When cyber threats cause major physical damage
Cyber security threats are evolving rapidly. At the World Economic Forum, we see a big shift in which cyber threats pose a growing risk to real infrastructure as well as the safety of individuals.
newest threats in cyber security include the actual destruction of property. A
clear example of this was the attack on Saudi Aramco, a state-owned oil firm,
in 2012. The attack failed in its aim to completely stop the flow of oil, but
nearly 30,000 computers were hit in the raid, which was blamed by officials on
foreign state activity.
of the industries most concerned about cyber damage to infrastructure include
those with major operations, such as oil and gas companies, and electricity and
water utilities. In many of these firms, digital communication runs every aspect, and the days of manual processes
have long passed.
attack in these areas could also create unusual responses from systems. For
example, if a hacker makes a system think there is a major fire, this would
trigger emergency response systems that could destroy key equipment.
Risk to humans
major threat is being posed to human safety, and it comes from hackers
attempting to change information on systems. When a service, such as emergency
response, relies on data, a change to information can quickly put lives at
risk. Hackers could also attempt to change information on key government
databases. Their efforts may include changing people's records, even painting
innocent individuals as criminals or terrorists, and triggering a police response.
always difficult to measure whether the cyber security threat has really increased or
if there's more data because more organisations are reporting their problems.
One thing is for sure: the threats are evolving. Yes, traditional threats
remain such as denial of service, in which hackers switch off systems. In
addition, the risk of data theft remains high. But the emerging threats to
infrastructure and individual safety pose fresh risks.
The originators of attacks
threats originate from a number of areas. At the highest level are
state-sponsored attacks, followed by organised crime. Both of these pose a
major risk, given the extensive finance and resources available to the perpetrators.
At the next level are common criminals. This is followed by individuals known
as "hacktivists", who have a moral point to make. Both of these categories have
much fewer resources, but can still cause significant damage or destruction.
Tackling the threat
order to tackle the threat, the issues must be understood at their core,
including knowing what the motivation is for the groups and individuals
is a major skills issue here. Governments and large organisations will struggle
to find enough of the right people to protect infrastructure. It will be
important for them to provide the right reward structure for potential and
between organisations plays an essential role in tackling the problem. There
needs to be much more engagement in this area. The more that we share
information on threats, especially threats that are minor but continuous, the
more we can fight the problem. It is very similar to the way cancer is being
fought: with so much registration around not only cancer itself but potential
cancers, doctors are able to understand the disease more and respond more
have been advances in this area, and a number of security companies specialise
in matching suspicious patterns in order to identify problems.
technology itself is vital here. A future awaits in which quantum computing and
the latest graphene-based circuits are developed and support nanosecond
recognition of problem patterns.
are around two and a half billion internet users today, but many more will join
in coming years as access becomes more available. Supposing two billion more
people get onto the internet: this could fast change cyber security issues.
Organisations will need to understand what are the cultural norms and
motivations of those joining the internet from other geographical areas and
groups. They will also need to be aware of what these individuals understand
around the internet and their data.
the bright side, young people are increasingly aware of security and they know
how to manage it. Many large economies have a very advanced digital society. In
the UK, it is a big part of the economy; there is major development by
businesses and universities, and politicians such as William Hague have been
instrumental in pushing for a more secure infrastructure.
environment, in which citizens and organisations are better informed and able
to manage security, has to be a good thing for the future.