High tension: risks to technology that controls infrastructure grow © Dreamstime
Experimental feature

Listen to this article

Experimental feature

As far back as the 1897 publication of HG Wells’ The War of the Worlds, strategic planners, policymakers, and science-fiction writers have tried to predict what might cause a global catastrophe. While epidemics, hunger and nuclear conflict have all been cited, today’s interconnected world is now seen by many as posing the biggest risk to our world.

As critical infrastructure — such as power grids, water supplies and transportation systems — is increasingly controlled by digital and web-based technology, could terrorism or natural disasters could disrupt services controlled over the internet on an international scale?

The good news is that destruction of the internet at a global level is highly unlikely. “The internet was built to be incredibly resilient,” says Caleb Barlow, a vice-president at IBM Security. He cites the 9/11 attacks in 2001 as an example of the system’s strength. Hijacked planes not only destroyed New York’s World Trade Center, they also wrecked one of the world’s largest switching networks.

“Almost all of it was destroyed, and on a day when internet traffic was at an all-time high,” he says. “There were problems but they were very quickly resolved.” The reason for this resilience, adds Mr Barlow, is that while individual parts of the system are vulnerable to unexpected events, the way in which internet services are spread between different suppliers, providers and operating systems makes it hard to destroy.

Despite this, risks to the technology controlling individual parts of our connected infrastructure are growing. For example, security experts worry about the damage an electromagnetic pulse (EMP) could cause. This is a short burst of electromagnetic energy that, whether of human origin such as a nuclear explosion, or caused by natural phenomena such as lightning strikes or solar flares, could shut down critical infrastructure and damage electronic equipment.

“Not only does an EMP take out the electrical grid but it also fries the chips in all our devices,” warns Marc Goodman, a global security adviser.

Services that rely on the internet are also vulnerable. Take food supply chains, for example. Suppliers, retailers and farmers are increasingly reliant on web-based information systems to manage production, procurement, transportation, delivery and sales. Any online disruption could cause chaos.

“We live in a just-in-time world. It provides a greater degree of efficiency in logistical activity, but if the whole thing falls over, it goes bad very quickly,” says Richard Seymour, co-founder of Seymourpowell, a design and innovation company.

In addition to network-wide attacks, cyber criminals could also attempt to exploit vulnerabilities in devices that are wirelessly connected — the so-called internet of things.

John Villasenor, a UCLA professor and an affiliate of Stanford University’s Center for International Security and Co-operation, cites the ability of researchers to remotely hack into the controls of a Jeep Cherokee via the vehicle’s entertainment system as an example of how cyber crime can affect ordinary people.

“No one intentionally created that vulnerability [in the Jeep],” says Prof Villasenor. “But this is a perfect example of where, in the interest of creating connectivity, people create too much,” he says.

Given the commercial opportunities seen in the internet of things — in everything from remotely controlled heating systems to printers that order their own ink — the risks are increasing at a faster rate than policymakers or security companies can keep up with, according to Alan Brill, a senior managing director at Kroll, a security company.

“Cyber technology seems to be advancing at the speed of light but the laws and regulations covering it tend to move at the speed of congress and parliament,” he says. “That gap represents a risk factor.”

For Mr Seymour, the fact that physical objects are being connected so quickly and without agreed safety standards could lead to unintended consequences, “some of which could be annoying and some catastrophic”.

One only has to substitute the example of the car — hacked though its entertainment system — with that of an aircraft to understand the magnitude of the risks created when previously unconnected systems become linked.

Technology may provide some answers, as data analytics and machine learning could eventually provide better security based on the recognition of individuals’ behaviour patterns, so helping to prevent terrorist attacks, for example.

However, Mr Barlow argues that a shift from secrecy to transparency will be needed and companies, intelligence services and governments must start to share information about threats far more openly. “We have to completely change the mentality,” he says.

Get alerts on Cyber Security when a new story is published

Copyright The Financial Times Limited 2019. All rights reserved.
Reuse this content (opens in new window)

Follow the topics in this article