Technology has been an indispensable tool in our response to the Covid-19 pandemic and the resulting economic crisis.
Doctors have adopted telemedicine. School children learned in digital classes. Billions of us communicated, shopped, worked and played primarily online.
But unless we are careful, our increased reliance on technology can magnify, rather than minimize, the next global crisis. Much like the Covid-19 pandemic, this risk falls into the category of fully foreseeable, but largely unanticipated risks. We know how this story might play out even though we haven’t read the script yet.
Our pervasive use of technology has already surpassed our ability to safely manage it. Unless we upgrade our security, governance and regulatory regimes, we will remain extremely vulnerable to critical infrastructure crippling, either by malicious design or by default. Call it a tech crash.
This week’s events at FireEye point out the inherent risks. The job of the US cybersecurity firm is to protect its customers from hackers, but it has itself been hacked. FireEye pointed to suspicion of a state-sponsored attacker “who was primarily looking for information relating to certain government clients.”
Alarmingly, the hackers have stolen the tools used by FireEye’s “red team” which hack into its customers’ systems to expose their own vulnerabilities. The company is now scrambling to deploy countermeasures.
Cyber weapons have already become an accepted part of the armories of many states due to their cheapness, effectiveness and denial. Their use was examined in a chilling new HBO documentary, The perfect weapon, based on a delivered by David Sanger.
The film shows how the United States and Israel were the first to realize the power of cyber weapons, unleashing the Stuxnet malware against Iran to degrade its nuclear weapons program in 2007. “Stuxnet was the first time that ‘ a large state was using a powerful cyber weapon in an aggressive manner, ” Amy zegart, the co-director of the Center for International Security and Cooperation at Stanford University, said in the film.
But this successful attack opened up a Pandora’s box of problems that is now impossible to close. Iranians, North Koreans, Russians and Chinese quickly concluded that cyber warfare was an asymmetrical game against a country as large, open and digitally exposed as the United States.
In 2014, there was a damaging Iranian cyberattack on the casino empire of Sheldon Adelson, the American tycoon who had openly called for a nuclear bomb to be dropped on Iran. North Korean hackers then inflicted severe damage on Sony Pictures angry at the release of a movie mocking dictator Kim Jong Un. They later posted the WannaCry ransomware, exploiting loopholes in Microsoft software to strike over 155 countries.
The Russians have launched cyber attacks against Ukraine, disabling power grids, subways and airports. They also hacked into the Democratic National Committee during the 2016 US presidential election campaign and posted stolen emails to WikiLeaks.
Chinese hackers opened the US office of personnel management access nearly 22 million files. According to the experts named in the film, they also attempted to hack the Covid-19 vaccination programs and deliberately fed a “Infodemic” of disinformation about the pandemic in the United States.
Given all of this, it’s no wonder that U.S. defense officials have been warning for years about the dangers of a “cyber Pearl Harbor” that could destroy critical infrastructure, even if they plan to release cyber attacks of their own.
But it is not only the cyber conflict between states that is alarming. We must also be concerned about the systemic instability of the Internet, given its governance incredibly fragile. Ingenious short-term fixes stayed in place for a remarkably long time while long-term fixes never materialized.
Satya Nadella, chief executive of Microsoft, says the company’s confidence in the technology has worsened amid growing concerns about cybersecurity, privacy, internet safety and the ethical use of artificial intelligence. “Since technology is inevitable to play a much more central role, we need to build trust,” he said this week.
Enterprise engineering teams should take more responsibility for developing systems to ensure security and build trust, Nadella said. But we also need new regulations and institutions.
Our governance structures remain stuck in the analog age. We must either rethink their scope or invent new ones. We could start with a World Data Organization to agree protections for personal data and secure international data flows. The digital equivalent of a U.S. Food and Drug Administration could be tasked with pre-approving algorithms used in sensitive areas, such as healthcare and the justice system. And a digital Geneva Convention could set the limits of cyber warfare.
William Gibson, the science fiction writer who coined the term cyberspace, told me earlier this year that we may be the last generation to distinguish between our offline and online worlds. He is probably right. It is time that we rule our physical and virtual worlds as one.