When cyber threats cause major physical damage
28 Apr, 2014 01:34 pm
Cyber security threats are evolving rapidly. At the World Economic Forum, we see a big shift in which cyber threats pose a growing risk to real infrastructure as well as the safety of individuals.
Some of the industries most concerned about cyber damage to infrastructure include those with major operations, such as oil and gas companies, and electricity and water utilities. In many of these firms, digital communication runs every aspect, and the days of manual processes have long passed.
An attack in these areas could also create unusual responses from systems. For example, if a hacker makes a system think there is a major fire, this would trigger emergency response systems that could destroy key equipment.
Risk to humans
Another major threat is being posed to human safety, and it comes from hackers attempting to change information on systems. When a service, such as emergency response, relies on data, a change to information can quickly put lives at risk. Hackers could also attempt to change information on key government databases. Their efforts may include changing people's records, even painting innocent individuals as criminals or terrorists, and triggering a police response.
It's always difficult to measure whether the cyber security threat has really increased or if there's more data because more organisations are reporting their problems. One thing is for sure: the threats are evolving. Yes, traditional threats remain such as denial of service, in which hackers switch off systems. In addition, the risk of data theft remains high. But the emerging threats to infrastructure and individual safety pose fresh risks.
The originators of attacks
Cyber threats originate from a number of areas. At the highest level are state-sponsored attacks, followed by organised crime. Both of these pose a major risk, given the extensive finance and resources available to the perpetrators. At the next level are common criminals. This is followed by individuals known as "hacktivists", who have a moral point to make. Both of these categories have much fewer resources, but can still cause significant damage or destruction.
Tackling the threat
In order to tackle the threat, the issues must be understood at their core, including knowing what the motivation is for the groups and individuals involved.
There is a major skills issue here. Governments and large organisations will struggle to find enough of the right people to protect infrastructure. It will be important for them to provide the right reward structure for potential and existing employees.
Discussion between organisations plays an essential role in tackling the problem. There needs to be much more engagement in this area. The more that we share information on threats, especially threats that are minor but continuous, the more we can fight the problem. It is very similar to the way cancer is being fought: with so much registration around not only cancer itself but potential cancers, doctors are able to understand the disease more and respond more effectively.
There have been advances in this area, and a number of security companies specialise in matching suspicious patterns in order to identify problems.
The technology itself is vital here. A future awaits in which quantum computing and the latest graphene-based circuits are developed and support nanosecond recognition of problem patterns.
There are around two and a half billion internet users today, but many more will join in coming years as access becomes more available. Supposing two billion more people get onto the internet: this could fast change cyber security issues. Organisations will need to understand what are the cultural norms and motivations of those joining the internet from other geographical areas and groups. They will also need to be aware of what these individuals understand around the internet and their data.
On the bright side, young people are increasingly aware of security and they know how to manage it. Many large economies have a very advanced digital society. In the UK, it is a big part of the economy; there is major development by businesses and universities, and politicians such as William Hague have been instrumental in pushing for a more secure infrastructure.
An environment, in which citizens and organisations are better informed and able to manage security, has to be a good thing for the future.