Crisis 2030: Are we ready? Dr Hoda Alkhzaimi

In this interview, we hear from Dr Hoda Alkhzaimi, Director of the Center of Cyber Security at New York University Abu Dhabi and President of Emirates Digital Association for Women as she reflects on "Crisis 2030: Are We Ready?" She discusses the Emirates Digital Association for Women, her role on the board of the Institute for Strategic Risk Management and she shares about the international standards on cyber security. She joined us for the first-ever conference looking at the emergent threats that we will be facing between now and 2030. This conference brought current and futures leaders together with world-renowned experts to highlight the complexity of global crisis in 2030.

Center for Cyber Security at NYU Abu Dhabi 

Well, I took the directorship position, I think four years ago. And prior to this, I worked in multiple R&Ds in UAE, Europe, Asia, and I came into this kind of formulation that we really need to bring in a different model of where we build research and development and the Center for Cyber Security and New York University Abu Dhabi is an interdisciplinary center of research that addresses issues of cyber security, but in a different way. We don't want to think that cyber security is a technological problem or a technological issue that should be addressed by computer scientists or engineers or people who would have a technical capacity in a specific scientific discipline, but we wanted a holistic approach to the problem. So we brought in the law practitioners, we brought in the, you know, the social scientists and economists into the equation to make sure that we do have this kind of 360 approach to the problem. And at the same time, make sure that will in the long run address the issue of making sure that cyber security is an issue to be included in the DNA of building a solution.
 

Emirates Digital Association for Women

There are some crossovers. The Emirates Digital Association for Women is the hard work for an amazing eight ladies who established this foundation, you know, around five to six years ago in UAE. The foundation is acknowledged as a not for profit association and the Ministry of Social Development in UAE, which is a great success for us. And we get partial funding from there. But we get also funding from all of the bodies in UAE to address building opportunities for the community. We did not want to say that we just build opportunity for women because women is always about a community, and our members, our member body wants always to address the community, address every kind of entrepreneurial needs that we could build for women, or also research needs that we could build for women as well. We started the foundation because we noticed that there are global statistics that say women are underrepresented in the fields of STEM, and that's not the case in UAE. So we wanted our statistics that represents the Arab world or represents at least UAE to come out of our kind of community because we have been the actual experiment and we are the probability within the experiment. So that's what motivated us to start. And what keeps us going is a mission to make sure that there are opportunities that exist and silences are broken for children, for women, and for men in different fields and providing competitive opportunities for all of them to learn and grow. 

Institute for Strategic Risk Management

So the main reason I joined ISRM is the fact that we are again building a community and a community that's based on a holistic approach of addressing a problem, and not based on specific perspectives. Cyber is very dear to my heart, but it's a very dynamic and fragile kind of a discipline. Fragile because of the basis of risk that exists, the risks are too high and addressing them is too expensive. We deal with attacks that can happen in a matter of seconds, and standards that are built to address these attacks in a matter of three years. So we have a lag there in terms of providing solutions sometimes. So breaking silos to me is something that proved on and on throughout, you know, different experiments and different projects as an effective means of building a solution, building a solution faster, and delivering, you know, effective results faster. So I think ISRM is a platform that would on the long run, build a holistic approach to addressing the global risks not only cyber risks,
 

International Standards on Cyber Security 

So we had this kind of a discussion and the meeting as well. We do have information security standards, true. We do have standards around different technologies. We do have an abundance of the standards around security, you know, elements that you're building in your organisation. However, they're not accurate enough on addressing dynamic attacks. The 360 approaching again for cyber security is very, very, very, it's very difficult to put a point on because for example, I'll give you an example what we start with at cyber security is actually building a threat model, this threat model would address your vulnerabilities, would address your attacks and from these vulnerabilities and attack, you will build a risk map. And this risk map will tell you about the impact that you would have on certain organizations. And from these impacts, you would build your contingencies, affordable contingencies that you can have within this business. Can you imagine what is the case if you build, for example, autonomous technology that is addressed to the mass, but this autonomous technology that is being addressed to be used by the mass did not consider cyber security from the get go? So this model is collapsing. We have something at the moment, the autonomous car for example, do we have a risk management standard for autonomous cars? No, we don't. It's a technology that's being pushed. into the market. And we don't have that mind as well. Block chains that will be used for, for example, contracts signing and for other many other issues at the moment they're being considered on smart cities and smart cities, this means accessibility to infrastructure. Do we have risk management kind of a standard that would address the use of these kind of emerging technologies in the fields? We don't. So we really need to have an agile mechanism or a platform in building these policies and standards. If technology is leaping, you know, 300 miles an hour into the future standards and policy needs to be leaping 300 miles in the future. And people who are building these standards need to be as well the scientist, the technologist, the mathematician, and the policymaker together, so we could have this kind of holistic 360 view of it.

Find out more about our Crisis Management offerings

Disclaimer: The views, information and opinions expressed in this digital product are the authors’ own and do not necessarily reflect those shared by the Geneva Centre for Security Policy or its employees. The GCSP is not responsible for and may not always verify the accuracy of the information contained in the digital products.