Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Taking risk to the edge of acceptable
Cyber Security: A Peer-Reviewed Journal,
4
(1),
6-13
(2020)
Abstract
This paper discusses evolving technology architectures, such as cloud and edge computing, which enable the development of smart systems that interact with their environment and make human-like decisions. These are Internet of Things (IoT) devices with embedded artificial intelligence (AI) functionality. Furthermore, these are relatively quick to build due to the availability of reusable software components and high-availability processing resources. AI simulates a broad range of human specialisations, such as medical diagnosis, driving and speech recognition. The benefits of AI are transformational, but the consequences of failure can be catastrophic. New technologies introduce new threats and the need for new safeguards. The paper analyses the challenge for our industry, which is to enable the benefits of AI, while ensuring risks are maintained at an acceptable level. This can be achieved by adopting a security by design approach to new product development. This is a discipline that helps identify threats and ensures appropriate safeguards are engineered into the product from the start. The paper discusses how, if we are to safely realise the game-changing benefits of AI, security by design will have to become normal practice in product engineering.
Keywords: artificial intelligence (AI); data poisoning; edge computing; security by design; attack trees; Watson; DeepMind
The full article is available to subscribers to the journal.
Author's Biography
Steve Williamson leads the internal audit and assurance team for GlaxoSmithKline and is accountable for providing assurance to the Board over information security and data privacy enterprise risks. Steve has worked in IT for over 30 years. His background is in software engineering and for the last 16 years he has worked in information risk management within GSK. In this time, he has fulfilled different leadership roles and successfully delivered risk reduction programmes across the business, covering application security, vulnerability management and cloud security. Steve is a curious technologist and a Chartered Fellow of the British Computer Society. He is regular conference speaker and is often asked to sit on expert panels.
