Hacking attacks
We need to be more robust Allister Heath
Imagine, just imagine, having to live under a technology blackout for a day or even a week. No systems, no records or databases, no email, no Uber, no social media, online banking or shopping – we could survive for a few hours, but panic would soon set in. Cash would run out, shelves would empty and people would suddenly have to rediscover the lost art of using pen and paper or – heaven forbid – maps. In extremis, civil order would be jeopardised within 48 hours.
As the economy becomes ever more digital, ever more reliant on the cloud, GPS, online transactions and just in time decisions, it is becoming simultaneously more efficient and consumerfriendly (which is wonderful) and more vulnerable (which is potentially catastrophic). The problem is that we are becoming less resilient (in other words, less able to recover quickly from failure) as well as suffering from reduced robustness (less able to resist such a failure in the first place).
It used to take a war or a series of terrorist attacks to disrupt a nation; now clever hackers can inflict extreme pain. In his book Antifragile, Nassim Taleb argued that we should seek to embrace anti-fragility in all that we do: he meant by that a system that actually improves and become less fragile when it is attacked, thanks to an ability to learn. As he put it, “antifragility is beyond resilience or robustness. The resilient resists shocks and stays the same; the antifragile gets better.”
The massive attack on the NHS by hackers yesterday is a wake-up call for all: individuals, business and governments. We need to start obsessing about cyber-security, not merely paying lip service to it; the hospitals that appear to have been hacked were ultra-fragile. It looks as if they and the thousands of other organisations that were hit hadn’t taken even relatively elementary precautions. They were the embodiment of everything that Taleb rails against.
Most corporate statements on the subjects are not worth the paper they are written on. There are exceptions, of course, and banks and other financial firms have made huge strides; but much more needs to be done across the economy. The public sector – other than high-priority areas such as defence – is especially at risk: it is badly managed and unresponsive at the best of times, and culturally unable to build the sorts of self-organising systems that are required to fight attacks by hackers. The authorities are short of cash, of course, but they need to do more to force the NHS and the public sector to take such threats seriously.
Cyber-crime is the future, and even more worryingly so is cyber-terrorism and cyber-warfare. Hostile nations won’t merely break into email servers: they will wipe data, disrupt power generation, shut down air traffic controllers, and much worse even.
Yesterday’s global attack may quite easily have cost lives: hospitals and surgeries robbed of access to patients records will have treated far fewer people and much less well. At this stage, it is claimed that patient data wasn’t compromised, and time will tell whether this is true. But it was a relatively small-scale attack: a proper, successful assault would have been even worse, and technological advances in the years ahead will create ever more opportunities for mischief.
Take the future of transportation. In 10-15 years’ time, cars will become driverless; they will zoom around our roads, automatically detecting other vehicles and finding the fastest route to their destinations. Accidents, most of which are due to human error, will be cut by 90pc, and we will all be able to work, eat or relax in our cars. Billions of wasted hours will suddenly become useful again, and long commutes will become far more bearable, changing the urban geography of our country.
This will trigger a step-change in productivity and a massive economic boom. But while there is little that hackers can do today, apart from deliberately sabotaging traffic signals, they will have myriad more opportunities in this new world. At worst, they may be able to cause carnage on the roads by destroying IT systems or warping navigation systems; at best, they may be able to shut down all vehicles for days at a time.
We must become much more cyber-safety conscious. There is no time to waste: every business and every public sector organisation must give this new threat its full attention.
‘In future hackers may be able to cause carnage on the roads’