Cybersecurity Identity Summit 2024 in Ottawa

The Cybersecurity Identity Summit (CIS) is a two-day themed event that took place from April 30 to May 1, 2024, in Ottawa, Canada. This summit brought together industry experts and cybersecurity professionals from around the world to address major challenges in cybersecurity and digital identity management.

A delegation from the Canadian subsidiary of Extia had the opportunity to attend the first day, participating in conferences, networking with companies present, and confirming the key trends in the sector.

Opening Speech at CIS

Todd McCarthy, Ontario’s Minister of Public and Business Services, inaugurated the summit by affirming his commitment to positioning Ontario as a global leader in trustworthy artificial intelligence (AI). According to him, the responsible use of AI is a top priority for his department, with the goal of enhancing services provided to citizens and residents. To achieve this, the Ontario government established a task force of AI experts at the end of 2023. Their work led to the development of the Ontario Trustworthy AI Framework, ensuring that the use of these technologies aligns with the province’s moral considerations and values.

Generative AI at the Core of Discussions

As expected, generative AI was widely discussed in the conferences. According to Gartner, 35% of companies will use generative AI by 2025. More broadly, 98% of security professionals agree that AI will help combat identity breaches.

The many opportunities it offers for cybersecurity seem as vast as the threats it poses. For example, it could streamline incident response within SOCs by quickly synthesizing complex situations from event logs or an internal knowledge base. In engineering, it can accelerate the design, development, and redesign cycles and assist with security and quality checks. Finally, it could help organize security training by creating attack scenarios.

On the other hand, it provides new tools to cyber attackers, such as simplifying video and audio manipulation (deepfakes), automating social engineering attacks, or exposing vulnerabilities during training phases. It is also naturally prone to biases and hallucinations. Recently, several publications, such as recommendations from the Canadian Centre for Cyber Security and ANSSI, have been shared by official organizations that seem particularly vigilant about these new threats.

Generally, there is a strong interest among all cybersecurity players in integrating generative AI technologies. Among those present at the summit, many use AI in their products, but few seem to have fully integrated generative AI natively, like companies such as Cyberark, Okta, OwlEye, or SentinelOne. Almost none offered demos at their booths, leaving attendees wondering about their real integration of generative AI beyond mere announcements. The general sentiment on adopting generative AI could be summed up as “slowly but surely,” with many concerns about managing the related risks.

ARTICLE – CIS 2024 in Ottawa

Digital Identity: A Central Issue

Digital identity was also a key topic of discussion, as a challenge for both public services and Canadian companies (e.g., banks and insurance companies). For example, the authentication system of most of the 160 Canadian public agencies is federated by the technology of Shared Services Canada, an agency that provides digital services to Canadian government organizations, similar to DINUM in France (e.g., FranceConnect). This is partly due to a long administrative and technical history. However, a global digital identity for citizens remains a work in progress.

Paul N. Wagner, Director of the Canadian Digital Service (CDS), highlighted the issue of the lack of standards for establishing a common Canadian digital identity across provinces (for example, Quebec seems to have taken a different path). He emphasized the importance of this technology in combating fake news or deepfakes and maintaining control over sovereign narratives. He also mentioned quantum computing as a significant issue and reminded us that a national quantum strategy was published in January 2023. “Data is encrypted, for now,” said the CDS director, referring to the fragility of current techniques in a post-quantum world. One of the challenges is also to keep intellectual property on these strategic topics within Canada.

The concept of zero trust was discussed by the Chief Technology Officer of Shared Services Canada (SSC). According to Matt Davies, the organizational prerequisite for this set of technologies remains establishing governance. Zero trust, continuous monitoring, and privileged access management will be the top three priorities for SSC over the next three years.

Ontario’s public sector can rely on a wide range of private companies (predominantly from the United States) and their Cybersecurity Excellence Center, a public organization dedicated to training and raising awareness among government actors about cybersecurity.

In Summary

The spotlight on innovations and challenges in the sector at CIS confirmed the ecosystem’s enthusiasm for generative AI. At the same time, it highlighted the awareness of private and public actors to remain vigilant against the new risks it entails. Managing digital identity remains the major challenge for Canadian institutions, with issues like establishing common standards and combating fraud.

Bambootech remains firmly committed to supporting its clients in their cybersecurity challenges. Our team of qualified professionals is ready to assist you and provide tailored solutions to ensure the security and sustainability of your activities: contact@bambootech.ca

Previous Post

Leave a comment