A looming global cyber security crisis?

By Robert Hickson 19/06/2013

Is our cyber future going to be the playground of spies and hoods? Is it already a mash-up of Big Brother and the Sopranos? And how much does it matter?

The recent national and international revelations about electronic surveillance  (not to mention large scale accidental privacy breaches by some government agencies) are alarming to many. More so probably because of the scale rather than the ability to do so. However, for most such surveillance is likely to be of no direct private consequence. What you share (willingly or not) on social networking sites or through on-line shopping probably has greater personal impact.

A paper by de Montjoye et al   last year did though foreshadow how even “anonymous” metadata could in some circumstances be used to identify individuals. In light of the recent revelations these authors have argued that fiddling with policies on data privacy won’t be adequate, people need to be in charge of their own data.  Whether the greater public debate on the issue they recommend will have any effect is unclear. An “occupy cyber street” seems unlikely to suceed.

The Economist notes that politically, surveillance is a no-win situation.  Governments are damned if they surveil and damned if they don’t (following an act of terrorism).

A recent article in the New Yorker on cyber security  is more alarming. Some of the leading cyber security experts have little faith that our current approach to network security will be able to keep pace with the methods to break into supposedly secure systems. This will have real economic, and probably social, implications.

One of the interviewees in the New Yorker article noted that our current focus on preventing illegal entry (defending the citadel) no longer works well, because of the increasingly powerful and sophisticated means available to not just hackers wanting some fun, but to those bent on serious industrial espionage, theft and extortion.  And, in the near future, cyber terrorism. The security emphasis needs to shift toward greater containment once someone breaks in (creating a prison).

The messenger here is important. You could expect cyber security firms to be reassuring, promising that if you buy their system you’ll be well protected.

The final paragraph in the article is telling (and played to good journalistic effect), with a security expert panicking and wondering how he can turn off the Wi-Fi that comes enabled in his new car.

This concern is also echoed by others – such as economist Kenneth Rogoff  – who worry that governments are missing the signs of a cyber crisis of equal or greater impact than the financial crisis. (Particularly as more critical infrastructure relies on internet connectivity).

Pwc’s short piece on the realities of cyber securities makes a similar conclusion about businesses. In their annual survey of CEOs, cyber security is not an important issue at the moment. Pwc point out that cyber security needs to be a business management issue rather than an IT challenge. (A very similar point was made by the Ministerial Inquiry into the Novopay project in relation to the management of large IT projects).

The large social and economic benefits that come from our increasingly cyber world make it unlikely that we’ll turn it all off. But we may be in for a long cyber security insurgency, much like our on-going battles with potentially pandemic biological viruses.

We can’t rely just on technology to deter or repulse the invaders. As the Pwc report states, different “information assets” have different values, and more attention needs to be paid to identifying the “crown jewels” of these and giving them greater protection. That goes for personal as well as commercial data. Changes in how we interact on-line and share information, and our expectations of how the State and firms use it, also need to be more carefully considered.