“From classic to innovative offers – the world of finance in the digital revolution with new requirements in terms of security, care and accountability” was the motto of the 10th ISSS 2018 conference in Zurich. Information security managers, along with users, providers and risk managers, wanted to know what dramatic changes lay in store for them in the future within the financial market – cryptocurrency being the buzzword. In addition to me, eleven other experts gave talks on DLT/blockchain, FinTech and cybersecurity, etc. In this blog post, I reveal the most important future trends and insights that were presented at the event.
The annual conference took place on 14 June 2018 in the amazing conference facilities at the Widder Hotel in Zurich. The schedule was jam-packed with talks from renowned experts from various fields. This meant that the areas of focus in the field of security were very different. The conference was opened by ISSS President Umberto Annino. There then followed two keynotes and ten expert talks all about the security of DLT/blockchain, the cloud and authentication as a service.
DLT, blockchain etc. – legal issues
The opening keynote was by Nicole Beranek Zanon from De La Cruz Beranek Attorneys-at-law Ltd. She pointed out the challenges that can arise when technology and law meet. Which data is classified as personal data in DLT? Who is the controller and who is the processor according to the GDPR? Possible solutions for meeting the GDPR requirements in terms of DLT-based digital ecosystems were then discussed along with their pros and cons. The conclusion: the legal approaches cannot be modelled on pure logic. Laws are therefore – as is often the case – not black and white. The secret lies in control with standards while carefully preserving the features that are specific to the technology so that the benefits of DLT remain and can also flourish. I will be telling you all about the legal aspects of DLT and blockchain, etc. very soon in another blog post.
Developments within the FinTech sector from the Swiss Financial Market Supervisory Authority’s (FINMA’s) perspective
The second keynote was presented by Léonard Bôle, Head of FINMA’s markets division. Bôle demonstrated how FINMA applies current financial market legislation within the FinTech sector. Technological innovation brings new business models with it and, consequently, new opportunities for the financial markets. In return, there are new risks such as money laundering/KYC issues, client and creditor protection, cyber criminality, outsourcing, etc. for example. In this respect, FINMA continues to follow the strategy it devised (2017–2020) with the aim of removing the regulatory obstacles preventing competition and creating suitable framework conditions for innovative business models. The 2016/07 Circular, which enables identification procedures via digital channels, was presented as an example of FINMA’s efforts.
Blockchain basics and examples: e-francs and e-voting
In addition to being a Professor at ETH Zurich, Dr. Roger Wattenhofer is also author of the highly successful book "Distributed Ledger Technology: The Science of the Blockchain", which has even been translated into Chinese, Korean and Vietnamese. In the first part of his talk, he provided an easy-to-understand, non-technical introduction to the world of DLT and explained the various types of DLTs. In the second part, he went on to show, using examples, how DLT could affect us in the coming years. In the first example, designs were discussed for establishing a Swiss cryptocurrency. The second example depicted an e-voting system based on DLT to enable better demonstration of the benefits of this technology. In addition to reduced costs, the DLT-based system would improve the verifiability of the votes cast, ensure voter anonymity and provide other tools for elections. A new age for democracy – the so-called direct democracy!
Securing the blockchain
The presentation by Dr. Hubert Ritzdorf, CTO of Chainsecurity, revolved around the small but nice smart contracts. Small programs that do not only involve costs to execute business logic based on DLT, but are also responsible for transferring cryptocurrency. Consequently, a highly popular target for attacks. After all, wherever there is a lot of money, attackers are never far behind. Ritzdorf demonstrated what can go wrong during the programming of smart contracts and how they can help with their tools developed from years of research, how to avoid such problems and thus reduce the attack vectors via smart contracts.
Distributed Ledger Technology (DLT) – a stable framework for modern ecosystems or just a house of cards?
Although I am a fan of this technology, I was probably the most critical speaker who did not glorify DLT. On the contrary: I turned it upside down to find out whether it really lives up to its promise. Can it really be used as a stable framework for modern ecosystems? I will make the detailed answers to this question the subject of a separate blog post coming soon.
Security considerations for cloud-based technologies within organisations
Essentially, how should an organisation approach this subject? What steps are needed to achieve expansion of the existing control framework? What is meant by cloud services anyway and which services are relevant to the organisation in question? All questions that should have been answered before services in the cloud were even planned. Thomas Holderegger, Head of ISE Security at UBS Business Solutions AG presented the answers to these questions. A myth that cloud services are not secure was also questioned with some convincing arguments. After all, cloud services can actually be much more secure than proprietary creations within internal data centres. The prerequisite is that they are monitored 24/7, 365 days a year, by teams of security experts solely and exclusively responsible for security.
…Do you want to find out more about FinTech and security?
In part two of my review of ISSS 2018, I will be telling you all about other interesting talks and providing you with an overview of the exciting world of FinTech and security. You can look forward to topics such as secure authentication as a service, cybersecurity in Crypto Valley and talks about bitcoin and blockchain technology for secure data management and cybersecurity.
In the meantime, you can read more blog posts about Distributed Ledger Technology/blockchain and find out all about our services on our website. My team and I will advise you in various areas of DLT – from strategy, designing architectures and pen testing your digital ecosystems through to security operations and training within our DLT Security Academy.