President and CEO of hosting Loterija Slovenije Romana Dernovsek (right) opened this year’s Seminar focusing on the theme ‘Protect Your Digital Ecosystem and It Will Protect You’. The tone of the Seminar was set by Carlos Bachmaier, SELAE and Executive Chair of the EL Security and Integrity Working Group, who reemphasised the importance of compliance in the area of security and integrity.
Keynote speaker Eneken Tikk of the Cyber Policy Institute in Finland highlighted the growth in cyber threats and called on lotteries to self-reflect on how their services would be perceived and treated by their respective governments in case of a cyber-attack – as critical/essential or rather a luxury. A question was raised about whether lottery services can be considered as luxury services from the point of view of critical infrastructure or they become essential/critical due to the nature of flagship organisations of their governments. The final message was that strict adherence to GDPR is the best way for a lottery company to “protect its back”.
EL Deputy Secretary General Jutta Buyse took to the floor to highlight the importance of lotteries’ participation in and contribution to the work of developing a Reporting Standard in Support of online Gambling Supervision (CEN/TC 456). This is a process in which EL as an organisation and many of its member lotteries have participated from the beginning and which is now coming to an end.
Peter Szyszko, CEO of White Bullet Solutions drew the attention of the participants to the dangers of their brands ending up being shown as ads on illegal sites. He explained how this happened and advised how to monitor and track such developments.
The China Sports Lottery presented its approach to security management and Carlos Bachmaier, Jochen Haller (Head of Info Security, 1&1 Ionos Internet SE) and Mariano Benito (CISO, GMV, Spain) alerted participants to the challenges of the inexorable and inevitable move to the Cloud where data classification was one of the biggest issues for users as was the difficulty in having the increasingly powerful Cloud Service Providers pay any attention to or respond to the needs of “small” users such as State Lotteries.
Abhishek Kumbhat (Skilrock) rounded off the last day with a presentation on Threat Intelligence and Resilience in New-Age lottery. Abhishek highlighted recent cybercrime techniques threats and proposed methods for protecting lottery systems.
On day two of the Seminar Matthias Rieger (Lotto Rheinland-Pfalz) presented Gunnar Ewald’s review of 2019 security incidents, and a short discission took place on the security implications of the recently reported news concerning the long story of the Camelot £2.5m Lotto ticket fraud. Ticket security was discussed (remotely) by Franz-Josef Wichmann, Head of Internal Audit Westdeutsche Lotterie who explained the features of Scientific Games Xisecure (which is similar to IGT’s GGuard). There were many advantages in having a ticket security system which was completely separate and independent of the lottery central systems and data bases. Franz-Josef strongly urged that all “last minute” claims for winning tickets receive special security attention. Presentations were also given by Dr Aftab Rizvi of Gaming Associates (a WLA SRMC Certified Auditor) and Dr Helena Szrek of Szrek2Solutions (Integrity of RNG draw systems).
Partner sessions rounded off the Seminar with Steve Townend (Scientific Games) explaining the security implications of splitting a single instant game between online and retail distribution channels and Panagiotis Merkouris (Intralot) presented an Integrated Security Program for Personal Data Protection proposing how personal data can be made less vulnerable to a wide and complex range of security exposures.
Next year Seminar is planned to take place in Reykjavik, Iceland hosted by Íslensk Getspá.
The standout quote from the Seminar was “The weakest link in the security chain is the human element” attributed to Kevin Mitnick (Convicted Hacker in US)
By Ray Bates, Moderator
