By @SimonCocking great interview with Carsten Ahrens, CEO of Giesecke+Devrient Mobile Security
What is your background briefly?
I have a degree in electrical engineering and more than 25 years of experience in various management positions in national and international telecommunications and IT companies, e.g. as CTO of Funkwerk AG and as CEO of the German subsidiary of telecommunications equipment supplier Ericsson. I joined Giesecke+Devrient (G+D) in 2013 and have been appointed as CEO of its G+D Mobile Security business division earlier this year.
Does it seem like a logical background to what you do now?
My long professional history in the telecommunications industry certainly is helpful for a large part of our current business: Giesecke+Devrient has been a pioneer in SIM card technology since the 1980’s, and MNOs are an important part of our current customer base. Our other big traditional market, the banking sector, is different in many ways, but interestingly, there are increasing similarities and even interdependencies. This is even more true for our newer markets, such as the automotive industry, the OEM and Cyber Security business.
1 min pitch for what you are working on now?
We are in the middle of a transition to becoming the world leader in the management of digital identities, moving from mainly physical, hardware-driven business to the digital world with a focus on software and solutions. This is a major change not only for us but also for our customers. We are working on this transition, with all its implications on our business models, our organization and our customer relations.
— G+D (@GI_DE_com) September 13, 2017
For those unfamiliar with the work of G+D, what direction is it now looking to focus on?
The focus areas for G+D as a group are Intelligent Automation, Cyber Security and Digital Transformation. G+D Mobile Security as one of the group’s companies plays a key role here. For us at G+D Mobile Security, it is all about managing digital identities.
Today, we manage about 2.9 billion SIM cards and more than 1 billion mobile devices, and we have issued billions of payment, authentication and transit cards. Physical cards as the carrier of a digital identity will remain an important market for the foreseeable future, but they are increasingly complemented or evolve to a purely digital, embedded version such as an eSIM or a tokenized payment card in mobile payment scenarios.
SIM connectivity has been entering the automotive and production industries to enable connected car and Internet of Things/Industry 4.0 business models, and we have been part of that development from the start. Experts predict that the number of connected devices will almost double from 15 billion in 2015 to 28 billion in 2021. We believe that without a digital identity for each and every one of those connected devices it will be impossible to manage and secure the IoT.
G+D Mobile Security manages all kinds of digital identities from start to end and ensures that it is secure and protected throughout its entire life cycle.
What opportunities do you see for the management of digital identities?
We believe that the opportunities are almost endless: basically, a digital identity is the key to transparency and trust in the connected world, and trust is the hard currency of the future. When billions of people connect with untold billions of interconnected machines and devices, all of their identities, connections, transactions, data integrity and privacy must be optimally managed and protected at all times. Without trust in the legitimacy of an identity or a transaction or the protection and integrity of data, there is no sustainable business. Without a digital identity that can be tracked and securely managed from its creation to its discontinuation, there can be no transparency and therefore no trust. Many new business models rely on data analytics, but any result of such an analysis is worthless or can even be harmful, if the data it is based on is corrupt, unverifiable or has been tampered with.
— IoT Now (@IoTNow_) September 12, 2017
Will we ever achieve completely secure digital identities?
To quote Gene Spafford: “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
Having said that, we have reached a very high level of security for secure elements (to my knowledge, the SIM card has never been hacked, even the NSA had to steal encryption keys from a manufacturer – not us! – to gain illegal access to mobile communication) and we have a very good understanding of what makes a secure system. Therefore, I would say that we have achieved secure digital identities and we are constantly improving on them.
You work in a range of industries (welcome to mention some of them) such as MNOs, banks, enterprises and cars, are we / will we, see a convergence of digital solutions for each of their needs?
Convergence is a fact, we have seen it happen over the last few years. For me, the best example is Mobile World Congress: what used to be an industry event for telecommunication providers up until only ten years ago has since then been evolving to be our main event of the year where we can meet almost all our customers: telco, banking, OEM, enterprise, cyber security, automotive, most recently even production and manufacturing. It all started when payment, ticketing, transit and other services and applications became available on mobile devices such as smart phones and wearables. The next wave of convergence came with the Internet of Things and connected cars: mobile technology now connects all kinds of devices and machines, opening them up to new digital services and business models. The fridge that automatically orders new supplies is a reality, and the car that pays your bill at the gas station without any personal interaction at the cash register is on the horizon. These are two examples of consumer applications, but the same principle applies to machine-to-machine interaction in production and manufacturing, or smart city scenarios where connected street lamps, public dustbins or traffic systems can enable municipalities to provide better and more targeted services to their citizens.
— G+D (@GI_DE_com) September 12, 2017
We are rapidly reaching a point where nearly everything we have and use will be part of the IoT, what aspects of this are you / G+D excited about? & what risks do we face?
You are perfectly right, these are very exciting times for G+D Mobile Security. As I have explained before, the management of digital identities to provide security and trust is at the heart of everything that is happening in IoT and digitization, and this is what we do best.
I see tremendous potential to improve our lives, to help us live in a more sustainable and collaborative manner, in the smart city and smart home scenarios that are now enabled by the IoT.
However, what sometimes worries me is the lack of awareness about the importance of security by design in IoT scenarios. This may sound self-serving given our line of business, but I am also speaking as a private citizen here. The Mirai attack last year showed that devices as simple as common household appliances can be used to form a botnet and shut down global online services for hours. We have learned to protect our computers with firewalls, virus scanners and security software, but how many users do you think are aware that their new electrical toothbrush with the cool digital features is a potential target of cyber attacks? In an experiment, it took only 41 minutes for a virtual Internet-connected toaster to be attacked by hackers… and if something bad happens as a result of an IoT cyber attack, who will be held responsible? The unaware users who failed to secure their devices? The manufacturers that sold a device without security, because they cannot sell a secure device at the inevitably higher price? The industry because it failed to agree on a common security standard? The government because it did not protect its citizens by regulating the IoT market? At present, there is no answer to these questions. There are initiatives, both in the industry for standardization as well as on government level for regulation in several countries, and these processes take time. In any case, the answer has to be an international one since neither our globalized economy nor cyber crime knows any borders.
Is there anything else we should have asked you?
If you are providing any kind of digital identity, be it that of a device, a bank account, credit card, a mobile service, ticket, loyalty card, even that of an application or a file in digital rights management, you name it – you need to talk to us. A digital identity is a value, and securing values is the essence of our brand.
How can people find out more about G+D?
I invite everybody to check out our website or subscribe to our Twitter feed and Youtube channel.