Can Government Help Win the Cybersecurity Arms Race?
It’s no longer cliché to think of cybersecurity as an arms race. Cyber-attackers and their victims have been scrambling for a leg up over each other for ages, so governments are noticeably ramping up their levels of intervention. And rightly so.
The U.S. Defense Department is already working with executives from high-frequency trading firms and others on Wall Street, exploring how hackers might exploit market vulnerabilities, according to The Wall Street Journal on last weekend. There are even bills in Congress to help the SEC improve cybersecurity and empower hacking victims, as well as an EU data privacy regulation that goes into effect next year.
“Regulators are training their sites on policies, practices and people,” Financial Advisor stated last week, noting the SEC’s renewed focus on its own cybersecurity — and that of others. “The agency is making it increasingly clear that it expects those it regulates to up their games as well.”
Governments mandates for cybersecurity are increasingly essential as threat actors continue to change tactics. For example, a group responsible for billions of dollars in cyber-theft across the globe has recently escalated its game, making its intrusions even more difficult to detect.
The Evolving Cyber-Battlefield
More than half (58 percent) of small businesses in a survey released last week had been hacked, but most of the victims didn’t even realize it until after researchers showed them a list of cyberattack methods. And hackers have found other ways to sneak into your network — apart from your laptops and mobile devices — including the IoT sensors you use to collect massive volumes of critical useful data.
“Industrial Internet of Things (IIoT) brings many great things to the table … a plethora of functions designed to make modern plants functional and streamlined,” PACE stated last week. “However, modernizing manufacturing plant to include the IIoT also means it will become vulnerable to cyber-attack.”
Other cybercrime evolutions include skyrocketing sales of nefariously lucrative ransomware on the dark web — up more than 2,500 percent since 2016 — according to a report released last week. This out-of-the-box technology doesn’t require much software savvy, and increasingly popular cryptocurrencies such as bitcoin offer unprecedented anonymity to perpetrators.
But U.S. officials want to undercut that anonymity.
Are the Bad Guys Winning?
The FBI is trying to expose hackers, especially those of the state-sponsored and organized criminal varieties, according to Nextgov this month. And the bureau’s cyber response team isn’t messing around; the penalties it seeks for cyber-attackers include public shaming, prison sentences and even “battlefield death.”
Some of those state-sponsored actors are going after U.S. elections, the Department of Homeland Security stated last month. So researchers associated with the DEF CON hacking conference — where hackers successfully breached more than 25 pieces of election equipment this year — announced last week that cyber-community members will team up with national security leaders, academic institutions and others to seek ways of making U.S elections more secure.
“No matter the level of nation-state hacking or interference in 2016, if our enemy’s goal is to shake public confidence about the security of the vote, they may already be winning,” the DEF CON report stated.
So the government is putting its money where its mouth is, increasing cyber-spending from about $20 billion this past year to about $43 billion by 2020, according to Federal News Radio this month. But growth in cyber-defense — actions that prevent an attack — may be slowing in favor of building up cyber-resilience, an agency’s ability to continue operations during an attack.
An Act of War
Government responses to cyberattacks still haven’t gone far enough, according to a former U.S. Secretary of State and 2016 presidential candidate.
“Cyberattacks on vital information sources should be treated as an act of war,” Hillary Clinton said at Stanford University this month. “The Russians are working to turn Americans against each other … they want to fan the flames of division and weaken us.”
Clinton’s words may have taken on more significance on Tuesday, when Business Insider revealed that FBI special counsel Robert Mueller had interviewed a cybersecurity researcher regarding e-mail messages stolen from Clinton during the election. Meanwhile both major American political parties’ national committees have amped up their cybersecurity efforts, The Hill noted this month.
For example, in the two months since former Uber executive Raffi Krikorian took over IT operations for the Democratic National Committee, staffers have ditched text messages in favor of a secure messaging app, and they’ve started running cybersecurity drills. But even if they’re on more secure footing than last year, they’re still on guard.
“No security person would ever admit that they are confident or not confident,” Krikorian told The Hill. “It’s an arms race.”
Follow Derek on Twitter: @DKlobucher
More From Business Trends:
How Cybersecurity Can Get a Big Boost from Insurance Data
Why You Might Not Recognize Cybersecurity In A Few Years
Will A Digital Renaissance Save Cybersecurity? http://bit.ly/2idIKuh #SAP #SAPCloud #AI
IT Meets DT – New Forces at Work in SAP’s Core Platform
The importance of empathy – in recent years, a strong shift towards customer-centricity has occurred in all areas of business. This development has also affected IT: Today, programming lives from the ability to not only write good code but to understand customers and develop solutions that satisfy their needs and expectations. Putting the end-user in the center has become an absolute necessity.
If you are curious about how to practice empathy and want to gain a better understanding of your personal human eco-system as well as improve at your job, follow these young talents on their one-day journey with Design Thinking – a method to approach problems with a human-centered mindset. Explore:
* How does empathy fit into the coding process?
* How can you approach an IT problem with Design Thinking?
* What challenges does an SAP system administrator face in his/her daily work?
* How does your work space affect your way of thinking?
* How do DIY SAP Scenes storyboarding figures compare to the professionally produced 3D characters?
_ _ _
Welcome to Design Thinking at the SAP AppHaus Heidelberg!
Today’s story involves SAP’s Core Platform department, the developers of the SAP ABAP Platform. During the last years, members of the division have started to involve Design Thinking methods into their work, recognizing its potential. Now, an opportunity presented itself to further reinforce that development: In March 2017, the Program 100+, an initiative that aims to hire a total of 100 new men and women in the course of this year, was kicked off.
“What is absolutely unique about this moment is the fact that it is not just one team but actually several teams hiring at the same time. This is a great occasion to go through the process together and to share experiences across departments. It is an opportunity to introduce bigger changes.” – Serge Saelens, Senior Manager, PI Core Platform Application.
As part of a bigger development initiative, these fresh-minded developers were invited to attend a workshop about Design Thinking at the SAP AppHaus Heidelberg, SAP’s customer-facing Design and Co-Innovation Center.
The aim was to provide the new team members with basic Design Thinking techniques and infect them with a human-centered mindset, possibly resulting in an interest and passion for the topic that will spread throughout their respective teams and affect the future way of working.
A new force to be reckoned with in SAP’s Core Platform department.
Warming-Up to New Ideas
24 Design Thinkers to-be – some already experienced with Design Thinking but most completeley new to it – decided to sign up and attend the event with high expectations:
“I would like to be inspired for my future work and experience the unique way of working at the SAP AppHaus”
“I would like to learn how to apply these methods to my daily work”
Britta Stengl, herself a passionate Design Thinker since the D.Camp 2015 and the initiator of the workshop day, welcomed the participants and the four coaches Silke Jakobi, Masoumeh Moghaddam, Beate Riefer and Michaela Epp in the SAP AppHaus extension workshop room.
As a warm-up exercise, the group was instructed to form a line, arranging themselves according to their place of birth, with Heidelberg being on one end and the farthest place on the opposite end. This exercise did not only show the diversity of the group (Indonesia was the farthest), but also helped participants to losen up and get in touch with each other.
Next, the coaches gave insights into the history of the SAP AppHaus Heidelberg, the role of Design Thinking in SAP’s development, as well as a basic introductions on how to conduct interviews. One of the best tips: Don’t get intimidated by silence! It can be really powerful, if you just listen.
Empathy First, Coding Second
Prepared with that knowledge, it was time for the participants to hear the challenge of the day and to start working in groups of 4-5 people:
“How can we support the SAP system administrator in his/her tasks?”
As Oliver Luik and Serge Saelens, both managers in the SAP Core Platform department and attending the final presentations, explained, this task had been chosen because it is closely related to their daily work. Today, in times of cloud computing, it is, maybe more than ever, important to consider User Interface and Experience. Furthermore, the managers disclosed that the question had been purposefully phrased ambiguously in order to leave room for interpretation.
And how did the teams react to the challenge? Before they could jump to their laptops and start coding, Britta Stengl reminded them:
“Coding is not always the first thing to do in software development, as you know. If you did not know that, you do now!”
So, instead of coding, the teams started the process with developing empathy for the situation.
Each of the groups worked on an interview guide and then used a role play exercise to find answers to these questions. A board with background facts about SAP system administrators including customer interview transcripts was available for further information and to get into the right mindset.
Next, the results were synthesised through storytelling and clustering the most important insights.
Afterwards, personas, fictional characters to represent “typical” end users of the challenge, were created by each group: That was the birth of the system administrators Addi, Felix, Wolfgang and Frank. The personas helped in clearly identifying the problem to be solved. What does each persona like and dislike? What are his/her goals?
Location matters
After a quick lunch break, the workshop was interrupted for a tour through both buildings of the AppHaus Heidelberg. (Note: You can take a virtual tour here!)
Upon seeing the colorful space with the many different sitting possibilities and inscribable walls, many participants exclaimed their enthusiasm. Coming from the quiet and small offices in Walldorf, some of them even underground for maximum serenity, the contrast could not seem any bigger. As one of the participants explained:
“It is great to experience the atmosphere of the AppHaus. It is in stark contrast to our regular work environment. Our offices are great for intensive thinking but this is cool for fostering creativity”.
Britta Stengl agreed, “This is like a small vacation for us; it is a complete shift from what we are used to. Location really matters”.
What Would Addi want? The Final Presentations
Invigorated, the participants continued the afternoon with generating ideas for a solution. They used SAP Scenes to visualize the process: from problem identification to the suggested solution. Scenes is a storyboarding tool that helps visualize complex processes and can be personalized to show emotions.
The tool had already been used by the department before, mostly for developing and presenting prototypes, and has gained great popularity since. Technical development is usualy very abstract and rarely visual; Scenes helps make these complex processes visible and approachable.
Each of the four teams presented their findings in front of the whole group. From building a customer support network or a ticketing system to introducing a mentor program or using Machine Learning for learning from the experiences of others – all teams came up with solutions that showed technical know-how as well as an understanding of the customer and his/her challenges.
The audience, among them the two managers, reacted enthusiastically. Oliver Luik exclaimed, “It was one topic but we still managed to get four completely different results. That was really interesting!”
A Side Experiment: DIY or 3D Storyboarding?
Next to finding innovative solutions to a daily problem and initiating a change in mindsets, the workshop followed another small agenda: Ms. Prof. Dr. habil Sibylle Peters from the Technische Universität Berlin joined the team to accompany Britta Stengl with an experiment regarding the storyboarding tool SAP Scenes:
Which one would be more popular emong the participants: the professionally produced and laminated 3D Scenes figures from the Deluxe Set or the free-for-download figures that you can print and cut yourself?
Britta Stengl and Professor Peters decided to do the following: Let half of the participants work on the Deluxe version and have the other half express their ideas with the DIY dolls. In the end, all participants filled out a survey and elaborated on their experiences.
The End of the Day but the Start of Something New
The surveys of the SAP Scenes experiment are being analyzed at the moment. However, preliminary results suggest already that the storyboarding tools, both the DIY and the Scenes 3D figures, are well suitable for developing technological prototypes without graphical UI. Each has their own advantages: the 3D version is more suitable for powerful quick-to-assemble management presentations while the DIY version leads to more interactive and iterative process flows within the team.
Overall, the workshop can be regarded as a great success. As feedback, many particpants reported having had a lot of fun and enjoyed the interactive methods. Some voiced a wish to go into further depths in the future and cover more topics with Design Thinking.
As a follow-up to the workshop, recordings of the presentations will be shown to managers and product owners in order to determine which ideas can be added to the department’s product backlog.
“I hope today’s participants will take this enthusiasm and bring it to their teams as ambassadors. Then in the future, they can apply the new methodology, or at least some methods, to different complex matters in question.” – Britta Stengl, Quality and Process Expert, PI Core Platform ABAP Server.
If you want to book an SAP AppHaus Heidelberg tour, contact: AppHausHD@sap.com. http://bit.ly/2idICeh #SAP #SAPCloud #AI