S. Cabinet are key to the fight. “That’s the model from a government I’m looking for,” Ennis said. “Somebody in charge who can produce, induce, cajole, use the Bully Pulpit to create maturity in the cyber-defence realm.”
ICT community attendance & downtown location
In addition to the keynote speakers, attendees had the opportunity to take in 16 demonstration sessions and a trade show, featuring 22 vendor exhibitors.
The Expo moved downtown to the RBC Convention Centre for this year’s edition, and Klassen said that helped with the high attendance. “We’ve broken all records from previous years,” he said. “We wanted to refresh it a bit and be in a central location that made more sense for customers.”
Cisco was the Platinum sponsor for The Technology Expo. Gold sponsors included Kaspersky, Dell EMC, Microsoft and RedSeal. Silver sponsors included Air Unlimited Inc., Global Knowledge, Hewlett Packard, Brocade, Commvault, NetApp, Netscout, Nimble, Polycom, Veeam and VMware. Bronze sponsors included Lenovo, Mitel, NEC and Vertiv.