Interview with Pavlina Desheva and Bilyana Slaveykova of DOGLAR
Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues resulting from the increasing reliance on technology challenge literally everyone. Eric Schmidt, Executive Chairman of Google “In our digital age, the issues of cybersecurity are no longer just for the technology crowd; they matter to us all – no matter whether you work in business or politics, the military or the media—or are simply an ordinary citizen.”
Why cybersecurity matters?
Cybersecurity is an issue which concerns the whole, particularly as we become ever more dependent on the global information and communications infrastructure. But like any common good, cyberspace has also proved to be open to misuse. Most developed economies are now entirely reliant on web-based services: undermining confidence in these systems and networks could do serious damage.
Who it affects?
Potentially anyone who relies on digital infrastructure in their lives, regardless of location.
The information revolution reflects the advance of computerised information and communications technologies and related innovations in organisation and management theory. Sea changes are occurring in how information is collected, stored, processed, communicated and presented, and in how organisations are designed to take advantage of increased information. Information is becoming a strategic resource that may prove as valuable and influential in the post-industrial era as capital and labour have been in the industrial age.
The global digital communication and information transfer infrastructure – presents a wide range of security challenges for private individuals, commercial enterprises, governments and international organisations. These challenges are usually grouped under the term cybersecurity. Despite growing recognition of the scale and nature of threats emanating from cyberspace, the virtual world remains largely uncharted and little understood. Threats within and from it are disparate, diffuse and disproportionate in the harm they could cause. Moreover, unlike in conventional attacks where the perpetrator is usually physical and identifiable, the attacker in cyberspace can be virtual and anonymous.
Society's increasing dependence on Information and Communications Technology (ICT) infrastructure creates vulnerabilities and opportunities to be exploited by unscrupulous actors. Whether through online financial fraud, the dangers posed by hacking, cyber-attacks or the extensive use of the internet by terrorists and other extremists, the risks to international and national security are increasing. Any analysis of cyberspace and the security threats it entails should first acknowledge that this is not the concern exclusively of governments and public authorities, commercial enterprises, or individuals. Cybersecurity is a problem which concerns everyone, particularly as society becomes ever more dependent on the global ICT infrastructure, and therefore vulnerable to interference by adversaries able to act within or against ICT systems.
Modern life is increasingly dependent on a multitude of interconnected and interdependent infrastructures.
While sectors such as food, water, health and transportation and the infrastructure that supports them have always been critical, their ability to deliver is increasingly enmeshed with the information and communications technologies that have become essential components of daily life. Although cyberspace – the sum of these components – is sometimes categorised as a discrete sector, in practice it is so deeply embedded into industries such as energy and transport as to make any separation meaningless. Cyberspace can be visualised instead as a thin layer or nervous system running through all other sectors, enabling them to communicate and function.
Most nations are increasingly reliant on digital infrastructure to run efficiently. Disrupting communications or banking systems would have a massive effect on a modern economy. And as more of the industrial control systems that run electricity grids, factories and other utilities are put online, these systems are also more at risk from attacks. Unlike a traditional military attack — by a missile or a tank — cyberwarfare doesn't require physical proximity. An electronic attack can be launched at a target anywhere on the globe from pretty much anywhere. That means even if your business or home is a long way from any front line you could still become a target. As we connect up more and more devices to the internet, thanks to the emerging concept of the Internet of Things, that potential battlefield extends to your bathroom or kitchen. US intelligence has already said that IoT devices could be useful sources of data for spies.
The Internet of Things has been buzzed about for many years now, especially given the emergence of smartphones, watches, homes, and cars as of late. It’s no secret that technology powered by the Internet of Things has the potential to change how we interact with the world around us, through an ecosystem of connected devices and services. However, despite the convenience, speed and sophistication of such technology, the Internet of Things also brings a major risk. As Sameer Dixit, Senior Director of Security Consulting at Spirent says: “Coupled with emerging technologies like the Internet of Things and self-driving cars, Dixit said, new threats emerge with every new innovation.”
The threat of cybercrime looms ominously over companies and individuals.
The economic damage caused by cybercrime is massive and quantifiable. According to cybersecurity consultancy firm Spirent, hacking costs companies $15.4 million per attack. The figures are stark – according to the Institute of Cybersecurity, globally there are over 10,000 cyber security attacks every hour and experts estimate the value of the cybercrime economy to be over a trillion dollars per year.
Connected systems present a higher degree of risk to critical infrastructure. Old systems are prime targets, not just because they control our electricity, natural gas, water, waste treatment, and transportation networks, but also because they were not designed with cybersecurity in mind. With the expansion of IoT, from home appliance to security monitoring systems, new security challenges are becoming pervasive. Devices that were not meant to be internet-enabled are now online and potentially open to attack. Without proactive testing, networks are more vulnerable than ever before. Hackers have new entry points via which they can not only gain unauthorised access to our home or business networks but can also intrude into our privacy.
What is more, people could be directly affected. Car hacking has been demonstrated.
Shutting down power to a hospital can threaten lives. Network-connected healthcare devices can be misused. The things we're putting on the internet range from convenience devices for comfort and lighting to life-sustaining devices like pacemakers and other medical implants. While most hacks are not life-threatening, successful hacks have been executed on a pacemaker, a radiation machine (to give higher than prescribed doses), IV drip therapy devices, etc. Naturally, any attack that alters the operation of life-dependent devices or doses of life-saving drugs puts people at risk.
Actions which take place in cyberspace or on the virtual battlefield may be difficult to identify and therefore to attribute with sufficient accuracy. Although their impact can certainly be felt in the physical realm and in normal life, these attacks take place surreptitiously. Was the attacker a foreign power or a small group of bored youths? Furthermore, the absence of immediate, visible harm and damage can mean that cyberattacks are regarded as somewhat removed from reality, perhaps even as science fiction. In cyber warfare the boundaries are blurred between the military and the civilian, the physical and the virtual, and power can be exerted by states or non-state actors, or by proxy. Cyberspace has merely extended the battlefield and should be viewed as the fifth battlespace alongside the more traditional arenas of land, air, sea and space. It distorts our fledgeling understanding of cyber warfare to argue that it is a conflict space in its own right. Simply put, cyber warfare is a new but not entirely separate component of a multifaceted conflict environment. At comparatively low risk, significant damage and disruption can be inflicted on the intended target with little fear of reprisal. As a result, cyberspace gives disproportionate power to small and relatively insignificant actors. While cyberspace may offer strategic value it lacks the impact of physical fear that conventional terrorism employs to maximum effect on a population. One of the main attractions of cyberspace is the shield of anonymity it offers, at least in the short-term. Operating behind false IP addresses, foreign servers and aliases, attackers can act with almost complete anonymity and relative impunity.
Data and information will continue to be weaponised
As criminals and hacktivists leak data publicly in order to cause significant damage to businesses, reputations, and even governments and we will continue to see individuals', corporations' and public entities' info used against them as a weapon. That is why strong cyber defences are absolutely necessary for long-term security. The task facing policy-makers is to design security measures that can achieve societal consensus and preserve the ability of cyberspace to flourish, thrive and provide these goods and wider benefits. This is one of the most difficult policy challenges of the early 21st century, and it is crucial to encourage a comprehensive and inclusive understanding of cybersecurity across society.