You don’t have to be a digital whizz kid to know that the wars of the future are likely to be fought somewhere in cyberspace. The threat from cyberattacks has grown rapidly — and corporate Europe is urging action.
The digital revolution has made techies of millions of people around the world, hooked up and logged on to an overarching superstructure practically all the time.
For all the benefits it has brought, it has come with costs and few have more profound consequences than the growing risk of serious cyberattacks. Everything from critical infrastructure, such as power plants, electricity grids and public transit systems, to software and IT systems, be they corporate, governmental or personal, are in the firing line.
Few can be in much doubt anymore that the threat is real. Last year’s massive “WannaCry” ransomware attack affected over a quarter of a million computers in 150 countries and continued the trend, starkly evident over the last decade, that cyberattacks are on a sharp rise.
The threat posed is seen as so severe that it is estimated by the World Economic Forum that it could cost as much as $8 trillion (€6.38 trillion) in damage over the next few years alone. Even graver risks than the financial cost, such as those posed to national security and public health and safety, also loom large.
On Friday at a major security conference taking place in Munich, several corporations already invested in fighting cyberattacks signed up to a charter that urges a string of collective intergovernmental, corporate and societal actions aimed at safeguarding digital systems of all kinds.
Siemens, Allianz, Airbus, IBM, Daimler, Deutsche Telekom, NXP and SGS are the eight companies signing up to the charter, which lists 10 principles they see as essential for “establishing a new charter of trust between society, politics, business partners, and customers.”
Recognizing the threat
“Failure to protect the systems that control our homes, hospitals, factories, grids and virtually all of our infrastructure could have devastating consequences,” runs a statement from the signatories. “Democratic and economic values need to be protected from cyber and hybrid threats.”
The charter urges several specific measures, for example the routine establishment of governmental ministries tasked specifically with cybersecurity, a comprehensive education drive aimed at improving base level knowledge of issues around cybersecurity and a range of security-based measures aimed at fending off increasingly sophisticated attacks.
The corporations insist that in order for the full benefits of digitalization to be felt — a process currently blowing powerful winds of change through several industries — people need to have full faith in the new technological systems they are expected to place their trust in.
“Digitalization and cybersecurity must evolve hand in hand,” the statement says.
From the common thief to the nation state
The collective move by the companies can be seen in the context of the increasing urgency with which the corporate and political world is treating the issue of cybersecurity.
Cyberattacks vary in form. There are straight up “stand and deliver” style online robbery attempts such as WannaCry, which demanded that users whose systems were beset by a damaging virus wire ransom money via Bitcoin.
Then there is the political dimension. Several countries, such as the USA, the UK and Japan asserted that North Korea, currently in the eye of a major geopolitical storm, was behind WannaCry. Then there is the ongoing US investigation into alleged Russian interference in the 2016 US presidential election, much of it supposedly orchestrated through hacking and other cyberattack methods.
Probably the most chilling threat posed by cyberattacks relates to critical infrastructure —physical or virtual assets and systems seen as essential to the daily functioning of society.
Cyberattacks on power plants have become increasingly common, with the energy sector having sustained more than any other industry, according to a Siemens report on the issue. In theory, a sufficiently sophisticated cyberattack, for example by nation-state players acting on behalf of a hostile government, could disable an entire national power grid.
In 2014, Michael Rogers, the Director of the American National Security Agency (NSA), told a US Congressional panel that China and “probably one or two other” countries have the capacity of shutting down the American power grid, and other critical infrastructure systems, via a cyberattack.
Needless to say, this is a capacity unlikely to be beyond the United States itself.
High costs, higher risks
Going by the so-called “charter of trust” being promoted in Munich, there are solutions that can significantly limit the risk posed by cyberattacks.
Given that many cyberattacks, even those targeting highly secured software networks, start with attempts to deceive workers into letting a system’s defenses down, constant education and training around the ever-evolving area of cybersecurity is seen as essential.
However such an effort, along with the kind of cybersecurity beefing-up proposed by the charter — such as software which could regularly look out for malware and other anomalies in a network — costs a lot of money.
With the rapid trends towards “Internet of Things” (IoT) technologies across several sectors, the need to adequately upgrade varying forms of equipment to the highest levels of security and technical sophistication possible is expensive. A US Department of Energy report in 2017 put the cost of adequately updating the US power grid to such standards at close to $500 billion.
However, given what is potentially at stake, both in terms of human and societal cost, it’s hard to argue that any figure is too high.
With corporate giants so often at loggerheads over the everyday cut and thrust of business, their coming together over an issue with no obvious, immediate bottom-line financial gain is likely to be taken seriously.
“We have to make the digital world more secure and trustworthy,” said Siemens CEO Joe Kaeser. “It’s high time we acted — not individually but jointly.”