2017 ECCT EU-TWN Telecom Forum
The theme of the 2017 EU-Taiwan Telecom Forum, hosted by the ECCT's Telecommunications, Media and Content committee was "IoT Vision for the New Digital Economy". The event, the largest and most prominent business forum for the telecom industry hosted biannually by the ECCT, was the fifth such forum held since 2009. The half-day forum brought together telecom industry experts, senior regulatory officials and executives from companies operating in all sectors of the telecom industry and supply chain including all major telecom operators and equipment suppliers. The forum began with opening remarks by Nicole Chan, Chairperson of the National Communications Commission and ECCT Chairman Hakan Cervell. This was followed by presentation by five speakers from Europe and Taiwan and a panel discussion featuring all of the speakers.
The purpose of the half day forum was for government and industry experts from Europe and Taiwan to share information on regulations and best practices, as well as discuss trends and business opportunities. The theme and focus of the forum was on the future prospects and development of the Internet of Things (IoT) and the digital economy and how this will affect a broad range of industries and the broader economy.
In her opening remarks NCC Chairperson Nicole Chang said that regulators in Taiwan were well aware of the potential economic and social benefits that IoT could bring and acknowledged that regulators have to put in place regulations that enable the development of IoT by giving enterprises more flexibility. At the same time, regulations have to ensure fair competition and protect consumers' rights. Chang said that she favoured a light touch approach that allows innovation. She also noted that more needs to be done to reduce the digital divide, pointing out that some people are still isolated or unaware of how to protect their rights. It is also one of the goals of the current administration to help SMEs which lack digital skills to upgrade so that they can become more competitive. One of the government's major initiatives in this regard is the DIGI+ Digital Nation and Innovative Economic Development Program to run from 2017 -2025. In addition, reforms are planned in the form of amendments to various acts governing telecom management and broadcasting aimed at improving the regulatory environment for the new digital environment. Chang concluded that there are many opportunities but also challenges to overcome, which are not limited to technology but also linked to social norms. In this regard she said that we need to face these challenges together and all stakeholders need to be involved in finding solutions to the challenges.
In his opening remarks ECCT Chairman Håkan Cervell said that we are just beginning to see the rise of IoT, which promises to deliver great benefits for citizens and governments alike. Citing research which predicts that the number of connected devices will rise to 29 billion by 2022, of which 18 billion will be IoT related, he remarked that connectivity and increased speed brought about by 5G will enable and increase opportunities to add value, for example in the areas of automated driving and remote control of machinery in smart factories. While the future is bright, he pointed out that there are many challenges to overcome including improving energy efficiency and technology and the capacity and security of data storage and networks. Presentations and the panel discussion that followed addressed these issues and many more.
Topic: Internet of Things from an EU perspective
Speaker: Viktoria Lövenberg, Deputy Head of the European Economic and Trade Office (EETO)
The EU sees IoT as major enable of a future hyper-connected society. It is a new eco-system that cuts across many areas and is already present in things like wearable devices and other solutions such as home automation that allows energy saving, temperature control, smart lighting and other smart devices such as fridges. Assisted living is a crucial driver of IoT to help deal with the problems arising from aging societies.
IoT represents a huge opportunity for Europe and for international cooperation given estimates that the IoT market in Europe is expected to exceed €1 trillion by 2020. IoT is a focus area at the EU level as part of the Horizon 2020 programme, which includes support for Large-Scale Pilot (LSP) programmes. IoT projects with a total budget of €100 million were launched in January 2017, grouped in five areas that can be driven by data: Smart living environments for ageing well, smart farming and food security, wearables for smart ecosystems, reference zones in EU cities (or smart cities) and autonomous vehicles in a connected environment. These projects involve many stakeholders including large, medium and small businesses, academic institutions and farmers.
The three pillars needed to support the success of IoT are:
A single market for IoT: IoT devices and services should be able to connect seamlessly and on a plug-and-play basis anywhere in the European Union.
A thriving IoT ecosystem: Open platforms used across vertical silos will help developer communities to innovate. As a kick-start, IoT deployments in selected lead markets will be supported.
Human-centred IoT: This entails respect of European values, empowering people along with machines and businesses, high standards for protection of personal data and security.
Key actions needed for IoT development are appropriate regulatory conditions to facilitate the creation of an IoT single market, clarification of the legal framework for data ownership, adaptation of the current liability framework and the promotion of an interoperable IoT numbering space for universal object identification.
The goal of EU is to facilitate and remove obstacles to IoT development such as those related to data ownership and liability. Data needs to be available and analysed but first the question of who controls the data and what happens and who will be liable if something goes wrong have to be settled.
Ensuring sufficient spectrum for IoT is a crucial technical issue that needs to be addressed. Besides proving funding for LSPs, the EU is supporting the Alliance for Internet of Things Innovation (AIOTI, an independent stakeholder community which was set up in 2015) and supporting international collaboration and research on IoT matters such as standards.
In terms of challenges, besides security, privacy, data protection, trust and consumers acceptance that have already been identified, new challenges arising are increased scope and increased scale (billions of devices will bring with them billions of security risks), the issue of device lifecycles and consumer IoT vulnerabilities. Everyday devices are vulnerable as is evident from an increasing number of hacking attacks on cameras and other devices. If software on devices is not updated, they are much more vulnerable to attacks.
In this regard, it is the EU's position that both manufacturers and consumers share responsibility. The role of governments and policy makers is to intervene in cases of potential market failures, to raise awareness and educate consumers of the risks, set standards and targeted legislation and increase trust to enable the advancement of IoT. The minimum common requirements across sectors are security and privacy by design and by default, encryption for data confidentiality and integrity, clear terms and conditions and a proper liability regime.
The EU is currently in the process of soliciting opinions on liability issues in terms of product service lifecycles, how to determine the fault's root cause and the "producer" and issues such as the burden of proof and how to determine economic losses. The consultation period is still open to allow stakeholders to share their views. On the subject of security actions, the EU is exploring various options such as a possible framework for security certification of ICT and a commercially-oriented, lightweight labelling scheme to identify and accelerate the development of essential ICT standards. For the time being, security is uneven across the EU, making many areas vulnerable to cyber-attacks, including healthcare and finance.
Topic: IoT transformation – Utilising the Internet of Things
Speaker: Kam Eng Liang, APAC Regional Sales Manager, Telenor Connexion
According to the speaker technology doesn't matter. By this he explained that there will be a mix and match of long-range, medium range and short range technology including cellular networks, low-power wide-area RF, Wi-Fi and blue tooth. Whatever technology is used is much less important that having the right business model. The EU will soon have flat rate for mobile data packages that will make it much easier for businesses to create business models and for consumers.
In the last 15 years 52% of fortune 500 companies have disappeared. The best of the survivors have reinvented themselves to focus on services rather than products.
Telenor's 2014 IoT Report cites surveys that lay out the key reasons for adopting IoT. According to the report, the top reason cited by 61% of respondents is that they believe that they need to improve customer services. The next most important reason (cited by 36%) is to increase cost efficiencies, followed by creating new revenue (34%), improving product performance (27%) and becoming more sustainable (19%). The key questions companies are asking about IoT are: How will IoT affect us? Who do you think can disrupt us, from a digital perspective? and How should we make money on IoT?
But the key, according to the speaker, is user experience. IoT must be useful to consumers. The key question companies need to ask is what benefits they can give to customers to enrich their experience? The speaker concluded that he believed that IoT development is best done in collaboration with good partners.
Topic: Designing regulation for the future
Speaker: Martina Francesca Ferracane, Research Associate - DTE Project Manager, European Centre for International Political Economy (ECIPE)
The speaker addressed the policy framework applying to IoT. Implementing IoT is not only about new policies but also about eliminating restrictions in place now that are preventing IoT from developing further, including restrictions on cross-border flow of data, prohibition of data transfers, local processing requirements and local storage requirements.
ECIPE has identified policy restrictions in 65 countries, including EU member states and countries in Asia. For example, Australia does not allow health data to be transferred outside the country. Other countries have local processing requirements. She noted that more countries have been imposing restrictions in recent years. Even though the EU has a directive which does not allow data retention, some countries in the EU continue to maintain retention requirements and other data flow restrictions such as imposing data impact assessment requirements or the need to hire data protection officers. This has created big problems for companies, especially SMEs. In addition, sanctions for violations that can run to hundreds of thousands of euros or a percentage of revenues, have imposed a large burden. In other countries such as mainland China, Russia and Vietnam, the government has access to all information collected. Even France passed a law in 2015 to grant security and intelligence forces the right to see electronic and digital communications in real time for which they do not need to seek approval until 48 hours after the surveillance has begun.
The speaker went on to rank countries in terms of data flow regulations. The most restrictive countries are Russia, Turkey and mainland China. Taiwan ranks slightly better than average at 36th out of 64 economies (the first being the most restrictive).
Some countries require using local encryption standards and some require additional screening for security. For example, several countries require double-testing of telecom equipment made by China's Huawei. In some cases products are banned for national security reasons.
Other types of restrictions are in place for things like electronic payments and other online services. Others require e-commerce operations to have a local domain name or even a physical presence, which is a problem for many cross-border e-commerce operations. Vietnam even requires advertising service providers that use email for advertisements to send emails from a Vietnamese domain name.
IPR problems include legal injunctions, lack of fair use provisions, slow application processes for patents and a lack of clear copyright exceptions.
Other restrictions affect the roll out of IoT, such as restrictions on investments and public procurement, discriminatory taxation rules, tariffs and local content requirements.
Topic: DIGI+ - The Digital Nation and Innovative Economic Development Program
Speaker: Tsai, Zse-hong, Professor, National Taiwan University & Research Fellow, Board of Science and Technology, Executive Yuan
In his role as a research fellow on the Board of Science and Technology, Professor Tsai introduced the Digital Nation & Innovative Economic Development Program, which will run from 2017-2025.
The budget for the programme is currently being discussed in the Legislative Yuan. The acronym DIGI stands for Development (of stable infrastructure), Innovation (of the digital economy), Governance (towards a "smart nation") and Inclusion (of civil society).
Given the international trends of an acceleration of the digital economy, Tsai admitted that Taiwan is not doing so well compared to some other advanced economies. Taiwan's overall ranking in the World Economic Forum's Networked Readiness Index dropped from 18th to 19th place in 2016. Moreover, in terms of its "digital economy performance", hardware makes up around 70% of value, compared to only 30% for software. The fact that this percentage breakdown has not shifted much over the past decade indicates that local enterprises are finding it difficult to transition to higher value-added services.
The vision of the programme is to expand the active internet society, promote a high-value,
innovative economy and build an affluent digital nation. Ambitious development goals have been set. These include increasing the value and proportion of innovative digital economy from NT$3.3 trillion in 2014 to NT$6.5 trillion or from 20.5% to 29.9% of GDP, increasing the number of active internet users and increasing the speed and reach of high-speed broadband coverage to 2Gb per second. In addition, broadband access will become a basic right for economically disadvantaged communities.
Key strategies under the programme include:
DIGI+Right: Transforming Taiwan into an open internet society and a nation of digital rights.
DIGI+Cities: Fostering collaboration between central and local governments and industry-academia research units in the creation of smart urban and rural areas.
DIGI+Globalization: Elevating Taiwan's standing among the world's digital service economies.
DIGI+Infrastructure: Constructing an infrastructure beneficial for digital innovation.
DIGI+Talent: Fostering talent in digital innovation.
DIGI+Industry: Using digital innovation to support industry restructuring and upgrading.
Provisional funding in 2017 for related technology programmes is estimated at NT$11 billion. Annual funding is estimated to reach NT$20 billion in 2018, with NT$15.5 billion for science and technology funding and NT$4.5 billion for infrastructure development. An additional special budget for advanced infrastructure is estimated to reach about NT$46.1 billion over 3 years.
Topic: Threats to business in an increasingly-connected world
Speaker: Thomas Kuiper, General Manager, Gandi.net (Asia).
The speaker began with giving examples of a common method of cyber-attack, known as distributed denial of service (DDOS), an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A recent case on 21 October last year resulted in service disruptions for large parts of a day, resulting in huge losses. Criminals deployed millions of everyday objects, such as internet-connected cameras and printers in the DDoS on a critical part of the Internet, which crippled the websites of major companies like Amazon, Netflix and Twitter. They used publicly available source code to assemble a bot-net army of internet-enabled devices, and then directed those devices to send massive waves of junk requests to DNS provider Dyn. It is not sure who was responsible but a company making internet cameras subsequently recalled millions of cameras as a result.
This was not an isolated case. Researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which they call "Amnesia". The Amnesia botnet targets an unpatched remote code execution vulnerability in some 227,000 devices sold under the brand names of over 70 vendors worldwide.
A very common reason for being hacked is that people do not use strong passwords and do not change them often enough. An added layer of security, two factor authentication, is also advised.
Devices connected over the internet give rise to frightening possibilities such as connected vehicles being hacked to make them drive into people.
Another overlooked issue is legacy infrastructure. For example, after 12 years, support for the Windows XP operating system ended 8 April 2014. Since there have been no security updates or technical support for Windows XP since then computers with Windows XP connected to the internet may be exposed to additional threats. Taiwan still has many Windows XP users, including some hospitals, which means that their data is not secure.
Daily attacks by email to open attachments, visits to phishing sites are increasing daily. These contain viruses which may attack other devices inside a company network (Trojan horse). Phishing can even be done using Unicode domains, which makes them much more difficult to recognize. There are also increasing cases of ransomware, although the best way to guard against ransomware is to make sure you back-up your data frequently.
Hoax emails looking like they come from the real source have also done a lot of damage. Solutions include developing a strategy for domain names and education of employees, regardless of their position in the company.
Delegates began by discussing the main obstacles to IoT development. These include a lack of innovation in many traditional companies, a lack of investment in start-ups and an unfavourable regulatory environment. A lack of digital skills is a factor, which suggests that better education is needed. Another important factor is the government. It has to be trusted not to abuse data for its own ends. Another issue is that too many companies operate in silos and will not cooperate with one another. It would also be helpful if Taiwan had more innovation role models. There also needs to be a better communication platform between government and industry, which includes mid-level officials, not just senior officials
Delegates went on to discuss what concrete actions should be taken to advance the development of IoT. It was suggested that industry-led initiatives such as developing IoT labs to build platforms which would allow smaller companies to take part would be helpful, rather than relying on government initiatives. It was also recommended that there should be more exchanges between Taiwanese companies and academia and their European counterparts. This should include staff visits and information exchanges. It was also suggested that Taiwan experiment with and allow a greater variety of business models.
Finally, on the question of too much capital and power in the hands of very few companies, while in one way this is not a healthy development for competition, the economies of scale have also reduced the costs of many services. There is no doubt that digitalization destroys jobs but this highlights the need not only for dealing with the social fallout but also the need to educate people and give them the skills they need to survive in the new era.