Cybersecurity Identity Summit Ottawa 2024: what to remember

The Cybersecurity Identity Summit (CIS) is a two-day thematic exhibition that took place in Ottawa, Canada, from April 30 to May 1, 2024. The summit reunited industry experts and professionals in cybersecurity from all around the world. They discussed the major challenges in cybersecurity and digital identity management.

A delegation from Extia Canada had the opportunity to access this summit on the opening day and took part in the conferences. They exchanged with the other companies, which confirmed the high tendency of this sector.

Opening speech of the CIS

Todd McCarthy, Ontario's Minister of Public and Business Services Delivery, opened the summit by affirming his desire to position Ontario as a world leader in trusted artificial intelligence (AI). According to him, the responsible use of AI is at the heart of his department’s concerns, with the aim of improving the service provided to citizens and residents. For that purpose, at the end of 2023, the Ontario government established a working group made up of AI experts. The process led to the development of the Ontario Trustworthy AI Framework, which aims to ensure that the use of these technologies complies with the province's considerations and moral values.

Generative AI at the centre of discussions

No wonder generative AI was the main topic discussed at the conferences. According to Gartner, 35% of companies will be using generative AI by 2025. 98% of professionals in the security sector would agree that AI will be the perfect assistant to combat digital identity breaches.

Generative AI offers double edged opportunities for cybersecurity. For example, it can streamline incident response within SOC’s (Security Operations Centers, the analysts working at the SOC have two main functions: they analyse and protect the network of the company) by synthesising a complex situation from logs or internal databases. In engineering, it has many purposes, such as speeding up the design, rework, and development cycle, which can help with quality and safety checks. Moreover, AI can create “programmed attack scenarios” that are going to serve as a perfect training tool.

On the other hand, cyberattackers gain a malicious arsenal, a simplified process of creating deep fakes, and an automated process for social engineering attacks due to the vulnerable breaches in the training phase. As a human being, AI is not spared from having hallucinations and biases. Recently, several publications of the Canadian Centre for Cyber Security and the ANSSI (French Cybersecurity Agency) have been published and shared by official government structures; they seem very much concerned by these new threats.

Usually, the vast majority of players in the cybersecurity sector are keen to integrate generative AI technologies. Following the example of the companies present at the show, such as Cyberak, Okta, OwlEye, or SentinelOne. A considerable amount of companies indirectly use AI in their products, but they are not yet incorporating it into their standards. Barely any of them offered a demo on their stand, which leaves us sceptical about the supposed announcement of adopting generative AI.“Slowly but surely”- that’s the mood reflected in the adoption of it. They are still very concerned about “control of risk” management.

Digital Identity: a major stake

Digital identity was one of the main topics discussed, a major stake for Canadian public services and companies (for financial and insurance institutions). For instance, the authentication system in more than 160 public agencies is federated by the technology of Shared Services Canada, an agency that distributes digital services to Canadian governmental structures - similar to DINUM (La direction interministérielle du Numérique - The Interministerial Digital Department) in France (example: the site FranceConnect). Partly as a result of the vast volume of information that needs to be exploited. However, creating a global and centralised digital identity for citizens remains a project.

Paul N. Wagner, Director of the Canadian Digital Service (CDS), highlights the lack of standards for establishing a common Canadian digital identity for the provinces (Quebec, for example, created his own service). He goes on to underline the importance of this technology in the fight against fake news and deep fakes, Finally, he mentions quantum as an important issue and notes that “a national quantum strategy” was published in January 2023. "For now, the data is encrypted", quotes the director of CDS. He points out the vulnerability of current techniques in a post-quantum world. For him, one of the strategic challenges is to keep intellectual property in Canada.

The technical director of the Shared Services of Canada (SSC) mentioned the concept of Zero Trust access. According to Matt Davies, the working prerequisite for this project resides in establishing governance. Zero trust, continual monitoring, and privileged access management will be the priorities for the SSC over the next 3 years.

Ontario's public sector players will be supported by a wide range of private companies (most of them are from the United States). They will also count on their Cybersecurity Centre of Excellence, an organisation dedicated to training and raising awareness around cybersecurity for governmental stakeholders.

Conclusion

Innovation and challenges highlighted at the CIS confirmed the tendency in the ecosystem for generative AI. Meanwhile, it emphasised the growing awareness among private and public stakeholders, AI is a risky playground and vigilance is very important. The management of digital identity remains an issue for Canadian institutions, the major challenges are to implement common standards and combat fraud.

With all these cyber challenges, EXTIA remains firmly committed and supportive towards our dear customers. Our qualified team of professionals is ready to answer your questions and offer you tailor-made solutions to ensure the future and safety of your business: contact@extia.fr.

This post was written by Flavien, SRE and Cloud DevOps specialist.