 A very warm welcome to everyone, to this special on averting a cyber pandemic. This is the fourth day of the Davos virtual week. During this session, we will discuss how the COVID-19 pandemic dramatically increased the dependence of economies and societies on digital technology, increased the vulnerabilities of individuals, businesses and governments. And the goal is to examine the lessons of this pandemic and identify steps to prepare for a better, future, global response to cyber attacks. To kick off our session, we will play a brief video on a potential cyber pandemic. The COVID-19 pandemic has shaken our economies and societies to the core and shown us how vulnerable we are to biological threats. In the digital world, similar risks are being overlooked right now. A cyber attack with COVID-like characteristics would spread faster and further than any biological virus. Its reproductive rate would be around 10 times greater than what we've experienced with the coronavirus. To give you an idea, one of the fastest worms in history, the 2003 Slamar sapphire wire, doubled in size approximately every 8.5 seconds, infecting over 75,000 devices in 10 minutes and almost 11 million devices in 24 hours. Fortunately, at least until now, cyber attacks have not impacted our health the way pandemics have, but the economic damages and therefore the impact they have had on our daily lives have been equal and sometimes even greater. You see, the only way to stop the exponential propagation of a COVID-like cyber threat is to fully disconnect the millions of vulnerable devices from one another and from the internet. All of this in a matter of days. A single day without the internet would cost our economies more than 50 billion US dollars and that's before considering the economic and societal damages should these devices be linked to essential services such as transport or healthcare. As the digital realm increasingly merges with our physical world, the ripple effects of cyber attacks on our safety just keep on expanding at a faster pace than what we're preparing for. COVID-19 was known as an anticipated risk. So is the digital equivalent. Let's be better prepared for that one. The time is now. A great video tool set the stage for our discussion this afternoon. I would like to introduce our excellent panel. We have David Koh, commissioner of cybersecurity and chief executive officer, cybersecurity agency of Singapore. As a commissioner, he has the legal authority to investigate cyber threats and incidents and to ensure essential services are not disrupted in the event of a cyber attack. We have Michelle Price, chief executive officer or cyber from Australia. Or cyber was established in 2017 as part of the Australian government's industry growth centers initiative. Welcome Michelle. We have Gil Shwet, the chief executive officer, checkpoint software technologies. A cybersecurity company headquartered in Israel. Mr. Shwet is also an inventor and holder of industry patent for stateful inspection technology. And finally, we have Clara Saab, senior fellow Atlantic council, digital forensic research lab and a member of the forum's global shapers hub in Washington DC. She is dialing in from Taiwan in her previous roles. She's been a senior advisor for emerging technology at the US cybersecurity infrastructure security agency, chief technology officer at the US department of homeland securities countering foreign influence task force and US interagency countering violent extremism task force. A great panel, welcome to all of you. This public panel discussion will last for 30 minutes and will be followed by a more detailed discussion that is limited to forum members and partners. I will quickly move to the discussion now as a broad question to all of you to think about, let me first pose the query that what is cyber pandemic for you? From your own perspective, what does it mean? How similar is it to a viral pandemic? How different it is to what we've experienced over the last year? And importantly, what could we do about it if it was to emerge in our maze? Specifically, let me first turn to David. David, after observing the last year's response to the pandemic, how did that change your work and your thinking in protecting a nation, especially its critical infrastructure? What are the kind of policies do you think are required for the future? And will policies keep pace with evolution of technologies or will we always be playing catch up? Thank you, Samir and the WEF for inviting me to speak at this session of emerging cyber pandemic and for that great video. COVID-19 pandemic has accelerated digitalization dramatically. Technology has done wonders to keep us connected. This panel is a great example of that. It's also product is also aided our work and how we entertain ourselves. Additionally, during the lockdown periods, the digital space is an enabler for all sorts of activities. For instance, we see remote working, e-commerce becoming a new way of life. All of this have increased our reliance on digital infrastructure and an unprecedented scale. And it's also expanded our view on what essential services should consist of. I don't think many of us thought supermarket delivery or food delivery services were essential until we had a lockdown. The operating landscape has evolved. The digital domain and cyberspace have now become the lifeblood of our economic and social lives. The attack surface has also increased exponentially. Our policies therefore have to change in order to keep in tandem with these developments. The pandemic is an issue that plagues the physical world. But the cyber pandemic is a crisis in the digital world. I see some similarities in the approaches that we can take to manage these two types of pandemics. Well, first, in both situations, there is a need for collective responsibility. In dealing with cyber threats, different segments of the community need to work together to engender an environment of security and trust in the digital domain so that we can optimize the full potential of the digital economy and society. So, for instance, governments can contribute by putting in place national strategies and initiatives to increase the broad level of cyber hygiene for all internet users. To this end, in Singapore, we have launched a safer cyberspace master plan last year with the aim of going beyond protecting just the critical information infrastructure and provide some basic level of cybersecurity for the whole of society. Beyond governments doing their part, there's also a role for industry partners, as well as enterprise and individual end users to play. We encourage industry partners to prioritize their customers' interests. Example, to secure by design practices in the provision of digital products and services. Enterprise and individual end users also need to have basic awareness of the types of cyber risks that are out there and the measures that they need to take to better protect themselves. It's not just a technical issue. End user awareness is also essential. Second, hyperconnectivity in the digital and physical realms also pose challenges to dealing with cyber and public health pandemics, respectively. So, this requires close cooperation between various stakeholders to deal with the pandemic. In the case of cyber, the level of interdependence between organizations through the supply chains means that compromise of a single supplier will generate ripple effects. The recent SolarWinds cyber breach, for example. So, even the organization with good defenses can be vulnerable when threats come from third-party vendors. So, given the challenges of hyperconnectivity, we need to work together. And it's of course cross-boundary, international, et cetera. Third, the threat that we have to deal with in cyber and the public health pandemic is rapidly involving. So, our responses need to be agile to keep in step with the changing nature of the threat. We hear about new variants in COVID virus, similar in cyber, they're constantly evolving threats and sophisticated threat actors. So, we need to have mindset shifts. We need to engender a shift, for example, from compliance to risk assessments. If you just have a rigid compliance mindset, it won't work when the threats are evolving. Enterprise security postures need to be constantly reviewed and updated. So, one example is to move to a mindset of a zero-trust cybersecurity model. Two key principles to this, don't trust any activity in the network without verification. And secondly, we need to monitor for suspicious activities. So, in sum, averting the cyber pandemic requires collective responsibility, close cooperation between stakeholders and forward-looking mindsets. Thank you. Thank you, David. Sorry I interrupted you. Let me also quickly reach out to all who have joined us this afternoon. If you have queries, please post them on the chat box and we will bring them into the conversation. Let me go to Michelle Price and actually use David's idea of collaboration and kind of rephrase it for you. Australia recently announced the Cortech network where several countries will collaborate to build a cross-border cybersecurity ecosystem, hopefully. What benefits are you expecting this collaboration to bring and how are you managing to work across borders on sensitive technologies? Thanks, it's such a great question. Hello everyone, welcome to Down Under as you traverse the accents that we've got on this fantastic panel. This morning, this evening, wherever you happen to be and a big shout out to Vikram Sharma from Quintessence Labs who always joined us from Australia as well, a quantum encryption company that is part of Ossider's portfolio. So the Cortech network, a really big announcement that was made in this part of the world at the end of last year by the Australian government. And what it actually is, if you haven't had the chance colleagues to learn more about it, it's a network between Australia, the United States, India and Japan to focus on collaboration around research and think tanks to be able to have, I guess, an arms-length conversation from governments about some of the very sensitive issues that we're all dealing with as we try and sort of come to terms with the role of cyber security in critical technologies. But of course, the common language around what critical technologies means to us all is something that's still very rapidly evolving. And when we bring the sort of very important role of cyber as the enabler across critical technologies, not just in terms of being able to ensure trust but also increasingly to help assure availability in all of these technologies. I think where we're sort of focusing on now is the very important aspect of how we need to build different kinds of collaborations around these issues. All of us would know if we're working in the day-to-day of cyber security, which most, if not all on this session would be doing, sharing sensitive information, in particular sensitive information around the development of new technologies that we have since will become critical technologies, especially when they can provide strategic advantage, not just economic advantage. It's incredibly hard to trust not just who we're sharing that information with but how we're sharing it. So we all know those kinds of elements. And so this Quad Tech Network is really about saying we need to have some different ways of collaboration as David referred to before and that it's not just up to governments and it's not just up to the private sectors to work with each other either. Of course, we know that public-private partnerships are critical to successful collaboration in cyber security and beyond. But one of the really important aspects from a policy point of view that often gets overlooked in the sort of broader collaboration sense is that role of think tanks in particular. And I'm really pleased to see that we are having a role specifically identified for the think tanks. And I know that Clare will talk more to this as well. And I think what's really important from a collaboration point of view to the question, the second part of the question as well is this notion of trusted markets. And so what we've been looking at at off-cyber from the sort of position of being able to generate industry around cyber security and the concurrency that cyber security has across economies is this notion of trusted markets if we really do wanna take a secure by design approach not just in how we might uplift legacy systems how we might deal with the complexities of today but how we also use the blank sheet of paper that is available to us with emerging technologies as they become critical technologies to take that secure by design approach. The humans involved need to have some kind of assurance around how we do trust those technologies. And so trusted markets is something that is becoming increasingly common in discussions in Australia in this part of the world. And of course we know it's a big feature of five eyes conversations as well. But really it's not again just limited to policy it's how we implement the norms of business against the norms of policy making that help us understand how a trusted market might be something that we can use not just in a supply chain way but in a value chain way to be able to get our heads around how we can better collaborate because I would contend that of course to the points that David was making as I close my remarks, I'll throw it out there. I think we are living a cyber pandemic right now. I genuinely do believe that just because we don't see the same kinds of kinetic impacts that we've been seeing over the past 200 odd years of our lived experience around health related pandemics the massive increase that we saw of attacks happening and who they were being leveraged at over the past or aimed at over the past 12 months. In Australia is one example and I know that this is happening across most economies in the world. We've seen for the first time on maps that are getting too small and micro businesses and not just to leverage their infrastructure to be able to pass through to get to a bigger destination. Those businesses are the targets. And so when we look at that in the fabric of that context of what the video gave us at the beginning of the session I would suggest we're actually living a cyber pandemic right now. So I'd love to talk about that a bit more. Do you throw that out to be slightly controversial because not everyone believes that that's what's happening when we look at the economics of it when we look at the impacts on everyday lives I believe we are. Thanks a bit. Let me take that to Gil straight away. Gil we are in the middle of a cyber pandemic but let me ask you how did the other pandemic impact your business? How did it impact your customer's business? How did it change your threat assessments your threat landscape? And are your clients behaving differently today? First thank you everyone for this opportunity. Thank you Samir. I think that we are in I don't know if I would call it a cyber pandemic because it doesn't stop our life like the biological pandemic that we are but we're definitely under massive attack every day from multiple sources from commercial sources, from criminal sources, from other governments that are trying to poke in into our infrastructure and that's a daily situation that we are in. On one hand we are seeing that these attacks are quite successful on the other end we are fighting them and it doesn't stop the entire economy at that moment but what we know is that that can happen that can turn into a cyber pandemic like the biological pandemic that we are facing right now and I think you had an excellent movie explaining that at the beginning so I don't need to go from the principles maybe the one thing I can add to that is that the dealing with it will be very, very different. Meaning if they're dealing with biological pandemic we have human beings and we have a health system we're dealing with other types of attack we have police and we have defense forces that are human and that can react to human in a cyber pandemic where we need to talk about computers defending against other computers and we don't always have that infrastructure because we don't have the time and we don't have the people to deal with it. I mean the scope of a cyber pandemic the speed is something that human being cannot react to so I think our focus should be on building the infrastructure that will protect us in real time that we can adapt in real time we call it by the way the fifth generation of attacks most organizations and all the listeners here it's very likely that your organization is using today what we call gen three technology to protect itself that's usually not enough because we're in the middle of a gen five storm of attacks and the latest attacks that we've seen are all fifth generation very sophisticated polymorphic very hard to detect think about the coronavirus that we are seeing now but every attack is a new mutation not every few weeks there is a new mutation but every single attack is different looks different even though it's using the same similar mechanism so we are dealing with attacks that are like that and what we I think what we're building I don't want to be self-promoting but what the world still doesn't use and still doesn't have is the infrastructure to protect itself in real time so when we actually see something we can not just detect it most of the world today knows how to detect certain types of attacks but we actually prevent the attack from the zero attempt and we scale that knowledge to everyone around the world so we can effectively block attacks on and again on every scale if it's a small attack big attack on one nation on the entire world that's the infrastructure that we need and that's what we are trying to build right now you know Gil made an important observation that we are playing catch up when it comes to technologies to respond to attacks invented through technological means and I think that's an important point and I'll come to that a bit later but Clara how do you visualize a cyber pandemic unfolding are you also of the opinion that we are in the middle of one but what we have also seen is for sure an infodemic unfolding fake news, post-truth world, misinformation, synthetic data how can private sector, government and communities collaborate to respond to these multiple challenges that today we are confronting yeah first off it's such a pleasure to be here and speak with such an esteemed set of panelists I definitely want to zone in on the infopandemic which is a whole nother issue very much tied to cyber and you know I will start with you know very US perspective because that's where I'm from today more than 75% of Americans are online with more and more personal information and data uploaded per minute to the cloud the US has also had a significant supply chain problem with the COVID-19 pandemic and such most people are working from home you know I know in Asia that there's a lot more people actually going back to offices but today in the US most people even large companies are working from home using insecure networks that they share you know Wi-Fi networks they share with the rest of their family and a lot of companies especially smaller businesses are not adequately prepared I think one of the biggest similarities between the physical pandemic and the virtual one is it attacks the most vulnerable groups in any society you see seniors the most vulnerable being most susceptible to fake news online clicking on clickbait content and often falling for scams that create huge vulnerabilities in the IoT systems the same goes for their vulnerabilities to the COVID pandemic and so I think we have to think about you know vulnerable groups in similar ways as well but to touch upon what others have already said supply chain is really the core I think of 2021 and this year it's really how do we think about the cyber pandemic in a supply chain lens and when we think about supply chain the one thing that I don't think other panelists have covered is really the talent gap so I'm a disinformation researcher and I actually joined U.S. government through a program at the White House that brings top entrepreneurs and technologists to do a term of the service and I have a lot of friends in Silicon Valley today only 3% of federal tech workers in the U.S. are under the age of 30 with around 50% of the federal workforce actually going into retirement soon and in 2019 I worked with the first director of the Cybersecurity Infrastructure Agency Chris Krebs the stand of the agency where we saw a huge gap in talent that was there to have a workforce that was ready and without a talent pool ready it's very impossible to resolve any kind of major cyber issue and it was very shocking to me going into U.S. government to see the amount of vulnerabilities the lack of training the lack of ability for a lot of federal workers to really understand how to use IT in a safe and secure way and we are as strong as our weakest link right so private public partnership is so important and more important now than ever especially thinking about how do we do that for federal workers and that expense to every single country where a lot of the federal workforce is seniors and older populations that are using the same IT systems that we are the same expense to businesses today that have never been online that are most hurt they're small businesses that are trying to do food delivery online and they're trying to use IT systems for the first time and they are also especially vulnerable to expand upon the content at infodemic side you know it's propelled the pandemic significantly you can imagine COVID misinformation and figuring out whether you should or should not wear masks and this information spreading about conspiracy theories around mask wearing those are those are examples of where it can actually exaggerate a physical pandemic what's been really interesting to actually watch the last few years is around this topic of the infodemic there's a new breed of there's a new breed of career technologists coming out called open source researchers they've been around for a long time but you know we've seen a lot of these open source researchers especially in think tanks and in places like the digital forensic research lab being able to identify different kinds of info campaigns that state back actors are acting upon and playing a critical role working with major cybersecurity companies major social media companies and also working with governments and I think seeing that explosion of so many great people that want to play a role and really ensuring the cyber hygiene of the internet is so wonderful and heartwarming for me one of the things that was also especially challenging in the U.S. was you know one one sub example is really around election security which I think paints a lot of picture about a cyber pandemic we think where you not only had something that you know we now deem a critical infrastructure announced but you had you had some vulnerabilities around physical security and disinformation around whether physical systems were secure in 2015 you know the Ukraine power grid was hacked and imagine you know the kinds of supply chain consequences that happened and that's something that happened in 2018-2020 was a lot of people online having distrust in physical systems even if it was secure that that info pandemic that disinformation has had huge impact in the ability of everyday people to trust a system that is secure and I think this is going to be the biggest challenge ahead is is really thinking about how to how to resolve that thank you Clara I'm going to ask a question to all of you to wrap up this public session if someone has a question to ask from the viewers please do type it and I'll try to bring it in but my question to all of you I felt that there was a degree of optimism on on the world being able to respond to a cyber pandemic if you want to take a lesson from the last one year we sucked we did very badly in responding to the greatest challenge we have faced we did not work together we could not get the governments to move in time we could not share information we could not collaborate and share resources how are you going to work in a live situation what could be the new ideas of responding to a faster moving challenge that the cyber pandemic is likely to be I'm going to give you all 30 seconds starting with David David 30 seconds I think that's a great question I I well it's half full half empty I'll share the experience that we have 30 seconds only 20 seconds right so in ASEAN we have managed to get the association of Southeast Asian nations 10 countries different degrees of economic development to work together so recently at the ASEAN digital ministers meeting they've agreed that cyber is a key enabler for the digital future and we have agreed to set up a cert ASEAN cert information sharing mechanism so this is a small step but it just shows you that even countries as disparate as the 10 countries in the association of Southeast Asians can come together recognize that this is a common threat and work together I think that's what Michelle I think private partnership it just has to be part of the solution here and building off what David just said I think that we also need to remember that there is a huge amount of talent to use Clara's where they're sitting in small businesses they are so close to the coalface on all of these issues we need to be listening to them a lot more and we have the mechanisms to be able to do that and I'm hopeful that as part of the kinds of forums that David just described and the quad tech network and beyond we've got a lot of this knowledge infrastructure now to be able to leverage those voices as well Michelle quick question to you do you believe citizens trust enterprises enough to have the to create the framework for the response you're suggesting I think citizens are going to be increasingly citizens of the world are going to be increasingly moving with their fingers not with their feet so much anymore thanks to the pandemic I don't think that necessarily trust is being viewed in the same way that it was once upon a time and I think we need to really examine what our definitions are around these things and have an open conversation about what trust really truly means in a digital world because we keep assigning the same definitions from the 1960s the 1970s the 1980s to the current world that we're in it's so different so I do think that there is a trust in the ways in which technology are being applied there's just probably not enough trust in the way that they're being developed and the way that governments withhold information around how technology is developed and then of course the regulatory process is also something that undermines citizen trust but I think because there is a lot of use in the application of technology and we need to leverage that and leverage the psychology behind your short answer is that we don't know yet deal we don't know yet no but I think that there is enough of a grand swell deal, 20 seconds to you I think first the good news is over the last year our dependence on the internet on cyber was huge and the internet and cyber we stood back and we've seen amazing attacks we've seen huge attacks and we survived are we ready for the future? not quite yet I think we can do much better I think we need to build much faster infrastructure I think it's not just about collaboration between organization and there is good collaboration I mean we cooperate with other countries we cooperate with other companies we cooperate with our competitors this forum of the world economic forum the cyber forum is active throughout the year and is so I think the answer is that we need to do much more and we should be proud of what we've achieved last year because the world moved to the internet and the internet survived the internet