International Digital Security Forum (IDSF) Vienna 2020
From 2.–3. December 2020, the first edition of the International Digital Security Forum (IDSF) Vienna was organized as a hybrid event under the motto “Security in times of pandemics and major global events” by the AIT Austrian Institute for Technology and the Austrian Chamber of Commerce (Wirtschaftskammer Österreich – WKO).
Conference sessions were build around the following topical areas:
- Next Generation Border Management
- Advanced Biometrics for Counter Terrorism
- Cyber Crime in Times of Pandemic and Large Global Events
- Explainable AI
- Fake News – Undermining Democracy
- Next Generation Situational Awareness Systems
- Challenges and Abuse of Virtual Currencies
- Digital Resilience & Complexity
Register here for a recap of the whole conference.
Click here to download the full conference review as PDF.
Rewatch the IDSF 2020 Highlights:
The hybrid conference IDSF seeked to enhance understanding of new and impactful technologies and approaches for overcoming the challenges in the COVID-19 context which affect many aspects of life. The conference sessions were build around the following topical areas:
International travel, whether for business or pleasure, has become common place. People want to move and travel freely, but they also want to be safe and secure. Fast and secure access and border controls, short queues at our airports, land borders and sea borders for passenger checks are key to high security and comfort. Well-functioning management of external borders is essential in maintaining a fully functioning Schengen area and an efficient and humane management of migration. Border security systems to protect the state and mitigate threats to its stability and the lives and properties of its citizens have become important items on the global security agenda.
Since a couple of years, we have been facing several unforeseen events: the European migrant crises, COVID-19 pandemic and post Brexit relationship are examples of the growing challenges and call for next generation border management systems. Effective and efficient checks at authorised crossing points together with seamless surveillance in between are required (EU Schengen Catalogue 2002).
In the “Next Generation Border Management” session we discuss with experts if Europe’s borders can be both open and secure to allow for the cross-border flow of legitimate trade and commerce, and secure in the sense that the national security interests of states are protected. Furthermore, we discuss how the European Commission, national authorities, large industries and research organizations commit themselves to achieving a balance between the need to maintain security against cross-border threats and the freedom of movement for persons, goods, services and commerce.
Border guards and security systems will be the central building blocks of next generation border management in a new domestic and global security architecture. This session discusses how to support them in achieving an acceptable European border management to strengthen cross-border cooperation and border surveillance in a counterterrorism context.
Border security and management (BSM) is an essential capability for states in the fight against transnational crimes and in the identification of terrorists and foreign terrorist fighters (FTFs). Biometrics provides the means for verifying the identity of those who seek to enter, transit or depart international borders. UN Security Council Resolution 2396 (2017) requested that member states develop and implement systems to collect biometrics data to responsibly and properly identify terrorists and share these data responsibly among member states and with relevant international bodies.
While known challenges exist in the verification of biometric data and the identification of individuals, the COVID-19 pandemic created even greater obstacles for effective and safe collection of data. These challenges, for example include the requirement of individuals to wear masks often making standoff collection of data more challenging, and concerns on the safety of touch-based system for biometric data collection. There is a need to expand the capabilities of biometric data collection and associated information sharing, to explore touchless methods that support accurate and efficient collection and processing of data.
The digitalization of almost every area of our society has changed the rules of the economy and many mechanisms of our society at an impressive pace. This transformation has been enabled by modern Information and Communication Technologies (ICT) and advances in microelectronics in combination with the networking of billions of people. The digitalization and transformation process continues to gain momentum through the networking of numerous physical objects expanding the ever growing Internet of Things (IoT) as people and objects are going to be constantly connected. The not so distant future reality may be the Internet of Everything. These developments open a huge potential for creating new applications, businesses and value streams. The novel Coronavirus (COVID-19) has also led to a transformation leading many businesses to develop a “work from home” model. This transformation has placed a greater reliance of remote accessibility, collaboration, and remote presence needs.
However, the threats to our digital systems have also radically changed and intensified. As more and more of our physical environment is becoming digital and connected, this not only threatens our IT systems, but also our physical infrastructures and our personal privacy. The attack surface has grown tremendously where our home office and all of our smart gadgets become an inroad for compromise.
Cyber-attacks around the world have shown how vulnerable our society and economy have become to malicous and criminal cyber activities. Even large companies and governments as well as are struggling to cope with cyber threats. A cyberattack can destroy the trust of people in digital systems. Cybersecurity has become a core requirement for the functioning of our economy and society.
Over the course of two sessions the panelists look at the grow trends in cybercrime and the relevant approaches to reduce the risk of compromise and associated impact:
Building capability and maintaining operational readiness has been challenged by COVID-19. With so much of workforce activities going virtual including training and exercises, legitimate questions exist on how effective this type of engagement is? How do we ensure capability development in our organizations – e.g. critical infrastructure operators as well as governmental organizations? What are the best solutions – what works and doesn’t work?
Furthermore, the pandemic has dramatically changed the work practices for many. It has placed greater reliance on communications and virtual technologies. This shift has also brought the need for an evaluation of security requirements and technology solutions that are adaptive to provide organizations flexibility in these chaotic times. To what extent is this the case for current approaches and where are the gaps, if any? How do we adapt policy and governance frameworks appropriately (or at all)? How to deal with these significant changes? And how do we engage personnel on topics such as security awareness, now they are all working from home?
Artificial Intelligence (AI) is a topic that today is surrounded by much fanfare as a collection of technologies with great promise to transform many elements of business and society. Through AI we expect to solve problems with machines that previously seemed impossible. Whether it is image processing, text analysis, speech recognition, or the analysis of sensor and machine data, there are many expectations for artificial intelligence to become a miracle technology. In fact, there are even discussions that AI will be able to outstrip human intelligence in the future and that “super intelligence” may one day emerge. AI has and will continue to introduce significant changes to technology and our lives.
However, AI is not without limitations. If one takes a closer look at the topic, it quickly becomes clear that impressive results can be achieved for various problem sets, but that very fundamental problems for implementing many AI-based solutions have yet to be solved. There are five basic challenges and related issues in international research that must first be addressed and resolved: modelability, verifiability, explainability, ethics and responsibility. Only when we have found solutions to these challenges, AI can serve as an effective tool that we can use responsibly.
This the session will discuss
- What is AI
- State of the art on AI technology and explainability
- Limitations of AI systems
- Potential threat scenarios for missues of AI systems
- Key Factors to be taken into account to build useful AI systems
The spread of disinformation and misinformation poses a threat to the health and security of societies. Fake news, whether to promote fake products, false guidelines, or to build public discontent continues to challenge decision making and can lead to disastrous consequence. In times of crisis such as the current Covid-19 pandemic, the volumes of disinformation has gained a new level of significance: accusations related to the spread of the disease, conspiracy theories, innumerable false reports and unsubstantiated opinions are being shared and commented on, increasingly lending to their credibility. As a result, individuals are gradually becoming less able to distinguish between real information and misinformation. This can lead to the deliberate influencing of opinions which, in turn, threatens social order and peace and endangers democratic opinion-forming processes. Governmental organizations, media enterprises, as well as individual citizens are all faced with a new set of challenges for which no suitable answers or effective countermeasures currently exist.
Today’s technical approaches still face many challenge. Individual verification of news by experts cannot be scaled up to the extent needed to cope with the ever-growing volumes of information. Additional research is needed to develop new capabilities and processes, and new forensic tools are needed to effectively combat the uncontrolled spread of disinformation while respecting social, cultural and legal norms.
IDSF dedicates a session panel to this most relevant topic to discuss the framework conditions needed to develop new technologies that support our principles of a free, democratic Europe, and to outline ways in which these new technologies can be made available to both public authorities and individual citizens in a reasonable matter.
Developing perception and understanding of the environment and events of interest is essential in decision-making in major event management. Events like COVID-19 demonstrate the need to build, maintain, and share situation awareness of global and national events. Crisis and disaster management requires interaction and coordination of an array of stakeholders ranging from the authorities and emergency organisations to the business community, infrastructure operators, the scientific community and citizens. Likewise, in many cases cross-border cooperation may be required. Thus, research teams are working on digital ICT tools for crisis and disaster management, such as for use in the pandemic we are facing today. Research focus includes not only the planning and provision of material and equipment, but also effective information exchange and optimized data management.
In this track, the IDSF discusses how these challenges can be met to improve the response to future crisis scenarios and how to support awareness, decision making and response.
Virtual currencies (also known as cryptocurrencies) serve as a common means of payment in anonymised illegal cyber activities. The simple and widespread use of virtual currencies has become a driving factor in a wide range of cyber crimes, which continue to rise, especially in the wake of the current pandemic. These include, for example, the use of ransomware to attack critical infrastructure like hospital information systems, or sextortion, which extorts cryptocurrency payments from users based on threatened exposure of their online activities. Furthermore, there is an increasingly observable market concentration in mining pools, which is problematic from 50% upwards because it increases the potential danger of a takeover of entire blockchain systems that can then no longer be trusted. Use cases such as these are being investigated using forensic analysis tools such as GraphSense, developed at AIT.
This session examines the state of practice and new technologies for conducting forensic analysis of virtual currencies with regards to countering criminal activities.
Complex and distributed software systems form the nervous system of our modern society. As a consequence there is no resilient society without resilient software systems. Making software systems resilient is a demanding task as they are dependent on a wide range of techno-social systems and basic infrastructure (such as electricity, water, supply chains). They require skilled experts with a clear understanding what the capabilities of the respective system are supposed to be, how cascade failures can be averted and graceful degradation schemes could look like. This sounds easier than it is, but complex software systems show emergent behaviour which results from a broad range of modules within an organisation (and different responsibilities) and an increasing number of external services.
IDSF dedicates a session panel to this most relevant topic to discuss how to handle complexity and emergent properties of distributed software systems and the consequences for security and resilience of these systems.