Anshuman Sharma [00:00:00]:
I’m also seeing a shift from a defensive mindset to a continuous assurance mindset where cybersecurity should be adaptable, it should be intelligent and it should have a anticipatory element to it that it can anticipate things if they do go bad.
Karissa Breen [00:00:29]:
Joining me now is Anshumin Sharma, Director Cyber Security Consulting at Verizon. And today we’re discussing a critical infrastructure approach to cyber security. So Anshumin, thanks for joining me and welcome.
Anshuman Sharma [00:00:45]:
Thank you. Thank you for having me.
Karissa Breen [00:00:47]:
Okay, so I’ve got a lot of questions. Obviously critical infrastructure, depending on where you are in the world. It’s a big topic at the moment and it’s a big topic in Australia, a big topic in the United States. But when people sort of think about critical infrastructure, what sort of comes up in their mind is, you know, utilities or transportation, but telecommunications really does underpin everything. So perhaps from your perspective, how is critical the role of telcos in maintaining national resilience?
Anshuman Sharma [00:01:15]:
Thank you for the question. And you are absolutely correct because when we talk about critical infrastructure, some of the things that immediately come to people’s mind is majorly nuclear power, transportation, which basically impacts the day to day life. But seldom people realize that the backbone to everything is actually telecommunication network. Now if I talk about specifically with regard to United States, the Department of Homeland Security and CISA, which is cybersecurity and Infrastructure Security Agency here in the United States, they have identified 16 critical sectors which have been put under the critical infrastructures category. I may not be able to remember all of them. I have tried to by inculcating how if something is not available, impacts me as a person and then as a society. So here are some of them. It starts with the chemical commercial facilities which are majorly big stadiums where there may be presence of lot many people.
Anshuman Sharma [00:02:09]:
Critical manufacturing, which can be steel, electronics, dams, which also includes water and wastewater systems. Defense industrial base, which are basically the military systems that supplies military systems to the defense side. Emergency services, which includes law enforcement or 911. The energy sector which also includes nuclear, financial services, food and agriculture. Some of the government facilities which are federal and state and local authorities. Healthcare and public health, transportation. I think I may have covered most of them. Infrastructure, technology, which is one of the most important ones.
Anshuman Sharma [00:02:46]:
And on top of that it’s the telecommunication sector. Now I will try to answer the question in few ways that how and why telecommunication is if not the most but the most critical component when it comes to the CyberSecurity ecosystem. So one is basically it act as a backbone for the entire digital operations. Whether we talk about banking or cloud computing, e commerce, any emergency services, they all rely on telecommunication network for their operations. So whether it is corporate operations, consumer services, right from mobile phone to mobile banking, to healthcare to voice, data, broadband, all required at the backbone is the network communication which basically is just provided by the telco. So any disruption can impact the downstream elements which can trigger a cascading effect on that. And that is why I always say it is a backbone. I’ll take few examples to make things more clear that why I’m referring telecommunication as backbone.
Anshuman Sharma [00:03:48]:
So if you talk about energy sector which is majorly relying on ICS and SCADA systems, example of a utility industry where grid operators can monitor systems, they have visibility, they can do a dispatch if there is any concern. And they are very well connected using telecommunication infrastructure, whether it is MPLS, 5G or LTE. Now any disruption on the telco side will result, may result in blackout, pipeline control loss dispatches may not happen on timely basis. Grid operators can lose monitoring which can result if not a catastrophic event, but definitely a considerable incident. Coming to the other critical sector which impacts us in our day and day life, it is the financial services. So whether it is payment systems, atm, wire transfer, swift systems, any failure to that will result in a financial chaos. And last but not the least, which I just want to use as an example is transportation. So whether it is air, rail or maritime, even roadways, railways are well connected with like here.
Anshuman Sharma [00:04:50]:
I’m based on New Jersey, so NJ transit, all these are all logistics system which requires telco, Whether it is for coordination or communication, booking tickets and in some aspects is the gps. So if there is a disruption on the telco network, it can cause travel delays and disruption which basically causes economic slowdown, can cause supply chain bottlenecks. So that’s one part of it why telco should be considered as most important being the backbone. The second point which I would like to mention is with regard to digital resilience in time of crisis. So when we talk about digital resilience in time of crisis, it is more to do like we all have faced COVID 19 and when we had faced COVID 19, it was immediately required that the workforce should work from home remotely. This would have not been possible if telcos were not there. If telcos were not there to provide those rapid disaster recovery or scalable Bandwidth for remote work or redundancy and resiliency, this would have not been possible. And why only COVID 19 any other crisis that happen, like wildfires happen, geopolitical tensions happen, or even including droids and more or less I think telecommunication has always tested over a period of time that they are resilient, they are reliable and because of that the communication is possible.
Anshuman Sharma [00:06:16]:
The last part I would also say, which I actually like to say is acting as a cyber sentinels or cyber guardians. The reason is the entire Internet backbone is with the telco providers. So they have a massive amount of telemetry visibility which when they have a close collaboration with the CERTs or any federal or government agencies, they can build that system to give early warnings whether it is related to any nation state campaign, or whether it is related to any phishing infrastructure or any lateral movement across the sector that can happen, or even early wartime activities. So in this hyper connected world, telcos being the backbone stitches everything together. And if something has to go bad or a telco flatters, the ripple effects are immediate and profound. And that is why I believe it is definitely one of the most critical factor and requires a mind shift that people should start thinking in that line that telcos are equally important as any other critical infrastructure.
Karissa Breen [00:07:17]:
So would you say nowadays with telco for example, something goes down? I mean we’ve seen this also in Australia, but equally if we look at consumers for a moment, just to provide example, people just are not patient. As soon as someone can’t get any cell phone reception for a little limited amount of time, people start getting angry. So you seeing that from your perspective there’s more emphasis now on critical infrastructure, meaning telcos having uptime has to be a hundred percent of the time because obviously now if people need to reach emergency services, people don’t really have landlines in their house anymore, they have mobile cell phones. So what’s now more the pressure even on that consumer lens for a moment, to ensure that telecommunications really has that an upturn.
Anshuman Sharma [00:08:04]:
So I will say that telcos are actually the nervous system of any nation. And when we talk about any critical infrastructure, I would always believe that it needs to support few things. And the most critical part is the national security part of it, the economic security and public welfare and safeguards. As you have rightly said, that people have not lot of patience, that if they lose their cellular network and specifically the newer and newer generation, that they rely on their cell network. As an individual I rely on my cell network even if I’m going from my Car I have to do a navigation. I definitely rely on my phone. If it’s not available and a productivity is lost, it causes a lot of concerns. Now in the previous question we discussed a lot on an energy crisis that can happen because of loss of telecommunication network, which is the loss of communication with ics, cada, Healthcare, for example.
Anshuman Sharma [00:08:58]:
There is a loss of record exchange that may not happen because telecommunication is not available. A person sitting in the operation theater where a doctor sitting somewhere else is performing a robotic surgery may not be possible. If the network infrastructure has to go down for a telecommunication provider service. Simple thing as a 911 service may not be available because of dead cell phone network. Or it basically happens. If an telco experience an incident which may not, I will not say catastrophic, but it is of a considerable severity. If that happens, then definitely there is a loss of productivity. Stock market can cripple, there is delayed in logistics and supply chains that can also happen.
Anshuman Sharma [00:09:39]:
One of the most critical part, which I believe is even more important to manage, is when things do go bad is the misinformation campaigns that flows. And these misinformation campaign can actually escalate this outage. It can relate to sometimes panic buying. We have seen some of the misinformation that floated during COVID 19 timeframes and there was panic buying. It can definitely have far reaching implications. Now when we say what kind of an impact it can have and how quickly it can cascade it again depends. Some consumers may feel it immediate, but there may be some other workarounds that are available for them to access the network. Because every telco getting impacted at the same time may not be the most likely situation.
Anshuman Sharma [00:10:27]:
So each household may have a different telco provider in the back end. They may be sharing some bit of an infrastructure and if it gets impacted, the communication goes down. But the profound impact that can happen is also on the corporates where if things have to go bad, the effect can be a ripple. It may for some of the industries, may be immediate for some of them. It may take certain bit of a time. Because most if not all organization do prepare for resiliency, do prepare for redundancy. And specifically those in the critical infrastructure space, they definitely take care of that. But that said and done, I believe that telcos are well prepared and they are aware of the importance and have invested heavily in layered defense and defense in depth.
Anshuman Sharma [00:11:13]:
They have also worked on segmentation so that if things have to go wrong, they will be able to contain it to a specific portion rather than everything going down. And they have also spent a lot in recovery and response. So the initial shock of a telco related incident may impact certain sectors, including users, quicker than the others. But with the resilience plan in place, the coordination with government agencies, it ensures commitment and faster response. So real challenge as for me lies in protecting not only in protecting network, but maintaining the public confidence and operational continuity. So a disruption may be fast, but the response may be even faster.
Karissa Breen [00:11:53]:
Okay, so there’s a couple of things in there that I wanted to get into which was interesting. So going back to the misinformation campaign, you mentioned panic buying, which was a big thing in Australia, apparently it was toilet paper, we have no idea why. And that got global news. So going back to misinformation, what other things often starts to permeate out there online would you say is something that isn’t accurate or aligned with the adage.
Anshuman Sharma [00:12:19]:
Apart from the panic buying, it can obviously false information that oh, the entire network has gone down, which some of the statements may not actually be real. It is social media campaigns that can work on it can also mention that it is not only the telco that has been impacted, it’s a fuel crisis happening. There are shortages of. I remember during the time of COVID 19, apart from toilet shortage, there were issues and discussions around egg shortages and baby formula misinformation. Not only from a standpoint of panic buying, but it can also from a standpoint of that it goes in a direction where it is more of a psychological issue, where there is a fear of scarcity, there is a herd behavior. It can be an information vacuum when official communication actually slow and rumors will fill up. And it can be oh, that this particular nation state actually has attacked and our entire infrastructure has crippled, which basically undermines and create issue with regard to public trust. It can create social unrest to an extent, it can disrupt economical stability as well.
Anshuman Sharma [00:13:25]:
And it can very well be specifically targeted to a specific sector where maybe food or pharma. So some of the important things that the government has to take care and the telecom infrastructure has to take care is real time monitoring of these social media. Because we are living in an information age and everything that’s been tweeted travels faster than light. And the misinformation campaigns needs to be tackled. There has to be a rapid response communication to clarify those rumors immediately. And there has to be collaborative effort not only from the government side, but also from the private sector organizations that are in the business of social media. They can suppress this false trend. They can help create more education by Telling what is happening in reality.
Anshuman Sharma [00:14:10]:
And yeah, these are some of the things which I feel can be on the side of misinformation, not only from a standpoint of panic buying, but can create a mass hysteria.
Karissa Breen [00:14:20]:
So the other thing that I want to ask you about, you said this can go very wrong for corporates. So tell me why.
Anshuman Sharma [00:14:26]:
Oh yes, like we took some of the examples, like let’s take an example of finance. Any financial or insurance vertical, they rely on connectivity. When things do go bad, for example, I have to do a bit of a transaction. I cannot do that. I go to an ATM and ATM is out of service. I cannot withdraw money. I may have to pay someone in cash. Even the point of sale system, I go shopping, I cannot transact my card because the telco network is down.
Anshuman Sharma [00:14:52]:
I cannot use an e commerce website. I have to do some swift transaction to someone in another part of the country. I cannot do that. So the entire credit card management industry or a debit card management industry or at a high level can say a payment card industry can cripple stock exchange. There are a lot of people who put money in stock exchanges. There can be a lot of panic. Something is not working for them. They don’t know what where their stocks are and they are not able to utilize their money to put in the right stocks.
Anshuman Sharma [00:15:22]:
So it can definitely again cause a lot of fear. It can definitely cause financial impact. In the beginning I mentioned that the role of any critical infrastructure is not only on the national security and public safety, but on the economic security as well. So these corporates, and I just. You take an example, there are multiple other corporates that may get impacted in a different way altogether. Like we use the example of healthcare, we use the example of transportation. So their effect can be different. But definitely there will be an profound impact.
Karissa Breen [00:15:54]:
Okay, so one of the things that’s interesting to me being a podcast journalist in this space is you said before, like social unrest, we want to be able to engender confidence into people. Now I know you’re based in the United States, but recently in Australia, very large telco had an outage there. Four people died as a result of it. Four people died because they couldn’t use their phone. I’m using this as an example. I mean we’re in 2025 and if I was in a state where I couldn’t contact emergency services and I know that whilst people care and all of these sort of things, but what really is happening to make sure it can’t happen? I mean this is a phone this isn’t something that is, oh, some high level technology like this is pretty basic sort of stuff like we’re not in the 1800s anymore. So the part that’s getting me a little bit is big corporates come out and say hey I really care about this. But then there’s an incident that happens and whilst the intention may be there, it’s still happening.
Karissa Breen [00:16:55]:
I mean I worked in a bank and security one thing we can give people money back. I can’t give someone’s life back. So I’m really curious to understand because I think this is what is eroding trust, whether it’s in Australia, usa. I think that people are losing trust because they’re seeing these sort of incidents happen right around the globe and, and there is a very high chance things like that can happen in the us. So I’m just really, I’m really curious to hear your thoughts on it. And I’m using that as an example because that was recent, this wasn’t years and years and years ago. So these things still are happening and I think people are fed up and they’re over it and I think that as a result they are really off telecommunication providers.
Anshuman Sharma [00:17:34]:
Yeah, I definitely can resonate to that because Verizon we do have our operations not only from the telecommunication side but also from the consumer consulting side of in Australia. And definitely we did hear that and obviously it was really unfortunate that people have to die because they were not able to use the emergency services when they were needed the most. Now what is happening that we are seeing that there is a shift specifically when we talk about critical infrastructure security. There is a shift for being not just trying to do a risk reduction or bringing something to an acceptable risk, but more and more to do with mission assurance. And why I use the word mission assurance is again going back to the same three things that I mentioned that it’s all about the national interest, the economic stability and public security and safety. So mission assurance that we assure that if things do go wrong it will not going to have a ripple effect and everything is not going to go down. I think most of the telcos are now prioritizing resilience over convenience. It has been in the DNA of the telcos to be resilient, to be redundant.
Anshuman Sharma [00:18:42]:
But there is lot more focus to ensure that mission assurance statements that telcos have in most of the critical infrastructure cybersecurity now is not negotiable. If we talk about any large corporates, they majorly within the CIA triads which is the confidentiality Integrity and availability. The major large focus for corporates has always been on confidentiality and integrity. But for critical infrastructure like telcos it is the availability and public safety. Now with that in mind lot many telcos now have a mindset that they will be targeted and things can go bad and they can be breached. So rather than having a mindset of what is my return on investment in the 5G spectrum or any other thing that a telco has done, the focus now is more on critical infrastructure, fail safe and the operational redundancy and to contain things as fast as possible. So there is a cultural shift and knowing that the impact of the critical infrastructure can impact human lives no more. There is a approach on how to prevent breaches, but how can we get the operations up and running if a breach is going to happen? And topmost regard to safety and security of human so lot more is being done on making sure that everything doesn’t cripple.
Anshuman Sharma [00:20:05]:
I think there are tabletop exercises being carried out. Like if you talk about large corporates it is majorly within their own teams or possibly with some of their providers. They may also engage insurance services, but with critical infrastructure providers as telco they are engaging with government agencies because they may also have a role. As we talked about mass hysteria, we talk about panic buying, we talk about misinformation, there is a lot more role from the government side of it. So having those exercises performed in collaboration with the government is being taken care and is being taken care very seriously now. So the focus is on building resiliency in the system, having network pathways to services and other technical controls that have been implemented to limit the impact which can be like if I really have to put in terms of critical infrastructure, they are really relying on air gapped access control, they are relying on multi factor authentication with biometric fallback. So they have to ensure that if one thing has undergo a technical failure it should not bring everything to its needs. So many things being done.
Anshuman Sharma [00:21:12]:
But as I mentioned the key part to the question is mission assurance and there is a shift rather just doing a risk reduction or accepting certain risk.
Karissa Breen [00:21:21]:
So I guess like this is a good precursor to maybe my next question, how quickly can things start to really go downhill? So for example we’ve just explained someone can’t call emergency services. Death could be an option, right? The other thing that I want to explore and I think and I have spoken to people on this show about how quickly things start to just spiral out of control. And in Australia our supermarkets are considered critical infrastructure. So people can’t eat, I mean I get really hangry. Right. So it’s like if I can’t purchase something and I have no food in my house, people are going to start getting real angry. Agitate, like chaos is going to start to get unleashed. So I’m keen to maybe walk through just say a high level timeline.
Karissa Breen [00:22:04]:
Telco, something’s happened, doesn’t work. How quickly are the flow on effects? What does that look like then in your eyes? Like play out a little bit of a scenario just so we can give people like this is what could happen if cyber breach were to occur. Telco gets impacted.
Anshuman Sharma [00:22:20]:
Yeah. So for a day to day perspective, if a telco has to be hit by a catastrophic or a major cyber event, it definitely will impact the cell phone network immediately where the productivity and connectivity will be lost. It may or may not impact because as I mentioned telcos do build redundancy. So satellite communication may be working, may not be working, but they also have those segregations. So immediate impact will be the end users. The second layer of impact which we can say can either go to critical infrastructure where one of them may be electric grids. So if SCADA systems have to be because they at the backbone they are relying on the telecommunication network. And if something has to go bad with the telecommunication, the electric grid may be the second in line which get impacted.
Anshuman Sharma [00:23:04]:
So loss of electricity, loss of power can be the next one. And then if we go and move on to ours, because many other corporates, they may have plans which is more to do with their own resiliency where they may shift to some manual procedures so they may start to realize the impact that goes next to ours. So for example, another critical infrastructure component that may start to see that impact is water treatment systems. So if again the network goes down, those water treatment systems which have been controlled remotely from a site may get impacted and they may take some time for the people be on site and start those manual operations. If we talk about large corporates, they again may have some backup but they will start feeling the impact in the next few hours compared to because they may move back on the manual way of operations. Like we had an incident where an airline there in the public news that because of one supply chain push that has happened onto the system, there was failure across the industry. So airline eventually resorted to doing manual ticketing. But again the problem was not only that they have to also give the routes and the information about the flight path and everything all on manual basis.
Anshuman Sharma [00:24:24]:
So they felt the impact immediately. But the really repercussion happens over a few hours and then it goes from days to week where it can start impacting normal day to day operations where it can start impacting the food industry because we do not have a mechanism for doing the communication for transportation that where is that truck which has, has that food. We already talked about the power grids, the energy sector which may be, may show immediate impact. The emergency services obviously will be impacted immediately but they may again resort to some bit of. If not telco is not possible they may resort to some manual ways of doing so. This definitely is going to have a ripple effect that goes across. Healthcare obviously is definitely key. I did take an example that if there is some remote surgery planned now is it like it’s a life and death situation or that can be postponed or is it like some medicines can be given to this person to postpone these services but in certain critical scenarios it cannot be avoided, cannot be avoided at all.
Anshuman Sharma [00:25:28]:
So from minutes to hours to days that’s how the impact goes. But some of the critical services will definitely get impacted in the first few hours. If we are talking about not a minor incident but an incident which is of a catastrophic nature which possibly bring not one but couple of telcos to its knees. So that’s how I see that various infrastructures, corporates, humans, public will get impacted. And that’s the timeline that I can draw.
Karissa Breen [00:25:54]:
Yeah, that’s interesting. So going back to water. So for example you said before they’ll be able to intersect, right? Something starts to go wrong. So what I’m picking up from what you’re saying is we as in everyday people, consumers, businesses are putting a lot of trust now into these security teams, incident responders, for example, someone isn’t watching or there’s they’re short on people. A lot of people go on vacation, something’s happened. We either you know, not having enough people to spread the risk to make sure that someone captures it. We are putting a lot of trust now into these companies to make sure they do the right thing. So for example I something lights on fire, I call emergency services.
Karissa Breen [00:26:40]:
Imagine if no one could come as a firefighter to put out a fire. Like it’s, that’s just the example, that’s the parallel I’m trying to draw to give people a bit of a visual. So what? How? Because we have to rely on other businesses, right? I mean look, if a telco goes down, I can’t call someone, I can’t do part of what I’ve got to do day to day, right? It impacts me so how does this sort of trust go between different businesses? Right. Because you can’t operate nowadays just alone and self contained. You do need to rely on other services. You mentioned before the airline. Right. Of course they have to leverage that sort of company to do certain things day to day.
Karissa Breen [00:27:17]:
Right. So we always are relying on our suppliers to do certain things. And I think that’s something that was really important that you highlighted there is how interdependent we all are nowadays and one sort of thing goes wrong, there’s a lot of impact. So I’m really keen to sort of get your thoughts on that.
Anshuman Sharma [00:27:34]:
Again, a very interesting question and I do acknowledge that reliance on one industry can cripple others as well. Now I’ll try to answer this question in a way that it is not like this has not been perceived that these kind of threats can be real and this can happen. It has happened in the past. I will not name any, but it has happened in the past. It’s just simple Google search will give the results. But I also believe that from, and I’m speaking from a telecommunication perspective, that the telecommunication are taking security and innovation both very seriously, that they have to coexist. Now if we talk about very simple things, I think and every aspect of our life, I think AI and machine learning has touched everything. We are relying it to analyze larger set of data, to automate certain tasks where we can remove the human element out of it so it may be less prone to errors.
Anshuman Sharma [00:28:28]:
The second important part is developing and relying on resiliency. I think most of the network operators, they rely on resiliency. Even large corporates itself, they are relying on different carrier altogether that they are not relying on one telco. If my network has to go down and if only impacts one telco, the entire network should not go down because I have a parallel line coming from a different telecommunication provider. So resiliency, which I think the term which is very common these days being used is the cyber resiliency and redundancy. Apart from that, there are strategies being designed with regard to diverse peering strategy that my peering points should be different. Defense in depth. Again what I’m talking about is all from a point of view that we as telcos, they do understand that they may not be able to prevent everything but there is a reliance that if things do have to go bad, everything should not come down to its knees and I need to have an alternate path for communication or some manual ways to do that thing.
Anshuman Sharma [00:29:29]:
So interdependencies in this close related ecosystem is definitely there and we definitely have a reliance to it. But I would say that the next gen connectivity, where we are moving to a mindset of secure by design and not just secure as a later fix is being done. The systems that are being developed are being developed with resiliency in mind. And I think I’ve mentioned the word resiliency a few times because that is very, very important from a telecommunication perspective. And again, when we talk to corporates and they do have these scenarios practice that if I have to lose my connectivity, what are the way arounds that I have? So with the executive breach simulations that we witness or the tabletop exercises that we witness, these are the scenarios that are do taken into consideration and they have documented and defined their alternate pathways as part of their playbooks that if things have to go south, what are my manual ways of doing things or alternate ways of doing things. So I think there is a lot more focus on that because as you rightly said, if a human life is addressed, that should be the most topmost criteria for any organization, specifically those who are working in the critical infrastructure sector.
Karissa Breen [00:30:41]:
Okay, so let’s get into the AI piece. So you mentioned that before. So if we can eliminate humans with the intent that everything runs better.
Anshuman Sharma [00:30:49]:
Right.
Karissa Breen [00:30:49]:
So if it’s like human error, sometimes a technology fails us. But you know, the people have said a lot of it’s still due to human error, whether it’s fatigue, something’s happened, whatever’s gone on. So talk to me more about this because yes, we’re still going to need human beings to oversee and govern AI, etc. But do you think this will help cure some of this problem? If we remove humans, let AI do some of the heavy lifting. What are your thoughts then on that?
Anshuman Sharma [00:31:15]:
Oh, for sure. I’m a believer that AI will coexist with humans. It is not going to replace us completely, but wherever there is a human effort required and it can be avoided because I think one of the key things that we generally use is fatigue. So if there is a fatigue that can result into an error and if we, I’ll quote the Verizon DBR report here, that 60% of the data breaches that have happened in the last year, which is part of the Verizon data breach investigation report 2025, human element has been, they’re 60% of the breaches. So that means every three out of five breaches there is a human element that is involved. Now some of the things that can AI can definitely replace or I would say can augment, not to replace it. Totally is majorly to do with proactive anomaly detection. So in order to identify that what’s going bad within the network, because human intervention definitely takes a lot of time because it’s a huge amount of data that can be analyzed, AI can definitely help us to define those patterns where an anomaly can be identified.
Anshuman Sharma [00:32:22]:
Secondly is automation of incident response. So if things do go bad, these are the few things that I can live with. If the response is automated and may not require a human intervention to oversee. To a certain extent is some of the systems that are being developed are self healing systems. So if the things do go bad with those systems, they can self heal again. It is no rocket science, but it is more to do with pattern recognition that I know that if A, B, C and D happen, this is the root cause and I can configure the system to self heal. Rather than requiring a human to interject, we are leveraging AI for acting as analyst to us with proactive incident response. So AI may not replace humans completely.
Anshuman Sharma [00:33:05]:
In fact, I am a believer of that. But it will coexist along with human beings. So at least we can bring down the error part of it to a considerable extent, if not fully remediated. And obviously earlier didn’t have that huge amount of data to train our AI system models, but now we have that, we can definitely train them to take those logical decisions. We have been talking about agentic AI now which can take decisions on its own for a defined outcome. So definitely those aspects from a human intervention can be removed where there is a probability of error, specifically where there is a fatigue or it’s a possibility that a human can make an error where largely AI may not. But again, we cannot fully eliminate human out of it because AI is still in its very early stages. It is definitely a lot of advancements, A lot of things have been done with artificial intelligence and machine learning.
Anshuman Sharma [00:34:04]:
But it’s still in its very early stages. We have seen, and I can quote because it’s a public news that there was one of the big four that released a report where AI actually has lot of citations which actually doesn’t exist. So it started hallucinating. We don’t want an AI system to start hallucinating in a critical infrastructure where it has been configured to take a critical decision. So I think at this moment it is a coexistence. We will see how AI will roll over in future, but I’m a firm believer it has to go side by side. So the tedious task, the tasks that are fatigued definitely can be taken care by AI where if not eliminate will reduce human effort to a considerable extent.
Karissa Breen [00:34:42]:
So you mentioned the words before mission assurance. So if we start with that. So now with what you’re saying, we can start to integrate more AI? Yes, coexist, not replace. Because the outcome should be, I don’t want to keep hearing about someone died because they couldn’t use a phone to get an emergency services. So the key thing for me in this space is how are companies caring about cyber security? How are they progressing? How are they improving it? So that’s the key mission. But would you say people see it that way? Because people are now getting agitated. Oh, well, my job is being displaced because of AI, but the mission is still, yes, we’re going to put you elsewhere in the business. Again, we’re not replacing you.
Karissa Breen [00:35:25]:
But if, if AI means the removal of a human being because it’s going to reduce a lot of issues like someone dying. Do you think people, as in people working in these businesses day to day see it that way or they only seeing it from. Well, now my job’s been displaced.
Anshuman Sharma [00:35:42]:
I think it’s a combination of both. But I think it’s a initial like look, whenever there is a new technology that comes in, there is always some who will adapt to it early, some who will fear it. The thing that with AI is like if I go back in time, if you talk about when Internet boom started, not all of us have the access to the Internet. When cloud computing started or when computing power started, not all of us have the access to laptops or to work machines. But when AI came into picture right from day one, we all have access to it and we all have getting overwhelmed with the amount of things that AI can do. So for the word that I use as a mission assurance, it is majorly a guaranteed performance of critical operations even when we are faced with cyber attacks. So we have to ensure that emergency services will work. There is a 911 call continuity, emergency broadcast alerts, delivery happen, communication to first responders of military or hospitals can happen.
Anshuman Sharma [00:36:40]:
There is an uptime that we can guarantee. But at this moment people are actually really getting a lot overwhelmed with AI that oh, it will take my job. Yes, the monotonous job will definitely be replaced. For example, we used to have jobs of SOC engineers who were just monitoring the alerts. I do not need that job anymore where just somebody is just looking at the screen and just qualifying and quantifying based on the classification and severity. I can have a better, faster system which can do that. Where I require a human intervention where the incident now becomes a true positive. Now once the incident actually becomes a true positive incident, that is where I require more and more human intervention.
Anshuman Sharma [00:37:22]:
So those kind of monotonous jobs will definitely be replaced by AI. But at this moment when I talk to people, when we talk to customers, there is a lot more concern with regard to AI. Is it going to take my job? Is it going to totally replace human altogether? I’ve been written seen articles that it may result in just a two day work week for everyone where humans may not be required to work. We do not know, we are not talking about the movie Terminator Skynet for sure. But the monotonous jobs, the fatigue jobs definitely get replaced. And definitely where we talk about mission assurance, it has to be a larger role play on an automated basis. Obviously has to be under the supervision of a human. Because I may not at this moment rely on a machine to taking decision on when things are related to critical infrastructure because it has learned with data, it may not have that human touch capability because we are still far off from realization of AI to go to that level.
Anshuman Sharma [00:38:23]:
When it has sentiments of its own, it can understand the sentiments. I know there are research going on in that aspect where AI have some bit of a sentiments on its own, it can understand the sentiments of you. But it is all largely based on on data. So sometimes the human element is definitely required. Specifically where it is mission assurance or mission critical operations, it is required. But again, I believe in the last that AI definitely is not going to replace human beings. But there has to be a push by each and every individual to make themselves AI aware because a person, AI is not going definitely not going to take your job. But a person who is equipped with the knowledge of how he can leverage AI to do or make his job faster will definitely going to replace the job.
Karissa Breen [00:39:09]:
So then Entryman, lastly, what would you like to leave our audience today? Any closing comments, final thoughts?
Anshuman Sharma [00:39:16]:
Yeah, the final thoughts. I believe that there is a lot that is happening with regard to telecommunication network. They are building systems with resiliency in mind. It is not just like that. They are just there to make money and not to bother about human life. I’m also seeing a cyber security shift from a defensive mindset to a continuous assurance mindset where cybersecurity should be adaptable, it should be intelligent and it should have a anticipatory element to it that it can anticipate things if they do go bad. So for example AI driven threat anticipation, not just detection security that can auto Adjust based on behavior and risk which basically continuously look out for my risk exposure and take actions on its own based on the behavior that or the pattern that it can recognize. The other part of it obviously on the mobile and the edge, like mobile phones that we are using these days are accessing sensitive data and it’s used for approvals.
Anshuman Sharma [00:40:17]:
Edge computing is being used in factories and field devices. Now we are using AI for autonomous decision making to a certain degree. So visibility is definitely a concern. But it is not only on the data point but also on the identity point. There is definitely a need for a unified policy enforcement whether we have systems on PREM or on cloud and machine to machine trust, understanding. And the last part to it is in fact yesterday we released the mobile Security index report and 85% of the organization have acknowledged that the mobile attacks are increasing. 34% fear that the increased volume of sophistication has gone high. But one thing which actually did not surprise me is the usage by the humans of AI not understanding the repercussions.
Anshuman Sharma [00:41:07]:
So people downloading some important organization data and then feeding it to AI either to summarize that data or if I have data from the past five years worth of records of my customers and really I want to know what are the key target customers for me and I’m feeding that information using my mobile device to AI where there’s information going without even regard to that. This is happening but not many organizations are now putting more and more expenditure on mobile devices. And last but not the least, cybersecurity specifically for the critical infrastructure is definitely reshaping. We are seeing the geopolitical tension going on which is definitely reshaping the cyber risk threat landscape. Cyber wars are going to be a part of global tensions. Definitely supply chain tempering. We can definitely and have seen firmware level companies getting impacted so that the adversaries can not only just do an astronauts but can also do a long term surveillance happening. I also foresee that regulatory will maintain lot more stringent controls specifically with regard to supply chain.
Anshuman Sharma [00:42:09]:
So future cybersecurity with regard to critical infrastructure or even large corporates is not going to about building bigger walls but smarter intelligent self healing ecosystem which can adapt to changing factors, which is resilient, which is trustworthy. And for the corporates and even for the critical infrastructure it can give a competitive advantage.
