We need to move beyond seeing technology as either a miracle or a disaster and focus on building resilience, says the World Economic Forum’s Derek O’Halloran.
Digital technologies are changing our world. We tell ourselves two stories about this process – we could call them “techtopia” and “cybergeddon”. In the first, the future is bright and wonderful, in the second technology unleashes unknown dangers and threatens culture itself. However, a more mature perspective is emerging as resilience to cyber risks is recognised as a critical enabler of economic growth.
Techtopia: Digital connectivity of people, objects and infrastructure is transforming industries for huge social and economic gain. These gains are being driven not only through greater efficiencies, but through completely new business and social engagement models. From the connected car to smart cities, from energy infrastructure to air travel, from cashless banking in places like Kenya to on-the-spot market prices for farmers in developing economies, we are witnessing an explosion of innovation and excitement around the potential of technology centred not solely in Silicon Valley, but across industries and individuals everywhere.
Cybergeddon: This discourse of optimism is counterbalanced by a conversation about the new risks and threats. Fears, uncertainties and doubts around technology range from the speculative to the profoundly disturbing. We do not know if the Internet is changing our brains, but we do know that vast portions of our critical physical infrastructure networks (oil, gas, electricity, water, trains) are controlled remotely and that financial markets – “money” by any definition – is almost entirely digital. We would also be surprised to find a major multinational whose intellectual property is not held in some digital format, somewhere.
Unfortunately, these two stories are all too often presented as separate and distinct. Different communities promote opportunities and try to fight the security battle. It is partly our fault as news consumers. Evangelists and doom-mongers make for better stories than analysis. We like to know what sort of story we are hearing. Is this a comedy or a tragedy?
In reality, of course, there is only one story. Just as with countless innovations past, the fear and the blind optimism are simply a natural symptom of the newness of digital technologies. Opportunity and risk are just two sides of the same coin. A more mature, balanced agenda is emerging, along with some basic insights that are guiding growing numbers of organizations and nations worldwide.
First, digital transformation makes the protection and resilience of our shared digital infrastructure a strategic concern for our economic and social well-being. The ability to provide a trusted environment for individuals and business to interact online is a critical enabler for innovation and growth.
Second, the protection of digitally-held assets and digitally-connected things is a top leadership issue. Cyber security is no longer just something to be delegated to someone in the IT department; cyber resilience is a core component of any strategic planning process. CEOs, ministers and heads of state do not need to be cyber experts, but they do need to understand the risks it poses and their organizations’ capabilities to protect and bounce back.
Third, there is no one organization, company, industry or country that can solve this problem alone. Asking leaders to take responsibility for their own domain is like asking someone to wash their own hands. It’s good for yourself and it stops the spread of germs. We need everyone to wash their hands. Beyond aligned individual actions, there are also issues that can only be solved together – protecting critical infrastructure, evolving the right policy environment and ensuring interoperability across different regimes.
Finally, resilience becomes a part of innovation, design and strategic planning. What do cyber resilient business practices look like? What do integrated cyber security and digital policies look like?
There is lots of innovation and collaboration emerging around different regions and industries to tackle these issues. One initiative at the World Economic Forum, Partnering for Cyber Resilience, is providing a platform for companies and governments to come together and learn from each other in a safe environment.
Why cyber resilience and not cyber security? Security implies bigger walls protecting a unit. Resilience is about a systems ability to return to normal functioning. Just like controlling the spread of epidemics, interdependence makes cyber risk management a shared, systemic issue. After all, would you want to tackle a superflu alone?
Author: Derek O’Halloran is Head of Information Technology Industry Team and Head of the Partnering for Cyber Resilience Initiative at the World Economic Forum.
Image: Researchers at an Anti-Virus Research Center study polymorphic decryption code REUTERS/Handout