The Great Compromise: Balancing Security and Innovation
The recent news that the 2013 compromise of the Bowman Avenue Dam is being blamed on the Iranian government has prompted new discussions about our current global security climate. This particular attack was relatively unsophisticated. It took place in a small community outside of New York City and impacted back office systems, not the operational systems of the dam. It was promulgated by a group of lower level hackers who used off-the-shelf malicious software tools that could be downloaded off the Internet.
The White House and Justice Department has examined this incident as yet one more indication of the susceptibility of U.S. infrastructure to cyber-attacks. It reinforces the concern that even relatively unskilled threat actors have the ability to get ahead of sophisticated security efforts to do significant damage.
Particularly as we continue to connect every part of the global ecosystem, we have to consider that there is a very real tradeoff between innovation and privacy. Part of what makes the conversation so important is exactly what we see in the Bowman Avenue Dam story. The downside to hyperconnectivity and globalization is borderlessness. The world has become a level playing field as technology and knowledge continue to diffuse. Our adversaries are not known, they wear no uniforms, and are not geographically identifiable; they could be anywhere in the world.
The risks to our infrastructure, our personal data, and our ability to connect and share knowledge as we know it, come from anyone with a desire to disrupt– they could be individuals working alone, a state-sponsored group like the Iranian hackers, or virtually any number of other types of threat actors seeking to inflict damage, both perceived and actual. It just takes the desire and wherewithal.
We have reached a point at which technology has diffused to such an extent that it’s undermined our resiliency, rather than strengthened it, and we must recognize that our sense of security is more perceived than real.
If we accept that true data privacy is impossible, we have to consider what tradeoff we’re willing to make between security and convenience.
Forming a New Expectation for Privacy
Stories like Bowman Avenue Dam or the recent arguments between Apple and the FBI make it apparent that we have reached a new inflection point. We have to ask whether we have been telling ourselves a bedtime story about privacy and security. We have to consider – as individuals, businesses and government organizations are beginning to do – how do we balance the reality of privacy issues and the incredible pace of innovation.
Realistically speaking, we are fairly early in the evolution of truly at-risk technology – things like wearables and bio-digital convergence, or Artificial Intelligence (AI) are only just becoming truly integrated into our lives. These technologies represent the foundation for the future of knowledge sharing. They are the kinds of channels through which individuals will become more tightly integrated into the global technology grid. And while there’s yet to be imagined benefits to this hyperconnectivity, we do know that it puts personal, organization, national, and international data at ever-greater risk.
As we flash forward 10 years, we must consider the question of trust in terms of information, data, and digital connections. As we continue to consume more and more information from our devices, algorithms and other machines, what happens when we no longer trust the veracity of the information? How much do we trust the technology itself? How much can we trust those who are creating and securing it? How much can we trust unseen forces that could manipulate the technologies to do us harm? Does this lack of trust have the potential to fundamentally alter the manner in which we engage, learn, and collaborate in the future?
With public stories shining a spotlight on this issue, and conversations taking shape as a result of the election cycle, now is a great time to take a strategic pause to weigh opportunity and risk.
Toffler Associates has taken a multi-faceted view of this issue to devise a few recommendations for organizations willing to stop for a moment to orient development and security.
- We have discussed the need for a focus on resiliency across organizations, as breaches of one type or another are virtually inevitable. We must ensure that our societies are resilient as well, as this issue transcends organizations and will impact true H2H connections.
- Within your own organization and those with which you interact, make sure that security is not a compartmentalized role. Rather, there should be a culture of vigilance that is actively embraced by every member of the team, from top to bottom. Security must have a seat at the table.
- With every potential innovation, take an opportunity to flash forward and consider the potential tradeoffs. The development phase is a much more appropriate point to understand, plan and adapt than the point at which you are responding to an incident.
- Focus on trust throughout all we do. It is the fabric that binds societies, nation states, and organizations as we innovate and collaborate to build better futures. We have the opportunity to ensure that our trust in the future is not compromised by an over-reliance on technology but a balanced approach that retains some focus on the human.
As we have seen, holistic threat and risk prevention is a myth. There will be attacks and disruptions. We know that these are dire topics but we can endure. There is every reason for optimism. We have the opportunity to start a real conversation about security and resiliency, working together to develop innovate solutions to fast paced problems. The great diffusion of knowledge and technology presents many opportunities to work together and we must seize them. Now is an ideal point to have informed, open conversations about how to approach security as resiliency, and to build proactive models (like P3 alliances) that integrate privacy and innovation.
It is time to build a path to a more resilient future.
- Security and Resilience Analysis