Interview with Giulia Pastorella on cybersecurity [Mar/2018]
This month the GSEW team interviewed Giulia Pastorella about cybersecurity. She is the EU lead for government relations at HP.
She engages in advocacy and thought-leadership activities with the EU institutions on a range of policies. She has in particular been working with HP’s security experts on cybersecurity regulations and initiatives, both at national and EU level. The aim has been to share best practices and ensure that industry collaborates in the most efficient manner with governments around Europe to achieve the common goal of a more secure cyberspace.
In 2016, Giulia was one of 30 young honorees recognised by Forbes for the role they are playing in influencing public policy. Giulia has been with HP for two years, first as government relations lead for Northern Europe, then for UK & Italy.
She is a Public Affairs professional. She has a PhD in Political Science from the London School of Economics. Alongside her academic career, she also has experience in think tanks and journalism. She graduated from Oxford in Philosophy and Modern Languages. She also carried out an internship with the European Space Policy Institute in Vienna, as she is passionate about space policy.
Interview transcript
1. CAN YOU GIVE US A BRIEF BACKGROUND ON WHEN AND HOW YOUR INTEREST IN CYBERSECURITY WAS SPARKED?
I have always been interested in the interplay between politics and technology in the broadest sense. My PhD, for instance, looked at technocracy, or the rule of the experts, in Europe, which often claimed that an approach inspired by the principles of technology and science as applied to politics provides the best outcomes for governing societies.
From there to being interested in how tech companies play a major role in many aspects of our lives was a small step, and from there to cybersecurity an even smaller one. I started focusing on the role that policymakers can play in helping to ensure that technological developments do not come at the expense of people’s security, safety or privacy.
In my time at HP I have been very lucky to work with real tech experts as well as policymakers in the cybersecurity world: an amazing opportunity to be at the centre of the development of new policies to regulate the cyberspace and allow it to thrive in a secure manner.
2. BASED ON EXPERIENCE, WHAT ARE THE MOST DIFFICULT UPCOMING CYBERSECURITY ISSUES?
As we move towards the Internet of Things world, I think the challenge will really be to secure the billions of devices that will be suddenly connected to the internet. A growing number of these devices are deployed without applying well-established IT security best practices. Worse yet, many of them are not designed to survive modern cyber threats. This results in numerous new products reaching the market with all too manifest vulnerabilities.
A device with poor security design or poor security management can open a whole network up to an attack, giving malicious actors access to a larger attack surface than ever before.
According to a recent survey, between 2009 and 2015, the percentage of breaches involving a compromised user’s device has more than doubled, whereas attacks on servers and networks have declined.[1] The need to secure devices becomes therefore critical.
[1] Verizon, 2016 Data Breach Investigations Report, 2016
3. IN TEN YEARS FROM NOW, DO YOU THINK THE WORLD WILL BE MORE OR LESS (Cyber) SECURE?
If governments, industry and citizens take the right actions now, I would like to think that the world could be a lot more secure.
Governments should leverage their procurement power to require more cybersecurity in their purchases, thus leading the way by providing a good example. Industry should continue working in a collaborative manner to develop new cybersecurity standards and raise the bar. And citizens’ awareness and education is absolutely a fundamental underlying principle and complement to anything that government and industry do. Connected consumer goods will be so widespread that consumers will have to start playing a major role in proactively ensuring their devices are as protected as possible.
4. WHAT IS THE MOST IMPORTANT PIECE OF CYBERSECURITY ADVICE YOU WOULD GIVE TO A COMPANY OR AN INSTITUTION?
Think ‘cyber-resilience’ and not ‘cyber-protection’. Companies and institutions have to accept the fact that, whatever the level of protection or cybersecurity investments they make, the possibility of a breach is always there, given the ever-evolving cyber threat landscape. Therefore it is key to think of how to detect, respond and recover from that breach in the fastest and smoothest way possible. It’s a more nuanced approach that accepts the inevitably of data breaches but not their capacity to cause serious business disruption.