The challenges of cyber-security

The "WannaCry" computer virus has caused problems in many countries. It has infected computers and locked up files so that the owners need to pay a "ransom" to get back access to their data. It is still not known who is behind this computer attack.

The attack is yet another reminder of the dangers of the new computer era into which we are heading. This new era has four characteristics: (i) "digital disruption" (ii) cyberwar (iiii) reputational risk and (iv) governments and societies are unprepared for the shocks to come.

A convenient date for the beginning of "digital disruption" is the prediction by Gordon Moore of Intel on April 19 1965 that the power of computers will double every 18 months-2 years and the price of computers will halve every 18 months-2 years. This process has continued.

For example, Google is developing driverless cars and Mercedes driverless trucks. The speculation is: will human drivers be gone in 15 years?

On the one hand, for how long will we continue to allow (dangerous) humans to drive vehicles (road crashes kill 1.2million people around the world each year). Driverless vehicles are bound to be safer.

On the other hand, motor vehicles are a central part of a modern economy and the fear is that a lot of people will become unemployed. Truck drivers will not be needed. Many ancillary services will also disappear, such as roadside cafes (computers don't need snacks).

Kodak is a current example of digital disruption. Photographers no longer need Kodak for colour photographs. Since 1838 3.5 trillion photographs have been taken; more photos are now taken every two minutes (on 2.5 billion cameras/ smart phones) than were taken in all the 19^th century. But Kodak itself is virtually broke.

Second, cyber-warfare is now the fifth dimension of warfare (after land, sea, air, and space). Cyber-warfare is inevitable because too much of humankind's affairs are being linked via information technology. Critical infrastructure is vulnerable to attack.

There will not be a need to invade a country. An enemy could just destroy the communications systems, for example, infrastructure. The next big terrorist attack on New York, for example, could be the disruption of the city's water supply (whose infrastructure is already run down and vulnerable). Traffic light systems could also be disrupted remotely. (A lesson from the WannaCry "ransomware" attack is how many public institution still use old software systems; there may have been financial problems in upgrading them).

A third dimension is reputational risk. There are many potential categories of cyber-attackers: hostile governments, criminal groups, politically-motivated "hacktivists", "script kiddies" (bored younger people who want to see what they can get away with), and terrorist groups.

There is also a wide range of "soft" targets: transport infrastructure, water and sanitation, fuel supplies, distribution centres, computer-controlled ground stations, mass deletion of government data, hacking hospital IT systems to murder patients on life support systems ("hacked to death"), and car-jacking (hacking into a car's IT system to crash it).

The extent of the problems may be obscured because some institutions may prefer to keep quiet rather than admit to having problems (especially in the private sector). When the attack is revealed it causes damages to the reputation of the institution or company affected.

Citizens seek reassurance that government is somehow "in control" but the threat is now possibly faceless and borderless; potentially disruptive IT knowledge itself knows no boundaries and so may be acquired by anyone. Citizens will come to fear that government cannot protect them.

Finally, government and society are unprepared for the looming problems. The Internet was not designed for all the purposes for which we are now using it and no one predicted how it would come to dominate our lives.

No one evidently thought about how vulnerable the Internet could be from people with malicious motives. As the WannaCry ransomware attack has shown, there are too many points of vulnerability.

Governments are still on a learning curve. They are too concerned with other immediate, short-term political issues and so they get taken by surprise. Many politicians may also lack the scientific knowledge base with which to consider technological issues.

WannaCry has been yet another reminder of the need to enter the computer era far more cautiously than we have been doing.Tragically a momentum builds up and people feel that they cannot swim against the tide, for example, people are being forced into online banking.

But we need far more caution in adopting IT. Make haste slowly.