The swift advancement of emerging technologies is paralleled by a proportional rise in their vulnerabilities. As the digital frontier advances, cyber resilience emerges as a beacon, shielding corporations and governments against multifaceted crises and escalating risk trends. Recognizing the pressing nature of these challenges, experts, academics, and future leaders convened at the Joint Conference hosted by NYU's Center for Global Affairs and the Disaster Recovery Institute (DRI) International on October 6, 2023, at New York University's Kimmel Center.
Chloe Demrovsky, NYU CGA Executive-in-Residence and President and CEO of DRI, set the tone for the event by seamlessly blending tradition with innovation. In an opening, she and her ChatGPT-powered avatar extended a digital-traditional hybrid welcome to the attendees. As the event progressed, Demrovsky delved into the transformative expectations for corporations, referencing insights from the Business Roundtable of 2019. She championed a corporate vision transcending profit, emphasizing the imperative of delivering long-term stakeholder value. She provided highlights from DRI's 2022 resilience survey indicating that cyberattacks are top of mind for corporate leaders. Additionally, she noted widespread personnel training is needed due to the fact that a staggering 95% of cyber breaches are human-induced. Pivotal to her discourse was the conceptualization of resilience as a comprehensive mindset shift, advocating for a holistic, integrative approach to resilience, reflecting the multifaceted challenges of the modern era.
Following the captivating opening, the cyber resilience event kicked off with Kelly McKinney, CBCP, Assistant Vice President of Emergency Management and Enterprise Resilience at NYU Langone Health, who opened the inaugural talk, "Emergency Management and Business Continuity in a Polycrisis World." McKinney unraveled the complexities of managing crises, highlighting the pivotal role of preparedness. He noted the inherent vulnerabilities in even the most advanced systems, stating, "It doesn't matter how smart the system is; it gets really dumb when it breaks." McKinney advocated for the essential function of emergency managers, especially in major cities like New York, portraying them as the unsung heroes who navigate a chaotic “parallel universe” with an unwavering commitment to safeguarding the most vulnerable. His presentation provided a poignant illustration of the crucial role of the emergency management teams in the most challenging moments in New York City's history since 9/11. He delved into their remarkable efforts during the COVID-19 pandemic and numerous other emergencies, shedding light on the resilience and dedication that often go unnoticed by the general public.
Subsequently, The Future Today Institute's managing director, Melanie Subin, delved into how risks change in a time of rapid technological innovation. Her top five trend areas were climate change, automation, the metaverse, artificial intelligence, and quantum computing. A dramatic map depicting water stress projections for 2040, notably in places like the Middle East, California, and Singapore, served as the main focus on climate change. Water stress has many outcomes, from biodiversity loss to supply chain interruptions in sectors like semiconductor manufacturing. Also covered was the metaverse, which Subin described as a modernized version of the internet. She stressed the opportunity for data monetization, particularly in the industrial metaverse, which presents higher growth prospects than the consumer-focused metaverse. Subin also underlined the importance of acknowledging uncertainties as a pivotal component in the equation of technological advancement, citing a 2008 Microsoft video that envisioned futuristic technologies. Her presentation revealed crucial aspects of contemporary risk, underscoring uncertainties as indispensable factors for effectively navigating our dynamic technological landscape.
The conference gained significant enrichment through two insightful presentations by Rouz Hashemi and Safi Raza. Hashemi delved into merging cyber resilience and cybersecurity to enhance response and recovery, while Raza addressed the integration of cyber resilience into the organization's core. These presentations seamlessly converged to provide a unified perspective on the synergy between cyber resilience and cybersecurity, highlighting their collaborative potential in bolstering strategies for responding to and recovering from modern cyber threats.
Hashemi, a DRI Cyber Resilience instructor and Senior Manager at Accenture, emphasized the need to rethink traditional business continuity and disaster recovery (BCDR) plans as organizations transition to cloud-based environments. He pointed out that these conventional approaches often fail to address contemporary cyber threats' complexities. His insights shed light on the disconnect between business continuity/disaster recovery (BCDR) professionals and cybersecurity experts, highlighting the importance of integrating recovery efforts with the identification phase and maintaining a comprehensive asset inventory.
On the other hand, Safi Raza, Senior Director of Cyber Security at Fusion Risk Management, reinforced that embedding cyber resilience into an organization's core is not merely a trend but a fundamental component of operational risk management. Raza stressed that an organization's survival hinges on its ability to engrain a robust cybersecurity posture into its DNA. He proposed actionable strategies, such as dynamic and engaging cybersecurity training, to nurture a resilient cybersecurity culture within the organization. One particularly noteworthy strategy he discussed was the "resilience champions initiative," which involves creating a network within the organization to propagate the message of cyber resilience and disseminate vital information.
When woven together, these two perspectives paint a comprehensive picture of cyber resilience and cybersecurity. Hashemi's insights challenge traditional norms, while Raza's strategies underscore the imperative of cultural integration. Together, they advocated for a holistic approach encompassing both technological and cultural dimensions to enhance an organization's response and recovery capabilities against today's ever-evolving cyber threats.
Following the lunch break, the spotlight shifted to a panel discussion on "Emerging Technology: Opportunities and Threats," moderated by Dr. Christopher Ankersen, NYU Clinical Professor and Interim Academic Director of the MS in Global Security, Conflict, and Cybercrime, with Melanie Stavenow, Clayton “CJ” Dixon, Chadwick Shroy, and Zhanna Malekos Smith. The four subject matter expert panelists delved into the impacts of emerging technologies such as quantum computing, AI and blockchain on critical infrastructure, transnational security, and the overarching digital landscape.
Dixon, who had a pivotal role in the conversation, stressed the indispensability of "informed voting". He highlighted the urgent need for leaders at the legislative level to be well-versed in technology and a forward-looking approach to tackle the multifaceted challenges these technologies pose.
Shroy conveyed a thought-provoking perspective on the democratization of these cutting-edge tools. As AI and related technologies become more mainstream and accessible, the implications extend beyond just opportunities and introduce many vulnerabilities. This proliferation, especially concerning national security, underlines the importance of developing robust international standards. Notably, as we venture deeper into the metaverse, AI, and quantum computing, the need for such standards becomes increasingly evident.
A notable interaction during the discussion was sparked by an audience member's inquiry about third-party solutions, drawing parallels to how software like McAfee addresses conventional malware. The question posed was: As AI becomes ubiquitous, is there a possibility of developing a universal solution to protect users from its vulnerabilities? This intricate and timely discussion provided a comprehensive look into the dynamic and ever-evolving world of technology in today's age.
As the afternoon unfolded, participants of the collegiate conference found themselves immersed in a dynamic dialogue, weaving together insights from two divergent yet interconnected viewpoints. Jonathan Rotta, representing the Agency Incident Response Readiness at NYC Cyber Command, showcased his expertise from a localized standpoint, underscoring collaborative cyber incident countermeasures within New York City. In contrast, Nehali Anupriya, Program Management Officer at the United Nations Office for Disaster Risk Reduction (UNDRR), presented a global perspective, highlighting the imperative for a global systemic approach to address interconnected cyber risks advocated by the United Nations.
The interplay of these dual perspectives elevated the conversation and accentuated the crucial nature of harmonizing local and global efforts in navigating the complex realm of cybersecurity challenges. Rotta's observations emphasized the significance of joint action among agencies in confronting cyber menaces within New York City, drawing attention to the city's inherent vulnerabilities. Meanwhile, Anupriya shed light on the broader context of global cyber risk governance, stressing the necessity for a unified approach, even amidst geopolitical and economic complexities. This contrast in perspectives deepened the dialogue and highlighted the interconnectedness of local and global approaches within the ever-changing cybersecurity landscape.
The collegiate event wrapped up with a compelling "Resilience Across Industries" panel led by Karina de Allicon from Nike with participation from Greg Pinchbeck, AnneMarie Staley, Alexandra Shaheen, and Melody Wen. The expert panel offered an in-depth analysis of resilience strategies, and their narratives shed light on critical insights:
- Industry-specific Compliance: Banks adhere to stringent standards, while tech sectors align with global financial guidelines to bolster customer trust.
- Global Operations and Local Regulations: It is crucial to grasp country-specific regulations when operating internationally, encompassing financial, operational, and labor facets.
- Emerging Risk Factors: The need for data-driven strategies and probabilistic evaluations in addressing challenges like cyber resilience, environmental concerns, and third-party risks.
- Evolving Regulatory Oversight: With the FFIEC emphasizing "business continuity management" over"business continuity planning" in 2019, there's a push for organizations to adopt innovative methods to meet enhanced regulatory scrutiny.