Cyber Insecurity: Trying to Waterproof a Sieve
The inventors of the Internet didn’t give much thought to cyber security. Why would they? The idea behind the Internet’s main predecessor, the Pentagon’s ARPANET, was to help researchers share more information more easily. It was designed for openness, resilience, and scale, for users who all shared a common purpose.
They didn’t know — and couldn’t have guessed — how central the Internet would become to our lives. Nor could they imagine a network of users who would eventually turn on each other. But decades later, the Internet is as essential to global society’s day-to-day functioning as electricity, and cyber security has emerged as a defining issue of the digital era.
Trying to waterproof a sieve
Ironically, the word “cyber” comes from “cybernetics,” the study of systems of control over living beings and machines. But securing a system that was designed from the beginning to be open is a lot like trying to waterproof a sieve: you’re trying to do something the system simply wasn’t built for. Billions of dollars are invested each year piling new security technology on top of an old design because we literally have no choice: the original architecture is so inherent to the Internet’s structure and basic operations that replacing it is effectively impossible.
The issue is only becoming more urgent as the Digital Economy weaves an increasingly dense web of connections around us. A new Internet Protocol that supports up to 78 octillion Internet addresses will exponentially increase the number of things that can be connected to the global network at once — or, as former Interpol agent Marc Goodman recently told New Scientist, “That’s 78 billion billion billion things… If today’s Internet is the size of a golf ball, in the next few years it could grow to the size of the sun. Every grain of sand on our planet could have its own Internet address a trillion times over.”
But when everything is networked, everything is hackable. And when everything is hackable, everything is at risk.
Far worse fates than credit card fraud
Moore’s Law has created Moore’s Outlaws, so to speak. Today’s cyber criminals can achieve astonishing scale, without much fear of discovery, and they develop workarounds to security measures as fast as they’re developed. The more we rely on the Internet, and the more valuable the systems and information we connect to it, the more tempting targets they present to people with ill intent. That puts us all at risk in ways that we’ve never imagined.
Your smart refrigerator? It might just let your milk go bad. Then again, it could be recruited for a spam campaign or, even worse, provide an opportunity for hackers to leapfrog into your home security system.
Your car? Ask the Wired writer who let hackers remotely highjack his Jeep how it felt to lose control on the highway with an 18-wheeler barreling down.
Basic infrastructure? Imagine 911 calls being redirected, sewage routed onto the streets, or massive regional power outages because all those systems have been hacked.
Drones? Malware could let bad actors secretly take over the flight and the camera – letting them spy on anyone or tamper with private information.
Health care? Think about drug prescriptions being altered, surgical robots hijacked, or the entire IT system of a hospital being taken down. Lives would be at stake.
At some point in the foreseeable future, criminals will likely find a way to hack DNA — which is, after all, a type of code — in an attempt to unleash bioweapons and pandemics.
In 1999, a group of hackers foresaw the dangers of a ubiquitous but fragile network and tried to warn the U.S. Congress, but nothing came of it. In part, that’s because it simply makes more sense for enterprises to prioritize customer service, which has a direct tangible effect on the bottom line, over cyber security. Security is complicated, expensive, and cumbersome, and it’s impossible to quantify the benefit of preventing an unspecified bad thing from happening. Unless, of course, that bad thing is having your business go bust because you’ve lost your customers’ trust.
Another barrier has been the sense that it’s someone else’s problem. Companies haven’t been held liable for the damages, financial or otherwise, caused by their failure to secure their systems. However, as the potential consequences mount, this is changing. In fact, a recent appeals court ruling suggests the U.S. Federal Trade Commission is cracking down on what it considers reasonable steps companies should take to protect consumer information from hackers.
Where do we go from here with security?
Short of going off the grid and hiding in the wilderness, we can’t opt to live a life untouched by the Internet and still be part of mainstream society. But we also can’t go through life expecting that our every interaction bears the seeds of a security disaster. If we can’t trust the systems that underpin our most fundamental services and transactions, but we also can’t avoid or re-engineer them, what options do we have?
We have to take strong action against the growing threat of cyber crime. At a minimum, much as we do to safeguard against infectious diseases, individuals and organizations have to insist on and prioritize basic digital hygiene.
Beyond that, organizations need to recognize that as they become increasingly digital, they will be exponentially more vulnerable to cyber security breaches. It’s critical that they plan and invest to secure the data, interactions, transactions, and identities of their customers, employees, and partners. Some experts go as far as recommending organizations use honest hackers to expose vulnerabilities and help develop stronger defenses. This is the argument for using open-source security: to allow experts and the community at large to identify and fix weaknesses.
Finally, there’s a growing concern that even the most serious efforts at the corporate or country level aren’t enough. Instead, we may need a comprehensive global approach that brings together top business and government leaders and the worldwide technical community to develop global standard principles and policies for cyber security. Because without an intense effort to protect the Internet, one at least on the scale of that which sent mankind to the moon in the late 1960s, the political, economic, and human potential of the Digital Economy may well go unrealized.
To learn more about how exponential technology will affect business and life, go to SAP Digital Futures.
This story also appeared in the Digitalist Magazine