Application programming interface (API) scenarios represent about “60 percent of vulnerabilities within an organisation,” when it comes to cybersecurity generally, says Ian Hughes, chief commercial officer of Gaming Laboratories International LLC (GLI), a specialist in technology testing, compliance and security for the gaming industry globally.
“What happens sometimes” is that APIs are “rolled out too quickly” within an organisation, noted Mr Hughes (pictured) in an interview with GGRAsia during the recent MGS Entertainment Show, a casino industry trade show and conference in Macau.
He gave an example that somebody in the marketing team of an organisation will say: “‘We want to roll out AI [artificial intelligence] to do facial recognition, and these are all the sockets and the data that we have to open up’.”
Problems can arise if “there’s not enough time spent on the security assessment around these APIs.” In that scenario, the API is “basically like the front door…. If you let anybody in through the front door, then there’s no point there being a lock and a key on the front,” he explained.
Companies that deal with third-party suppliers or contractors on their information technology infrastructure presented a particular example of where it was critical to maintain a single, secure “tunnel” for data communication, rather than multiple “tunnels” that might not all be secure.
“We do a heck of a lot of evaluation” concerning appropriate APIs, stated Mr Hughes.
Weaknesses that GLI can encounter within an organisation can include “old infrastructure” including “old operating systems,” and also inappropriate locations for activities, including “potentially running critical stuff on people’s desktops”.
Application security testing – for example on behalf of a gaming equipment manufacturer – is usually done through the main GLI operation. Infrastructure security testing is “normally” done through the group’s cybersecurity specialist unit, Bulletproof.
Mr Hughes also spoke about GLI’s work on testing of AI technology, a theme he focused on during his presentation at MGS.
He reiterated that the group sees its role as analysis of AI algorithms, their function and efficacy, rather than making specific judgements about the ethics of a particular piece of AI technology.
He clarified to GGRAsia this didn’t mean GLI viewed this cutting-edge technology in some kind of moral vacuum.
“There might be instances where we think there’s some unethical behaviour or unethical conduct” related to attempted application of AI, “and we as a company would say, ‘No, we don’t want to do that work,” Mr Hughes explained.
The GLI executive said the group expected to “see more and more regulation” in relation to AI.
He said it was important to recognise that gaming operators in various jurisdictions may already “have to report to a number of regulators,” so having regulators specifically for AI might be on the horizon, rather than such oversight being part of the function of existing gaming control bodies.
“Spain is the first country I’m aware of within the European Union, to put a regulator in place for AI. That only happened in October,” he added.
In the U.S., “President Biden put out his executive order on AI, and the U.S. Department of Commerce is working on technical standards and requirements: so it [regulation] is going to happen,” said Mr Hughes.
“What we bring to it is a little bit of domain knowledge around the gaming sector to understand how that fits in,” added the GLI executive.
Global operation, Philippines
In terms of gaming equipment and standards compliance testing, Mr Hughes said the company performs it “globally,” including out of the U.S. and Australia.
“Our locations of testing are predominantly around where we do that work for the manufacturers.
“We’ve set up a large testing location now in India… for pre-compliance testing and certification. So we’ve got 800, 900 global [staff] resources now, which has probably grown 200 in the last year,” stated Mr Hughes.
“So there’s been a 20 percent or 30 percent increase in our testing staff to handle globally the amount of extra work that we’ve got, and the Philippines and Macau have definitely contributed to that overall growth,” he added.
Mr Hughes observed that GLI has “always had a very good relationship” with the Philippine gaming regulator, the Philippine Amusement and Gaming Corp (Pagcor).
“We visit them regularly, our technical compliance team out of Australia goes to the Philippines and helps draft and work with them on their technical standards and requirements,” he explained.
The chief commercial officer noted, referring to a recent casino industry trade show Global Gaming Expo in Las Vegas, Nevada, in the U.S.: “Just a few weeks ago at G2E, I had the whole Pagcor team over, and I gave them a lab tour and we sat down for a couple of hours in our Las Vegas office to discuss their requirements and their needs, and how we were performing for them, so that relationship building is something that is very important for GLI.”
Feb 22, 2024Deleveraging “will take time” for some of the Macau casino operators, “despite the improvements” in the sector’s business outlook, said Fitch Ratings Inc in a Wednesday memo, offering some...
Gaming revenue grossed by the U.S. commercial land-based gaming industry in 2023, according to data by the American Gaming Association