 Welcome to the ITU studio in Geneva where I'm very pleased to be joined by Leon Pellman who is from Columbia University And he's also part of the Distributed Leisure Technology work stream for Fiji security infrastructure and trust working group I managed to say they're all in one go. Thank you. Welcome to the studio. Thank you so much for having me now Let's talk a little bit about so the we're here basically because there's a Fiji security clinic going on perhaps You can tell us just a little bit about what's what's happening over the next couple of days I know you've been moderating a couple of sessions here Yeah, I just came out of some very good sessions. We spoke about infrastructure security around Digital financial services specifically around what's called signaling system seven Which is the DNA of all telecommunication networks around the world And a lot of the dfs Applications are done over ss7. Unfortunately, it's a legacy system Security concerns. Yeah, it wasn't really designed for financial services So it's just sort of like a bootstrapping legacy system from the 70s to a very modern day Financial paradigm so Hackers and bad actors unfortunately have cotton onto the fact that there is this it's not even a Hack it's a vulnerability. It was built ss7 was built with Zero security in mind, believe it or not in this day and age So it's more exploitation of that Vulnerability than it is a hack So what my colleagues and I Within the the Fiji working group are doing and it's actually a follow on from the dfs focus group That the itu Convened a few years ago and ended in 2017 Is working on mitigants for ss7 of vulnerability. So we secure the financial ecosystem. Otherwise, it could be Essentially building a financial ecosystem on quicksand if it's not addressed. There was there was some very good design elements have come out of That session so distributed laser technologies I mean they can help advance Financially in inclusion but at the same time there are security issues to be considered and I wanted to ask you What are the main security threats that are outlined in the report that I believe has just been just come out on the fiji security infrastructure And and trust working group So it's quite a large report and in fact from various version to various version The report grows not because I authored the report not because I want to write every day But there are vulnerabilities that are Exposed if you will Every every day something suddenly and literally every day from From the the base Use cases around distributed laser technology to the end user So one of the main vulnerabilities that affects end users Just ordinary people who are using cryptocurrencies for example Is where they store their cryptocurrency So it's a cryptocurrencies are effectively a bearer instruments like cash Okay So if you if you don't have if you lose your private key, which is what you need to access it That's it's like losing losing your wallet. So what they do Is they give it to a custodian which could be in an exchange Um now the exchanges are to a large degree are very new So they don't have the legacy type of security paradigms which you Which you have in you know nasdaq or London stock exchange or the like so their security dimensions And capacities because they are some are pretty small Some of them are very low. So they've been a honeypot these exchanges For bad actors and in fact in the report we highlight just how much money has been stolen um From these exchanges and it's well over a billion dollars In a very short space of time And their lawsuits and the like and that that have emanated from that some of the exchanges Do pay back the money Some don't some have insurance So it's it's all over the show, but the the real security honeypot is on the exchanges Um, so they are Trying mitigants like taking it off line if you will They the the the the um, cryptocurrencies are kept online currently for liquidity purposes So it's called a hot wallet When it's online so you can sell quickly. Okay Uh, and then otherwise you take it offline if you will and that is called a cold wallet so there's that Mix of hot and cold and lukewarm but like the goldie clocks factor that exchanges are testing but At at at from a customer perspective the exchanges and the vulnerabilities are paramount And regulators are looking into that And does that mean that one should be keeping uh one's crypto currencies in different in these different wallets? Or I mean will it will it appear that way or is it is it something which is being handled at the back end? um well It's a it's a Cryptocurrency and a unit is very binary. So you can't necessarily split it up You if you've got lots of types of cryptocurrencies, you can you can You you can Have it over a couple of of exchanges Uh, but ultimately you need to choose where you're going to keep it you can keep it in your pocket on a USB stick if you want it, but then if you lose the USB stick You out of luck. Uh, somebody if you lose your password You also out of luck. So that's why people hand over keys. They're private keys Which is the the password to the exchanges For that purpose of thinking that it's secure when There's the statistics of thefts show Um, so a little ways to go before there's a hundred percent surety of of security So you you said it's a hundred hundred page report essentially. I mean how are people going to be able to To digest that are they going to Be be dipping in and out of it or is it is it good? Is it something which they they should take in their sincerity and and make sure that they they are uh Ophay with everything that's in in there. Well, there is a summary at the back Uh, which is there in and annexures really to distill what's in there Uh, and we made some nice graphs to to you know Pictures tells a thousand words Picture tells of hundred pages So the annexures are very useful load stars to understanding what the issues are And they're also A number of recommendations in the report, which people can and they they split into sectors So depending what sector you use the you involved in You choose that annexure to guide you in terms of dlt security In terms of this this fiji security clinic What do you hope will be some of the the outcomes of some of the the key takeaways? Let's say that people will will come away from You've got there's a hundred of the top Mines here The exchange of information is obviously going to be valuable But do you think there are going to be some some key topics that people should be really Taking well, I mean if you look at the program the itf put together splendid Program along with world bank and bis of ground the gates foundation, of course It's splendid. So we just just started as I said I just came out of moderating some sessions And the two sessions that I did moderate there people In the audience scribbling furiously And taking pictures of the of the of the screen Which is always a good sign that there is information that people valuable information That people are picking up from as you term it a kind of a brain's trust. You're right I mean there's fantastic groups of people here Superb expertise gathered and under this umbrella But I I think that Anything from ID to ss7 to dlt Security to security assurance frameworks is going to be something for everybody And finally, I just wanted to ask your your work at Columbia University. How does that feed into the the The working group and and and the the dlt work stream and in fact your your presence here at pg Oh, that's a great question. Um, so I had what's called the digital financial services observatory At Columbia University. So it was formed a few years ago and in fact Most of the work that we do there is coincident with the work that I do Yeah, at that figure. So it is it is parallel. We are building a cybersecurity risk management framework Which fits into the paradigm of the security clinic that we we year for we do a lot of blockchain work Dlt whatever you want to call it. So there's a lot of parallels a lot of synergies and so Bring the expertise that we that we gather at Columbia and bring it here and take what we pick up here and bring it back. So it's the synergies and the interactions are Are very valuable and very worthwhile and very welcome. Well, you're very welcome here in the studio Thank you very much for joining us and we wish you the very best for the next couple of days here in Geneva Thank you. It's a lovely city and it's I'm glad to be here and hopefully we'll catch up with you again So some days in the near future, of course, young people. Thank you very much indeed my pleasure. Thank you