Expert sees a link between connectivity and security in a post-pandemic world

In a recent Light Reading fireside chat, security expert Andy Purdy assessed the growing threat of cyberattacks and laid out how cooperation among all players can create a safer, more connected world.

March 23, 2021

5 Min Read
Expert sees a link between connectivity and security in a post-pandemic world

The Internet has become much more important during the COVID-19 pandemic – and that means not only giving more people access but also making it more secure.

In a recent Light Reading fireside chat, Andy Purdy, the chief security officer at Huawei Technologies USA, explained how closing the digital divide and closing the door to cyber-criminals go hand-in-hand. The issue has taken on more importance during the pandemic, as many unskilled workers who lost their jobs due to lockdowns need to find new career paths.

The importance of broadband as not just a nice-to-have service "is something we have to recognize," Purdy said. "And I think we have to recognize that it benefits the whole world, it benefits our countries, our communities, if we can close the digital divide for those who are under-educated, under-skilled, under-connected. We see from the pandemic that many of those were the first to lose their jobs, and many of those are the ones that are of the greatest risk of getting infected, living in closer quarters and they lack the skills to have jobs that enable them to work from home."

Easier said than done, however. Not only do people need to gain more access to broadband connectivity, but they need to acquire more sophisticated computer skills to take advantage of it, he added. As a model, he points to companies such as Google, which has launched an initiative that many companies have signed on to that allows workers to qualify for jobs based on skills certification rather than a formal academic degree.

"The idea that we have to look at citizens who make up the workforce and say ‘OK, what are the requirements to qualify for the quality jobs that exist today – what is the necessary education, what are the skills necessary to have those jobs?’" Purdy said, adding that such workers must then be given the training to acquire those skills "so they have a chance to arm themselves, to prepare themselves for a higher quality of work, for the ability -- when bad things happen -- to work from home."

At the same time, governments and the private sector also have to prioritize the business cases for new technologies, such as the use of 5G in healthcare or green energy applications for agriculture and manufacturing. That includes encouraging investment in wireline and cellular infrastructure, and for example, "trying to make sure that you don’t charge the companies so much for the spectrum that they then can’t afford to invest to actually deploy the technology," Purdy noted.

More Internet-dependent workers, networks, and systems, unfortunately, mean more threats from cyber miscreants trying to take advantage of a larger pool of potential victims. So not only do people need to be educated about safe online practices, but governments, communities and companies need to work jointly to develop better cybersecurity policies and technologies. As an example, Purdy points to the recent Solar Winds cyberattack, in which hackers installed malware code into the company’s popular Orion IT management software, allowing them penetrate an estimated 33,000 federal government agencies and companies, including Microsoft, Intel and Cisco. Investigations continue to determine the purposes, breadth, and impact of the attacks: what systems and data the attackers may have accessed and stolen and what other victims they may have been able to access from the first group of penetrated systems.

"Solar Winds was not that big a surprise, frankly, in terms of the capabilities of sophisticated, malicious cyber actors, in terms of the vulnerability of the American government and critical infrastructure and others to cyber-attacks," Purdy said. "But because of the scope of the attacks it has become a wake-up call, hopefully one that is not soon forgotten with the passage of time."

He hopes the collaboration between government and private experts engaged in the investigation will lead to more resources being deployed to protect government and private networks for rigorous enterprise and networking security standards and best practices, conformance and independent testing programs, greater transparency and much more accountability for organizations and individuals to meet new, stronger requirements. There also needs to be a renewed effort to increase the ability to attribute the source of attacks and strengthen international cyber norms and create binding codes of conduct or mutual trust agreements to hold organizations financially accountable for their failure to comply with requirements for assurance and transparency.

"We need some independent, nonprofit groups that are going to help generate and share attribution information and instances of nonconformance, so they are able to say ‘OK, Government X or Company Y or Individual Z – they did these bad things. So we can at least point that out," Purdy observed.

Along those same lines, there also need to be recognized auditing standards for cyber security and privacy protection to make it easier to assess how well the various players are adhering to cybersecurity policies.

"We all are responsible to make sure we know what we need to worry about, what we need to do about it and whether we are effectively implementing the measures that are necessary to make us safer," Purdy said.

This content is sponsored by Huawei.

Huawei Technologies Co. Ltd

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like