Cyber: the nuclear option

Richard Fenning, Control Risks — Richard Fenning

I arrived in the world in 1962, part of a generation born on the cusp of change. I had just about got to grips with threepenny bits, sixpences and half-crowns, when it was all ditched for the decimal system.

I was just getting my mind around mental arithmetic, long division and log tables when someone invented the pocket calculator.

But despite these apparent advances, this was an age when modernisation was still treated with cautious suspicion, not yet as something to be harnessed for our convenience.

Of course, our house was equipped with all modern devices but under no circumstances were they to be used for their intended purpose. The telephone was an object of status and prestige, heavily patrolled by my mother to be used only in an emergency and most certainly not to be used as a frivolous tool of mass communication.

The black-and-white television was for watching Neil Armstrong walk on the moon and definitely not for idle entertainment.

The black-and-white television was for watching Neil Armstrong walk on the moon and definitely not for idle entertainment. A neighbour—in an outburst of uncharacteristic consumerism—installed an electric can opener, only to be treated as a moral deviant. It broke—never to be repaired—shortly after it had tackled its first tin of spaghetti hoops. Only then was she re-admitted to polite Yorkshire society.

For a small boy in the north of England, the future was a long way off. Not only did we have no inkling of the extraordinary revolution in digital technology that awaited us, but we were still blissfully unaware of many of the routine features of modern life. Reality television, drinkable wine, mobile phones, cars that didn’t need to be push-started in the winter, avocados, dental hygiene, online shopping, speaking to foreigners—all of these exotic possibilities were still waiting for us over the horizon.

Brave new world

Fast-forward 45 years and the future has arrived with a wallop. And my generation, now in our mid-50s, appears to be in charge. Some of us run small companies, some run big companies and a few are even running countries. And this generation, forged in a time when you could complete your entire education without being any more technologically challenged than by the demands of filling a fountain pen with ink, has to confront the great challenge of digital technology.

The challenge is this: will technology continue to transform a globalised world for the better, accelerating the creation of wealth and widening the vast possibilities of a new digital economy?

Or, will the consequences of some awful cyber-attack on a scale we have not yet seen become the malignant legacy of the otherwise remarkable progress we have seen in the past few decades?

The obvious answer is that of course the benefits of digitalisation will prevail; to suggest otherwise is nonsense.

The obvious answer is that of course the benefits of digitalisation will prevail; to suggest otherwise is nonsense. Yes, the cyberworld is full of peril but surely the benefits outweigh the risks? Before we dismiss the argument, it is worth checking that we are as sure of our ground as we think.

The nuclear industry also once promised to transform the world. Here was a sustainable, clean source of energy that could be the answer to our dependence on a finite supply of fossil fuels that were dangerous to extract and polluted the planet. But the nuclear power industry has an errant sibling: nuclear weapons. And so far, good nuclear has not been able to entirely shake off the danger by association from bad nuclear. It remains an expensive, sometimes controversial option, persistently failing to fulfil its enormous potential.

Weighing the benefits

Will we reach a similar impasse with the cyberworld? Can we separate the inspiring possibility of re-engineering the post-industrial economy from the sinister threat of aggressive countries, criminals, terrorists and others lurking in the dark web, waiting to undermine our confidence in the wired, cloud-based critical-dependency that we now rely on so fundamentally?

In a fracturing world where international co-operation is being driven asunder by waves of populism and economic nationalism, there are strong forces working against the possibility of cyber détente, not least because it is such a cheap way to wage war. Compared with the cost of conventional armaments—fighter jets, aircraft carriers, missile systems—teenagers with laptops are the most cost-effective route to weaponisation since the bow and arrow. It is hard to see who has the power and motivation to limit the destructive capability of cyber-proliferation.

For now, this is the state of affairs that we need to live with; the wondrous advantages that accrue from global connectivity will continue to sit uncomfortably alongside an acute sense of vulnerability.

If we want our technological legacy to be positive, then we need to be sure that we are not sleepwalking through one of the most dramatic challenges of our time.

If we want our technological legacy to be positive, then we need to be sure that we are not sleepwalking through one of the most dramatic challenges of our time. We need to be confident that we understand what is required to be as safe as possible in a world where many of the levers of digital security have already been compromised.

The answer is only partly about the deployment of superior technology, because in the cyber-arms race it is easy to be outpaced by the bad guys.

Rather, it is about the laborious process of leading human beings to be responsible for their own security by changing their behaviours, and recognising that some life-style compromises are necessary—not easy in the app-for-everything age.

The current generation of business and political leaders must recognise that this great transformation is happening on their watch. It requires recognition that great rewards come hand-in-hand with significant risks, and that as the negative side-effects of technology gain more public prominence, then the case for progress must be made more thoughtfully, with a better blend of confidence and humility.

Individually, we need to recognise and compensate for the fact that we have had to learn technology when our brains are old, full and inflexible. For some, that may be difficult, but learn we must. We cannot seek refuge in nostalgia for a pre-tech age, however beguiling that may seem. Those days are gone and they are not coming back.

KEY RECOMMENDATIONS

The top-four key insights from the survey:*

Develop resilience frameworks that span the enterprise, capturing and integrating existing risk-management activities. A resilience programme should be considered as a bundle of small projects that incrementally increase the resilience of the organisation over time.
Integrate the risk-management activities and operational disciplines, thereby ensuring that knowledge is actively shared across internal organisational boundaries; consider the utility of multi-disciplinary risk meetings to encourage greater cross-functional collaboration and information-sharing.
Build the capability of personnel with the essential skills such as the ability to collaborate, communicate and build cohesion, alongside the relevant competencies to interpret and implement the resilience requirements.
Organisations should update their cyber-risk monitoring and mitigation plans, doing everything they can to manage this complex, powerful, and evolving risk to the business.