Does Reliance on Technology Open the Door to Increased Cyber Risks?
By Nadav Morag, Ph.D.
The world continues to be profoundly impacted by computers and computer networks, particularly the Internet. Today’s global economy is increasingly dependent on the Internet. According to a report published this year by the think tank, Atlantic Council, and Zurich Insurance Company, the Internet of tomorrow is likely to be less resilient and more likely to bring about global economic shocks due to its increasing complexity. This is chiefly, the report argues, because of the movement to cloud computing and the risk that the loss of major amounts of data could have on logistics, infrastructure, or other areas of economic activity. This loss of data could potentially cause a cascading failure that could lead to an economic collapse of much larger proportions than the financial crisis of 2008.
According to the authors of the aforementioned report, there are seven aggregators of cyber risk:
- Vulnerabilities associated with an organization’s internal Information Technology (IT), such as hardware, software, people, and processes.
- Risk from dependence on, or interconnection with, outside entities, such as banks, corporate joint ventures, industry associations, etc.
- Vulnerabilities ensuing from contractual relationships with outside suppliers including, cloud services, consultancy, contract manufacturing, etc.
- Risks to supply chains for IT equipment or cyber risks to supply chains and logistics.
- Risks from disruptive new technologies, such as the “Internet of Things,” smart grids, embedded medical devices, driverless cars, etc.
- Risks from upstream infrastructure, such as the electricity supply, financial systems and telecommunications.
- Risks from events outside the system and outside the control of most organizations such as major international conflicts or malware pandemics.
As should be clear from the above list of risks and vulnerabilities, as we become more dependent on computer networks, we increase the risk and the likelihood that smaller events may cascade to become larger ones and perhaps even catastrophic ones, if the authors of the report have it right.
In principle, our knowledge economy is dependent on what Peter Singer and Allan Friedman call the “canonical goals” of the information environment, namely confidentiality, integrity, and availability. Confidentiality refers to the maintenance of the privacy of data, something that is vital for the operation of every business as well as that of government. Integrity relates to the confidence that a computer system and network operate reliably and contain accurate information that has not been altered by unauthorized persons. In short, it means that the system is stable and trustworthy. Finally, availability means that computer networks and the information they contain are accessible to users and not being blocked or slowed down.
Disruption in confidentiality, integrity, and/or availability in any of the seven aggregators of cyber risk noted in the Atlantic Council/Zurich Insurance report above, constitutes a threat in terms of the potential loss of a system and multiple such disruptions could potentially cascade into a larger system failure.
Of course, these dangers will not halt the march of technological development and our increasing dependence on computer networks for our money supply, the delivery (and often the growing) of the food we eat, our healthcare services, our education and virtually every other facet of our lives. At the same time, this increased dependence and the greater interconnection between computer systems, mean that criminals, terrorists, and hostile nation-states, will enjoy greater opportunities to cause major disruptions. Just as the invention of tanks meant that a few tanks could do the job of large numbers of cavalry soldiers, and do it more effectively, the growing interdependence and reliance on computer networks means that a few people will be able to impact economies and systems of great scope.
This is an unpleasant reality, but one we must learn to live with and adapt to by enhancing our cyber defenses, as well as the resilience of our computer networks.
Image Credit: Flickr/Jackson Clerk