The key topic of Command Control is cyber resilience. This approach is based on the assumption that one hundred percent cybersecurity is currently no longer possible. Instead the aim is to strengthen resistance to cyber attacks in order to minimize the consequences in the event of an attack.
In other words: cybersecurity stops where hackers succeed.
Cybersecurity is tasked with protecting systems, networks and data. By definition, however, it is only effective up to the point at which a hacker is able to penetrate the various protection mechanisms.
This is where cyber resilience comes into its own. Through predefined measures—such as backups, emergency communication plans or business continuity management—it ensures that business operations are not interrupted in the event of an emergency or that they can at least be quickly resumed.
For example, cyber resilience can include functional replacement hardware that is handed out to key employees in the event of a ransomware attack.
The US government’s Computer Emergency Response Team (CERT) recommends, for example, that the following aspects are closely examined and, if necessary, included in a concept:
This is where #Thought Leadership becomes #Action Leadership. Our interactive workshops give you the chance to participate actively and to take matters into your own hands.Agenda
Current pressure for companies to innovate is huge. The associated tasks entail immense budgetary, organizational and operational challenges for responsible Chief Information Officers (CIO) and Chief Digital Officers (CDO). The use of cloud computing, the Internet of Things (IoT), machine learning and software as a service (SaaS) has developed into a techno-strategic success factor for companies.
With increasing dynamic networking, the risk approach generally applied to date is repeatedly hitting its limits. Cyber risks can no longer be correctly anticipated, since digitization is linking and multiplying more and more risks at different levels.
This is shown clearly in the never-ending reports of successful cyber attacks on public institutions, companies and critical infrastructure operators.
To be able to respond quickly and efficiently to cyber attacks and to minimize damage, companies require a strong combination of cybersecurity and resilience. This encompasses crisis communication and reputational measures as well as forensic analyses of the attack, preservation of evidence and the fastest possible restart of IT systems (disaster recovery) and business continuity management (BCM).
In the case of a focused attack, all organizational, technical and human weaknesses that inevitably lead to a crisis situation become visible accordingly.
Concentrating on the most important components within the categories of people, technology and organization is crucial to minimize the complexity involved in establishing cyber resilience.
This is where Command Control in Munich on March 3–4, 2020, comes in, bringing together decision-makers and experts from the worlds of business and politics for the second time to rethink the way cyber threats are handled. This year’s Cybersecurity Summit will focus on issues such as how collaboration between the specialist disciplines of cybersecurity, risk management and digitization as well as innovation can be shaped in the future to ensure better cyber resilience.
Viktor Mayer-Schönberger is the Professor of Internet Governance and Regulation at the Oxford Internet Institute. The qualified lawyer, futurologist and author of more than a dozen books focuses his research on Big Data, digital economy, and institutions and governance in the data age.
In his current project, he is conducting research into the determinants of individual cybersecurity behavior: Why many people know what is right, but still act conversely. He is also of the opinion that there can never be 100 percent cybersecurity, but that more resilient structures are urgently needed.
Find out more in his inspiring keynote speech on the mindshift that needs to happen in companies and learn what resilience has in common with judo!
Adam Banks is Chief Technology & Information Officer at the largest global shipping company AP Moller-Maersk. When the company fell victim to the most malicious cyber attack to date, it was he who stood at the center of efforts to keep the company up and running and repair the damage.
Following the attack, Maersk shifted risk management from a central corporate function to a CISO function allowing the CISO to both create and enforce policies. In his presentation, he will explain the details of this policy enforcement—and when he expects the CISO to be kicking in the door.
Cyber Resilience is also a top priority for Command Control exhibitors and partners.
“Minimize the impact of disruptions caused by cyber attacks with a coordinated approach to resilience that helps you identify risks, protect applications and data, and enable rapid IT recovery.”
Two global hot topics will be discussed at Command Control 2020—with particular reference to their resilience aspects: the resilience of smart cities and the resilience of a digital health sector.
In a short interview with Prof. Dr. Marco Gercke, Director of the Cybercrime Research Institute, we talked about the keyword cyber security in smart cities.
In your opinion, what is the biggest risk for smart cities? What is the probability, do you think, of a large-scale incident / blackout happening in a European city?
Gercke: In the field of smart cities, there are currently some fascinating developments taking place in parallel and in very different areas—from traffic management to building control. One of the biggest challenges is the lack of uniform minimum standards across different technologies.
What is the best way to increase the security of smart cities / buildings? How important is the regulated collaboration of the various stakeholders in this process?
Gercke: If it were possible to create uniform standards—not only technical standards, but also risk management—which incorporate the different stakeholders, this would undoubtedly increase security.
Should cities have a security officer for digitization—a type of City CISO? And if yes, are there successful examples of this role?
Gercke: Key components of “smart cities” are not operated by towns and municipalities, but are in private hands. Therefore, the area of influence of such a security officer would be limited. However, within the areas of influence of towns and municipalities the introduction of such a CISO would very much make sense.
Should the issue of cybersecurity be taken into account by Urban Planning Executives (in town planning)?
Gercke: We are at a point at which “security by design” is no longer only important for software development, but should also be applied in urban development.
Prof. Dr. Mark Dominik Alscher is Medical Director of the entire clinics of the Robert Bosch Hospital in Stuttgart, author of over 250 medical articles and book contributions and Chairman of the Board of Directors of Digitale Gesundheit Baden-Württemberg e.V.
Prof. Alscher represents data security of the highest quality with rapid introduction of digitization in medicine—for the benefit of patients. On the basis of current examples from the ultra-modern Robert Bosch Hospital, expect a lively discussion on one of the hottest topics of our times: “Security in Healthcare”.