As the National Association of Insurance Commissioners (NAIC) prepares to review insurance industry input on its draft Principles for Effective Cybersecurity Insurance Regulatory Guidance, two prominent technologists explained in their own comments that the inherent porousness of insurers’ computer systems’ and the need to overhaul their internal IT operations can factor as strongly in overall cybersecurity as external products, protocols or methods.
“Insurers worldwide are grappling with modernizing their legacy computers, a sizable majority of which are sited on IBM mainframes,” explained Don Estes, Chief Technology Officer for REDpill Systems Inc., which recently modernized systems at Aviva Insurance. “These were constructed prior to the existence of security ‘hacking’ as we know it. Their very foundations mistakenly assume no significant problem, or an invulnerable mainframe.”
Worse, these systems may be inadvertently modernized onto platforms that are decidedly vulnerable. To the extent that replacement applications are influenced by the past, insurers need to be on guard, Estes warned. His solution: Security must be “baked” into the new design–not simply assumed to be present.
“We are on the eve of a new kind of software development—one based on Semantic Structures augmented by artificial intelligence, not just the Java and Oracle thinking that is the de facto standard today,” Estes added.
REDpill Chief Innovation Officer John Coyne, a leading authority on Semantic Technology Architecture, explained that Semantic Modeling provides a powerful solution to cybersecurity threats by adding a layer of artificial intelligence into the security process that can provide real-time oversight. Similar to current methods used mostly by early-adopter governments to secure their fundamental data and processes, Semantic Modeling speeds delivery of security integration features and solves for complexity that often stultifies lesser security integration efforts, he pointed out.
Coyne, who counts AIG, Prudential and other financial and regulatory institutions among his clients, has found that many internal insurance applications are large, enterprise-wide systems–highly valuable in day-to-day operations–but with massive exposure to cyber-risk.
“Using Semantic Architecture, we have updated insurers’ current legacy systems with a non-invasive and non-destructive method of insertion of Semantic Structure at critical vulnerability points, so that the preservation of value is enhanced and system security is evergreen,” Coyne related. “The bonus is that these new methods also help facilitate compliance with increasingly onerous insurance regulatory standards governing cyber-security underwriting products, thus adding an extra layer of confidence for stakeholders.”
In his own comments to the NAIC, Coyne recognized the Federal Identity and Credential Access Management (FICAM) standards as a formidable architecture that inherits proven trust models with separations of concern that facilitate enterprise adoption. Specifically for the insurance industry, he recommended a corresponding delivery and performance-enhancing method based on ontological standards and knowledge-based systems supported by artificial intelligence techniques that uniquely provide assurance of integrity for the insurer and its customers.