This document summarizes a presentation on internet and cyber security trends given in Copenhagen in 2014. It discusses how security risks have evolved from focusing on personal computers to broader issues around cloud computing and the growing "Internet of Things." The presentation notes that while cloud services may be more professionally managed, they also give users less control over their data. It predicts the IT security industry will change significantly with the rise of internet-connected devices and a possible backlash against cloud computing. Open source software will be important to solutions, and new legislation may be needed to address security issues from devices in areas like healthcare, transportation and disclosure of breaches.

1. Internet of Things
It-sikkerhed 2014
Copenhagen
5-6. February 2014

2. Agenda
1. Introduction
2. Protecting the PC
3. Cloud security
4. Internet of things
5. New security risks
6. Openness and transparency
7. Legal responses
8. Conclusions
9. Debate
Page 2
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

3. 1. Introduction
● Martin von Haller Grønbæk
• Partner, Bird & Bird
• Bird & Bird – only international law
firm in Denmark
• Leading law firm on Cyber- and
network security
• Former member of Danish IT
Security Council
• "Open source advocate"
Page 3
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

4. 2. PC as the node in the network
● PC revolution brought “power to the people”
● And to businesses and government – small
and large
● Rise of the general purpose computer
● Open for attack
● Defence of the home front
● Internet and the network effects
● PC as the attacked and tool for the attacker
Page 4
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

5. 2. The birth of the IT Security
industry
●
●
●
●
●
●
●
●
●
Critical mass market
Large number of new customers
Large losses looming
Loss of data and downtime
Inconvenience and lost productivity
(and big corporate monetary losses)
Malware
Spam
Date theft
Page 5
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

6. 2. “Thou Shall Protect Thyself”
● Self-protection
● Liability rests with the PC-user
● Hardware and software comes with no
warranties
● No legal protection
● Little market for “safe IT” among consumers
● Large market for add-on IT security software
● Large numbers of small payments makes big
profits
● Many small and large providers
Page 6
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

7. 3. New market conditions
●
●
●
●
●
●
●
●
Cloud computing!
No more local applications
Computing takes places in the cloud
Less asymmetric information
Much fewer customers
Dramatic shift in bargaining power
And technical challenges!
Goodbye, many small and large IT-security
firms
Page 7
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

8. 3. Is the cloud more “secure”?
●
●
●
●
●
●
●
Fewer amateurs and more professionals
Very specialized cloud service providers
Cloud as “the fog”
An “oligopoly” of Clouds
User has even less bargaining power
Very little control of data
Very little contractual and legal protection
Page 8
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

9. 4. Internet of Things
●
●
●
●
●
●
●
Not everything is moving into the Cloud
Moore Law
Mobile devices
Quantified self
Health, Energy, Automotive etc.
Nano
Gartner: $1.9 trillion to the global economy
by 2020
● Nest acquired for $3.2 billion in cash
Page 9
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

10. 4. The “true” Internet
●
●
●
●
●
●
●
The Internet today is asymmetric
More download, less upload
New medium for broadcasting
The Internet is decentralized by nature
Read/Write
Social media: Blogs before Facebook
Mesh or Grid computing
Page 10
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

11. 4. Towards the “real” Internet?
●
●
●
●
●
●
●
●
●
Free software vs. cloud computing
(Cloud is based on open source software)
Plug servers
Every device = a server = a node = equal
Cloud computing backlash
New computing models
Peer2Peer data and processor sharing
Mesh or Grid computing
Innovation!
Page 11
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

12. 5. Before Cloud computing
revisited
●
●
●
●
●
●
●
●
●
Computing moves from cloud to devices
Devicesn
Processing Powern
Internet enabled
Always on
AI or Autonomous
Remotely accessed and controlled
Who’s the user?
Self-protection?
Page 12
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

13. 5. Same but bigger security risks
●
●
●
●
●
●
●
●
●
Bigger threats than PC
Obvious network effects
Inconvenience and lost productivity?
Critical functions: Health, Auto etc.
No checks on AI and automatic functions
Life and death
Systemic risks
DDoS attacks
“To Big to Fail”
Page 13
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

14. 5. Unsecure today!
●
●
●
●
●
●
●
●
●
Starting point: Very unsecure
Devices are shamelessly unpatched
No standards
Little press attention
Before tipping point
But it’ll come!
Industry initiatives
AllSeen, OpenDaylight
Open Auto Alliance, Genivi
Page 14
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

15. 6. Open and transparent
●
●
●
●
●
●
●
●
●
Most devices run on open source software
“Closed” is not an option
One platform: Linux
Less diversity
Economies of scale for malware
Open access promotes discovery
Open use lower barriers of entry for fixes
Huge user advantages from open platforms
Closed options where appropriate
Page 15
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

16. 7. Legislation
●
●
●
●
●
●
●
●
●
Starting point: No legislation
Industry standards
Contractual demands
Open source security services
Industry and device specific legislation
Heath care
Transportation
Privacy
Service provider, not “technology”
Page 16
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

17. 7. Liability
●
●
●
●
●
●
●
●
●
●
Who assume the risk of loss?
Who is the better at prevention?
Consumer?
Reversed burden of proof
Strict liability
Who should liable? Vendor, producer, provider?
Don’t kill innovation!
More disclosure of insecurity and breach
Standards of “Good IoT IT security practices”
Strict liability of certain types of devises
Page 17
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

18. 7. Conclusions
● The IT security industry as we know it will change
dramatically
● Cloud computed will see a backlash
● Internet of Things will increase number of Internet
connected computers
● Old type security threats will re-emerge with a
vengeance
● Solutions will be based on open source software
● Maybe new legislation on disclosure and strict liability
for certain devices
● Invest your money in new IT security start-ups with
IoT solutions!
Page 18
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

19. 8. Questions
● And maybe some answers…
Page 19
© Bird & Bird LLP 2014
Dansk IT – IT-Sikkerhed 2014 (6 February 2014)

20. Thank You
Martin von Haller Grønbæk
Mobile: +45 40 73 19 14
Email: Martin.vonhaller@twobirds.com
Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the
Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and
of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.
twobirds.com