HP Innovation Journal Special Edition: Security | Page 9

Looking Ahead: HP’s Approach to Security Research If personal devices and 2D printers are the dominant end- point devices today, it won’t be long before they are joined by technologies that further fuse our physical and digital worlds, like 3D printing, augmented reality, and sensors that monitor everything from the weather to health data and traffic patterns. As devices sense, actuate, collect data from, and work to change or configure the physical world, the security of endpoints and their ecosystems will only become more critical to any organization’s cybersecurity. The threat landscape will get worse. Nation states and criminal organizations with huge resources are creating increasingly sophisticated attacks, and the efficiencies of the internet and the underground econ- omy means this sophistication is very quickly available to a larger set of attackers with diverse motivations—it is clearly a case of when—not if—you will be attacked. In the future, cyber events could compromise millions, or even billions of cyber-physical devices at once, whether to manipulate their behavior or even disable them altogether. As we consider this in the context of digital manufacturing where products are manufactured on the 3D printer nearest the end customer, in the context of computing for personalized healthcare, or more broadly in the context of artificial intelli- gence and machine learning being built into devices to support autonomous behaviors, we believe that security innovation will be key to address emerging threats and rise to the challenge of assuring the safety of our cyber-physical future. This is why, at HP, we are investing in long-term research in cyber-security. We are pursuing, for example, the security innovations needed to allow 3D printing tech- nology to revolutionize manufacturing. These range from cybersecurity research for our 3D printers themselves, to researching the design of secure workflow capabilities that ensure key security properties are retained in digital designs until they become physically printed objects. This will be key to ensuring that the physical and mechanical properties of a 3D-printed part can be trusted within a securely digitized distributed manufacturing ecosystem. Moreover, security will be an enabler for other cyber-physical scenarios such as collaboration in the office of the future, or personalized healthcare. We need to make interactions safe and seamless for users, and manageable for corporations and administrators. A simple example is authentication where we are working to move beyond pass- words and allow for seamless but reliable authentication user experiences, with appropriate levels of security and assurance over privacy. The trustworthiness of tomorrow’s infrastructure will critically depend on the resilience of endpoint devices to cyber attacks. After twenty years in device security research leadership we continue to pursue security innovation to help build-in further security assurances into hardware, creating devices that can help detect and isolate breaches, and recover from them, all at considerable scale, and with minimum inconvenience to the user. Critically we pursue research into improving operational security management techniques to allow our customers to maintain control over an increasingly large number of devices, data, and their interactions, at a rea- sonable cost and with the best security assurances possible. Importantly, we work hard to keep abreast of the fast-evolving threat environment. We do this in multiple ways, from engaging with other experts across academia, governments, and industry, and with HP’s own Security Advisory Board. But we also operate our own Attack and Malware Lab, an isolated environment we use to investigate the state of the art in malicious software and attack capabil- ities. This allows our teams to experiment with malware in a contained environment, better understand our adversaries, and test our research approaches to detecting, mitigating, or managing infrastructure recovery from real-world attacks. At HP’s Security Lab we pursue long-term research, working closely with HP businesses to ensure we can deliver cybersecurity innovations into HP products, services, and solutions, that will truly help improve security and mini- mize the cost of operation and ease of use for individuals and corporations alike. Our work takes us beyond HP into global standards organizations and into collaborations with industrial and academic partners, as well as leading customers, with whom we must join forces to advance the cybersecurity state of the art and move our industry forward towards a safer, more resilient future. 1. 2016 Breach Level index, Gemalto  2. “Economic Impact of Cybercrime,” McAfee, February 2018 3. CSIS Cybercrime Report, June 2014  4. Forecast Analysis Information Security, Worldwide, 1Q17 Update, Gartner (Elizabeth Kim, Christian Canales, Ruggero Contu, Sid Deshpande, Lawrence Pingree), June 2017 8