Top 10 trends of 2014
0 Comment(s)
Print
E-mail China.org.cn, December 26, 2013
 |
4. Intensifying cyber threats
Digital warfare is more visible than ever before, but how can governments, private firms and NGOs protect themselves from this new breed of attack?
Perceived digital warfare is escalating as a sophisticated breed of attack against corporations, governments and individuals. The Survey on the Global Agenda tells us that people over 50 are more worried about it than the under-50s, but the shift to the cloud and the rise of the ‘internet of things' mean that virtually all of us could be affected.
Until quite recently, most people and organisations with a web presence were operating their own servers. That meant that as the web developed it was naturally distributed – anybody would be able to set up a web server anywhere, yet it remained only a click away for users. That worked beautifully for a while and it also meant that there was a certain kind of systemic resilience, because the eggs weren't all in one basket.
But the rise of denial-of-service attacks (typically by flooding a machine or network with spurious requests, rendering it temporarily unavailable) and other vulnerabilities have made it seem much more daunting to run one's own server. More and more are outsourced to one of a handful of vendors, but in the process, businesses are giving up more control than they appreciate. The eggs are increasingly in the same basket, so if Amazon Web Services goes down, then a bunch of otherwise unrelated websites – and their users – are in trouble.
But there's something else that's very pressing to bring up here and that's the ‘internet of things'. This is a very catchy phrase in the tech world these days, referring to the fact that physical objects, often very mundane ones like thermostats and refrigerators, are now internet-enabled. Security hasn't caught up here. It's shocking sometimes: a German IT security company called n.runs discovered earlier this year that communications between aeroplanes and the ground are not encrypted, and that it wouldn't take much for a hacker to give some rather unusual instructions to a plane, or to update its firmware while it's in flight.
It ought to be easier to secure such things, conceptually, because they're not meant to be accessible to the entire public. But because we're in a transitional phase where we're migrating so much previously isolated functionality into the ‘internet of things', there are a lot of undiscovered vulnerabilities. If there's any meaning to something like cyberterrorism, it's more an attempt to use computer vulnerabilities to affect physical results, particularly as things that weren't on the internet are given the power of connectivity for the first time.
So what can be done about this? Governments, private firms and NGOs can focus on resilience: ensuring that it's not catastrophic to get hacked, rather than attempting to prevent all possible forms of hacking. This is a distributed effort. Consider Wikipedia: if you want Wikipedia to be good, you have to figure out how to deal with vandalism, but a lot of the ways of dealing with it aren't about preventing vandalism under any circumstance. Instead it's about how to easily put it right as it happens, making sure that there are more editors fixing vandalism than there are vandals.
The same goes with cyberthreats. You're always going to be dealing with an unpredictable current. But it's manageable if there are more people and resources working – and working hard – toward course correction, than those who are disrupting the flow.
Go to Forum >>0 Comment(s)