Cyber security...do we need to rebuild the internet from the ground up?
A few leads from the OECD Forum
Here comes another one, just like the other one…
The recent “Petya” ransomware attack affected several companies and public services in various parts of the globe. At the recent OECD Forum, the session “No ordinary disruption” brought together experts to discuss cybersecurity and the policy responses to better manage these risks. Here’s a few take aways.
Computer security… a contradiction in terms?
Strengthening digital security is essential to allow citizens, companies and governments to establish confidence and trust in technology and unleash the benefits of a world that is rapidly going digital. Governments, with the help of the private sector, need to take a proactive position to anticipate and mitigate cyber threats to get the balance right between national security and surveillance in our hyper digitally-dependent and interdependent economies.
The Internet of Things (IoT) bridges the physical and digital worlds in a wide variety of contexts: from factories, to cities, to our homes. The state of devices and objects can be altered with or without our own active involvement. 60% of connected devices raise security concerns with their user interfaces. Smart cities rely on IoT technology and recent books like Nitesh Dhanjani’s Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts evoke situations where interdependent networks such as transport infrastructure, energy grids, financial systems and health services are crippled. In case of failure or successful attack, interdependencies between information systems and critical infrastructures can massively amplify the knock-on effects and potential economic and detrimental social impacts.
In the borderless digital space, sovereignty considerations have become increasingly important. Economy-wide, joined-up and cross-border policy responses are needed, particularly regarding sub-par security on IoT, without undermining the economic and social activity they aim to protect. Government regulation, legal liability and insurance schemes that generate incentives to encourage more prudent behaviour are part of a better approach to digital risk management.
Resilience all over the economy
Thought leaders at this session examined the vital role governments have to play with other stakeholders in ensuring resilient systems for the delivery of critical services. They explored the measures we need to put in place to drive trust and security while maintaining the IoT as a platform for innovation and new sources of growth.
Shining a light on the dark web
The expanding Internet of Things (IoT) could add USD 10-15 trillion to global GDP and mean there will be 22 times more data traffic by 2020. As the IoT grows, so do the risks of major digital security and data privacy incidents. We will never be 100% safe from malevolent actors on the dark web and unsurprisingly panellists agreed that mitigating the risks of going digital are essential, along with making economies and societies as resilient as possible.
IoT technology comes with promising opportunities – advancing health services improving our environment and rebuilding trust – but as more devices become connected, security issues are increasing and becoming more complex. With 40% of all data generated coming from connected devices by 2020, we were reminded that the volume of data that needs protection is rising rapidly, meaning security and privacy policies need to keep up. Panellists raised the fact that there is a general lack of security culture – “do you have two layers of password protection on your email account?” – and we see a genuine deficit of skilled people in government to design policy that will enable the IoT to work in favour of citizens.
Panellists grappled with questions around who’s in charge and who’s paying the bill on digital security. Many thought it was obvious we need a situation in which responsibility is shared and that boosting collaboration between governments and the private sector is a priority. Telefónica shared how it is co-operating with various governments on communications networks. There are effective collective projects in Europe on smart electricity grids. Some panellists called for an “out-of-the box” approach to manage the risks. Better planning and smarter mechanisms are also required. The role of hackers, especially “ethical” ones, was raised with reference to their potential role in government.
To be aware
“We must ensure that the next chapter in this technological revolution focuses on simplicity”.
Technologies like block chain and encryption software can help as we seek better security but there is no silver bullet; the fundamental problem is human. Education is key to raise awareness among citizens. Training programs can contribute to provide better information and deliver the basic skills in the management of digital property, especially concerning the sharing of personal data. The session ended with a powerful challenge: “we must ensure that the next chapter in this technological revolution focuses on simplicity”.
GOT A FEW MORE MINUTES?
Watch the video of the session "No ordinary disruption" at the OECD Forum
- Cyrille Lachèvre, Macroeconomics Reporter, L’Opinion, France, @CyrilleLachevre
- Jacob Bundsgaard, Mayor of Aarhus, Denmark, @JBundsgaard
- Richard Dobbs, Director, McKinsey; Member, McKinsey Global Institute Council, @richard_dobbs
- Isabelle Falque-Pierrotin, President, CNIL, France, @CNIL
- Diego Piacentini, Government Commissioner for the Digital Agenda, Italy, @diegopia
- Christoph Steck, Director Public Policy & Internet, Telefonica, @christophsteck