 It's so wonderful to be with you all here in Davos and welcome to the audience that's joining from the live stream as well. This bait its own session is Cybersecurity Futures 2030. My name is Anne Cleveland. I'm the executive director of the UC Berkeley Center for Long-Term Cybersecurity and I'm going to start with a presentation and then it's my honor to invite Ken Jia to join me on the stage. Ken is the founder, chairman and CEO of Fortinet and will have a dialogue with all of you about the future of cybersecurity and what it means for today. So let's get started. Imagine if I were to tell you that I have a time machine and we are going to travel forward six years into the future to the start of 2030. What would we see when we get there? Would we see people hanging out in the metaverse wearing virtual reality goggles? Will we be getting supplies delivered by drone and paid for by cryptocurrency? What will the cybersecurity landscape look like in 2030? How will organizations defend themselves when AI can launch millions of new attack every second? Or what will have happened to public trust when deep fakes are so authentic and so ubiquitous that they're impossible to distinguish from the real thing? Now imagine that we get back in our time machine and we travel back to the present day. What would we start to do differently based on what we had seen in the future? This question is at the heart of what we do at the Center for Long-Term Cybersecurity at the University of California Berkeley. For the past year, we've been working with the World Economic Forum's Center for Cybersecurity to imagine the future of digital security and what that means for today. Now, unfortunately, I don't have a real-time machine, but we do have a proven approach for developing foresight and for anticipating tomorrow's cybersecurity challenges and opportunities. When people imagine the future, we have a hard time imagining anything except a simple extrapolation of the present or complete disaster. So we use scenarios, plausible narratives about how the future could evolve. Scenarios are a useful tool for strategic planning because they look at the interplay of different variables that will drive how the future could be shaped. And of course, we focus on cybersecurity, but scenarios recognize that technology doesn't exist in a vacuum. So we also look at driving forces like climate change, the political and economic environment, military conflict or cultural change, things that will create the headwinds and tailwinds that will shape the landscape for the future of cybersecurity. Now, let's climb back into that time machine and take a look at some scenarios for what 2030 might look like. Now, a quick caveat that the video that I'm about to show you was developed with AI tools off the shelf that weren't available even a couple of years ago. We did that as a way to experiment with the future in our presentation. Some of the characters in it will look a little bit fake. We think that's a feature, not a bug, but we'll let all of you be the judges. So here we go. Authorities are investigating a break in at a new semiconductor factory in Dresden, Germany. The intrusion follows a series of major cyber attacks on chip makers. Some experts are attributing the attacks to nation states amid tightening export controls on semiconductors. Still others speculate the attackers may be looking to steal trade secrets to sell on the burgeoning black market. Whoever is to blame, the attack shows the vulnerability of global supply chains and there are concerns that icing chip prices will fuel inflation again. In political news, elections around the world have been thrown into question after the discovery that software and widely used voting machines may have been compromised. While there is no proof that chip's corrupted vote counts, online disinformation campaigns have fueled confusion and threats of violence in several countries. The multilateral trustworthy election treaty of 2028 was supposed to ensure that our voting machines were secure. These election results simply cannot stand. Global stocks hit a record high again this week as major artificial intelligent companies announced record profits. Other winners on Wall Street included automakers, whose stocks surged with the announcement of new robot land factories that can produce up to 2,500 customized vehicles per day. Global leaders will meet this week to discuss the applications of new custom gene therapies that can prolong human lifespans by decades. Some are concerned that the DNA data behind the therapies could be vulnerable to misuse. While some countries have tried to set up safeguards to protect their citizens DNA data, the companies developing the therapies have shifted their operations to other regions. We'll be right back. So, of course, those scenarios show only a small sliver of the kinds of things that could happen between now and 2030. And some of the headlines might seem a bit doom and gloom. But if we get back in that time machine and travel back to the present day, the question for decision makers is, what could we be doing now to prevent the harms and amplify the upsides of the kinds of things that are depicted here? For example, how could governments and companies work together to secure supply chains for products like semiconductors, machine learning products, batteries, and other technologies that will be vital to the flourishing of our societies in the future? How can we turn a headline like this into this? What could we be doing to lead the way to improved AI safety and security? What new institutions will be needed? How can we help nations that are in earlier stages of digitalization? How can we turn a headline like this into a headline like this? These questions are at the heart of cybersecurity futures 2030. Any number of geopolitical events, technology breakthroughs, or other shocks can and will happen between now and 2030. And when they do, they'll feel like a surprise unless we're prepared with insights that are robust across scenarios. From workshops around the world, we've developed three insights that we think should be on the agenda of CEOs and government leaders as you prepare for the cybersecurity landscape of 2030. These insights are the three T's, trust, tempo, and talent. Let's start with trust. A key finding is that the future security landscape of 2030 will dependant on the ability of societies to match the speed of trust with the speed of innovation. Now, what do I mean by that? We've already seen how the spread of false information online, whether intentional or not, can undermine the fabric of our society. The online spread of myths and disinformation is now a core cybersecurity concern. Cybersecurity will be less about protecting the confidentiality of information and more about protecting its integrity and its provenance. There are major upsides for those who get the trust equation right. Governments and companies that are able to follow through on long-term cybersecurity strategies will have advantages in attracting talent in business, in seizing leadership opportunities in multilateral standard-setting processes, and in developing the capacities to thwart disinformation campaigns. The second insight concerns tempo. This is the pace and scale of digitalization, or the rate at which people go online and use digital products and services. As of today, there are approximately 5.3 billion people online. And that number is set to surge in the next five years. But we don't know how fast it will go or how it will play out differently in different regions. The pace and scale of digitalization will be as important to the landscape for security in 2030 as any capabilities of new technologies. Why? Because with that many more people and devices online, the attack surface grows exponentially. There are more devices online. There are that many more people online exposed to social engineering and other kinds of attacks. What can we do about this? We believe there is a window of opportunity in the next decade for governments to implement secure by design standards and principles, the kinds of built-in protections that are often lacking in digital products and services today. The third and last insight is about talent. People often think of cybersecurity as a niche technical subject. But cybersecurity is really about the intersections of humans and technology. In the end of the day, we are going to need humans with all different kinds of expertise to lead the way to a secure future. This will not happen on its own. The global battle for cybersecurity talent is intensifying. We need transformative investment in cybersecurity talent and training to keep this from becoming a zero-sum game. There are plenty of approaches for this. In one example, universities and colleges around the world are launching cybersecurity clinics. Students get hands-on experience defending real-world organizations in their communities from cyber attack. These are the kinds of innovative approaches that we will need if we're going to turn a headline like this into a headline like this. And training the next generation of cybersecurity talent is not as far as we need to go. We also need broad-based public education campaigns around cyber hygiene and digital literacy if we're going to thwart misinformation campaigns and garden variety cybercrime. There are major upsides for those that get this right. The internet of the future can be populated by users who are security and privacy savvy and inoculated against misinformation campaigns. So as you can see with so many dynamic variables, it's not the best approach to prepare for the future but for multiple possible futures. The next few years will be all about navigating a world in flux and expecting the unexpected. And if there's one thing we know about the future, it's that humor, resilience, and optimism will be critical. The good news is there are people all over the world rolling up their sleeves to tackle the digital security challenges of tomorrow in exactly the spirit. Please join us to create a cybersecurity future that amplifies the upside for all. Thank you. And now it is my honor to invite Ken Shia to the stage for a dialogue about his views on the future of cybersecurity and what we can do about that today. Thank you and thank you for everyone joining us today. So Ken, you are the founder, chairman, and CEO of Fortinet. And Fortinet counts about 70% of the Fortune 100 as its customers. So you know a thing or two about trust and you know a thing or two about innovation. We've talked about the three T's in this conversation so far. How do you view the future of trust and matching our ability to trust digital online products with the speed of innovation in the marketplace? Yeah, Fortinet, we started 24 years ago in 2000. Actually it's my third company in the network security space. So that's where in the last 32 years I'm more focused on the network security. I feel it's the issue we deal with today, the trust. A lot of the come from when we initially designed the internet about 50 years ago. Internet original design to connect a few university government together is all in the same trust level. So from the very beginning, the internet protocol designed to handle the same trust level just connect everything together and keep increasing the speed. That's what we're keeping using for the last 50 years. So nowadays the internet is more or different than 50 years ago. Much more people and even a lot of device connect globally with millions of application or different content. So that's where I have a, but today's internet protocol when we designed 50 years ago just cannot handle different trust level. So that's where the network security come in. So we have to deal with different content, different application, different user, even different device from different location, different country. So that's where I will use in the convergence to match your trust to solve the, by 2030, also Ghana also predict by 2030, the network security business will be larger than networking business because network security can handle much deeper level. The content application can deal different trust level compared to the today internet, which bring everything together in the same trust level. That's can solve a lot of trust issue there by network security. Thank you. And I love the three C's to go along with the three T's. So maybe we should think about the next of the T's and the C's. The next T, it's the concept of tempo or the pace and scale of digitalization. And I think that relates quite a bit to what you were just saying about different levels of trust. What is your C to go along with tempo and how do we manage the risk as the attack surface grows globally between now and the year 2030? You can see the speed you connect many people online, especially in the next five to seven years, probably more device will connect online than people, maybe 10 time more device with a 5G, 6G technology. All these kind of create a lot of a separate security risk attack surface. And in the separate security it's pretty interesting industry. It's so fragmented and also there's a southern company, but no company has more than 10% market share. And every year there's a lot of new technology, a lot of new things come up, we all have to learn. So that's where to match all these that tempo people get connected. And we do feel in the separate security industry itself the consolidation probably will be the solution to match the tempo of people connect, device connect online. Because you need to consolidate from the function level, from the device level, even from the company level to be more efficient, handle a lot of separate security risks. And the consolidation also is the basic to go to the next stage, to the automation. That's kind of quick response to all these risks by new connection and respond to all these millions application connect online every year. So we see the consolidation can match the tempo. Yeah, that's the three C I come up in the last couple days. When I see your three T. I love it, I love it. And maybe say just a little bit more about consolidation because I think someone taking the devil's advocate view would say, well, the more consolidation we see in cybersecurity, the more systemic risk we create because we have a more homogenous ecosystem. I think the consolidation will help in solving the efficient issue also lower the cost. Because if you look at today, even yesterday breakfast we talked about cybersecurity and equality there. So that's where some bigger company they have a lot of separate security budget. But if you look at SMB, only single digit like less than 10% SMB have any separate security protection. If you go to consumer level, probably even lower. So that's where we see the consolidation will be bring some efficiency can also lower the cost. Because cybersecurity industry in the last 30, 40 years has been this kind of a fragment status for a long, long time. And now it's in the last like 10 to 20 years to see some consolation going on. Especially we feel in the network protection, network security side, people don't want to have a multiple device to be in line, right? To do all this kind of security network instance. So that's where consolidation can help in make it a separate security or network security more broadly deployed and the software be more efficient and lower the cost how more people can be afforded for doing the separate security. That's really interesting. And I wanna double down on one of the points you make as we start to think about the talent equation for cybersecurity. You mentioned that small and medium sized enterprises are struggling with cybersecurity. And we know that other small organizations like nonprofits or small cities and municipalities or other small critical infrastructure providers are struggling to have the same cybersecurity services as large enterprise can afford. And part of that equation is getting the talent out there that knows how to work with those kinds of organizations. What do you think, what's your third C? And what do you think we need to do to transform the talent equation for cybersecurity? I feel we need a community to handle the separate security training. That's where we started with a center for cybersecurity. I think it's about six years ago, Fortinet leading the initiative to do the global separate security training. So in the last five, six years, we trained about two million people, over one million people certified for different level of a security expert. So that's where you need a different vendor working together. You also need a partner. You also need all the education. So we partner with about 600 university globally all for all this separate security training for free because it's really a community effort from the education, from all this academia, from all this nonprofit and then the business side and the government side all have to work in together. So bring people because separate security, a lot of new knowledge come up every year. So you need a quickly refreshed knowledge base and at the same time need to be more broadly people being trained on the separate security, how important it is. Because eventually the digital power or the digital world, they kind of depend on some of the separate security to enable a lot of new benefit, new application there. So you do need more people understand the risk and also understand how to handle all this like a different kind of a separate security issue. So that's where take the whole community walking together to bring all this training up to speed. Yeah, I completely agree with that idea of a community approach and Fortinet has certainly been a leader there. And I know that you can't do it alone. So if you could wave a magic wand, what kinds of other things would you suggest for making that transformative investment so that the whole community is participating in generating cybersecurity talent? I think the WEF, the World Economic Forum is a perfect platform to make sure the whole community really can like see how important it is to really like raise the awareness of the important separate security because that's the platform you can bring all the business leader, the government leader, the academic leader or the nonprofit all together. So that's where the whole community behind to handle all this issue because from business angle, sometimes very difficult for us to address because there's quite a different kind of community really need to be working together to handle this issue. So that's where we feel this quite important platform. So that's where also the center cybersecurity, there's a few other initiatives. So we're leading the training education side which we feel is quite important and also will be in the future. We see a lot of training need to be done to a lot of people and make sure we have a safe digital world. Well, you've all heard the call to action to be a part of this community that is investing in better cybersecurity for all. And I know we have just a few minutes left and so I'd love to invite the audience to ask questions that you have for this dialogue. Three billion that are just languages that are not traditionally online, communities that have good digital, what are the key challenges of making sure they're a part of our strategy for global cybersecurity community? Wonderful question. Do you want to take a step? Yeah, I think that's where in the next five to seven years not only there's a 1.3 billion people connect online but also maybe 10 times more device will be connected online. That's also bringing a lot of a risk and that's where a few, the convergence, when you're starting building infrastructure can handle different trust level, can also kind of deal with different application, different kind of content side and also different device user behind because right now today's networking device cannot go that deep level. So that's create a lot of issue. Just like you kind of open the door, you invite people to your home. If you know what's the background, if you know what they may do in the house, whatever, that's what feel much safer and kind of. So right now today's cybersecurity is facing the same issue. So we can only handle the same trust level connection there. Once you connect, you pretty much can do anything behind and nobody know that's where the convergence will be helping building the infrastructure can deal much deeper level in the kind of application layer and also can deal with different user, different device, different location, even different country. So that's where how network security keeping building up eventually by 2030 will be bigger business in network security than the current networking business. Great, let's take another couple of questions. Hey Ken, thanks for your leadership. So it's January 17th, 2030. Hopefully we're here in Davos six years later. We talked a lot about small businesses today, not having the funding, the resources to protect themselves. And your ideal state, how would you describe a future six years later for small businesses and what tools do you think will be available that might not be available today? Yeah, it's a very good question. If you look at today's cybersecurity, I always keep in things for like 20, 30 years. It's living more like a hundred years ago in the healthcare, in the drug industry. So in the cybersecurity, there's so many different companies that keep in promoting their product service the best. But there's a, most of the customer have a dig for a ton to evaluate, to test which product, which service better. As you can go to the healthcare industry, there's a doctor trained, certified, there's a hospital has certain certification, the same thing for finance service, the same thing for even the legal law, law is all this environment. But in cybersecurity, I think we pretty much reach the stage. You do need to make sure there's some third party, not from the business side, and also make sure they can help in the customer to test, evaluate, especially for SMB. Some bigger company, they have a technical resource to do that. That's where even for us, we are, I myself is more engineers, so I'm more willing to sell into the technical customer, which we feel we're more successful that way, because they understand which product, which service better, compared to some other company, if they are more focused on marketing sales, then eventually is the customer themselves, depending on whether or some, depending on third party, can really help them to evaluate different product service. I think that that's where the cybersecurity, there's a lot of hype there, but also you do need some additional help to helping customer, especially SMB, to identify which product, which service is better. Yeah, and I would just agree in saying, I think there's so much that the cybersecurity field can learn by overlaying lessons that have been learned in other fields, like healthcare, like climate even. So when we think about small businesses in the year 2030, I mentioned the idea of security by design. Right now, we put a lot of responsibility on small businesses for their own cybersecurity, but transferring some of that risk to larger players or people who are developing digital services and products is gonna be a big part of the equation, both for those small businesses, as well as the 1.3 billion new users or more that the other questioner had mentioned will be online by 2030. Yeah, that's what the academic side, the government side, and even sort of the insurance side can also help him do some kind of this evaluation judgment to helping the customer. Great, I would have a question. Yeah, go ahead, please, last question. Okay, many thanks for the super insightful panel. So we listened that artificial intelligence will of course help their attackers to increase their tax. Well, how do you see the benefits of Gen AI on the side of the companies to defend themselves and even maybe opportunity for the small medium enterprise to get even more hands, so to speak. This talk we can talk about for hours. So we're doing AI for more than 10 years, but there's a different area related to the security operation side that's definitely can help in efficiency, quickly responsible attack. On the other side, definitely the back, I also leverage some of that one can increase the attack automation of the sense, but also in the cybersecurity, yesterday we talked about we can also help him lower the supporting costs using Gen AI. Because that's the biggest issue today, cybersecurity cannot go to SMB or consumer because supporting costs is so high. We have to have engineer behind supporting all this kind of customer. So if AI can handle most supporting costs, I believe now security can really go to the SMB, go even go to the consumer, make the whole broad infrastructure more secure. There's also how to help him on the intelligence side. There's a lot of things, leverage AI right now and machine learning. So we see it's really a race between the good guy and bad guy who can leverage that first. Well, I'm getting the signal that we are out of time. Thank you so much for joining us and please join me in thanking Ken for his insight.