Opinion Security News

Rising Global Cybersecurity Risks – Consequences of Digital Fragmentation or Growing Chaos? WEF Risk Report 2020

IMPORTANT NOTE: The following blog is entirely based on the World Economic Forum (WEF) Global Risk Report 2020. With a few inputs of my own, I have excerpted the critical portion “World Wide Web – Consequences of Digital Fragmentation” from the comprehensive report for our readers and viewers.

 I highly recommend reading this not only for the facts and figures but also to understand how the cybersecurity and risk landscape globally will impact the politics, economics and society for the next one decade.

The 15th edition of World Economic Forum (WEF) Global Risk Report 2020 is out. Data Fraud or Theft and Cyberattacks, which were in the top five risks in terms of likelihood in 2019 are missing from the list of 2020. Good news? May be. But wait! They are still among the top 10 risks facing the world going into 2020. They are at number 6 and 7 just after the top five – extreme weather, climate action failure, natural disasters, bio-diversity loss, human-made environmental disasters. If we talk about the impact of these two factors, they stand at number 6 and 8 respectively. The danger is far from over and it seems to be building up. With more nation-state actors coming into play, with lethal state-sponsored attacks being planned in more creative ways, and more vulnerabilities being found and exploited every moment, the danger has compounded.

Consider this: More than half of global population has access to Internet (mobile or broadband). WEF data suggests that ~ a million new people go online each day. 2/3rd of humans world over own a mobile device now. On one side while this is a great momentum towards connecting the people and empowering them digitally, on the other, it is adding to chaos in terms of technology governance framework and cyber insecurity. “It is a significant risk,” says WEF report. Respondents to the WEF survey rated “information infrastructure breakdown” as the sixth most impactful risk in the years until 2030. This breakdown can only be the result of weak cybersecurity infrastructure and risk frameworks across domains, specially the critical infrastructure assets.

The 4th Industrial Revolution (4IR): According to the report, Fourth Industrial Revolution (4IR) technologies are already bringing tremendous economic and societal benefits. The next wave of 4IR technologies will dramatically reshape economies and societies. Precision medicine, autonomous vehicles and drones are growing fast, while artificial intelligence (AI) alone is expected to boost global growth by 14% by 2030. Smart technologies have enormous potential to improve both human life and the health of the planet.

  • Satellite-based applications can aid rural farmers to irrigate their crops efficiently
  • – Prostheses can be 3D printed
  • – Autonomous vehicles can be employed by the elderly to support better mobility
  • – The Internet of Things (IoT) can even help to lower CO2 emissions by optimising energy consumption and reducing traffic congestion
  • However, many unintended, unforeseen consequences have also surfaced due to these 4IR technologies. Cyberattacks have become a common hazard for individuals and businesses.

Fifth generation (5G) networks, quantum computing and AI are giving birth to new threats of their own. The lack of a global governance framework for technology risks fragmenting cyberspace, which could deter economic growth, aggravate geopolitical rivalries and widen divisions within societies.

The Dangers of Digital Innovation:

 Cyberattacks: The digital nature of 4IR technologies makes them intrinsically vulnerable to cyberattacks that can take a multitude of forms—from data theft and ransomware to the overtaking of systems with potentially large-scale harmful consequences. Operational technologies are at increased risk because cyberattacks could cause more traditional, kinetic impacts as technology is being extended into the physical world, creating a cyber-physical system. However, using “security-by-design” principles to integrate cybersecurity features into new products is still secondary to getting products quickly out into the market. Cyberattacks on critical infrastructure — rated the fifth top risk in 2020 by our expert network — have become the new normal across sectors such as energy, healthcare, and transportation. Such attacks have even affected entire cities. Public and private sectors alike are at risk of being held hostage. Organised cybercrime entities are joining forces, and their likelihood of detection and prosecution is estimated to be as low as 0.05% in the United States. Cybercrime-as-a-service is also a growing business model, as the increasing sophistication of tools on the Darknet makes malicious services more affordable and easily accessible for anyone. The IoT is also amplifying the potential cyberattack surface. It is estimated that there are already over 21 billion IoT devices worldwide, and their number will double by 2025. Attacks on IoT devices increased by more than 300% in the first half of 2019, while in September 2019, IoTs were used to take down Wikipedia through classic distributed denial of service (DDoS) attacks, and the risk of IoT devices being used as intermediaries is expected to increase. In 2021, cybercrime damages might reach US$6 trillion — what would be equivalent to the GDP of the world’s third largest economy.

Vulnerable Data: 4IR technologies run on data, making privacy a major challenge. IoT devices collect and share data that are potentially highly sensitive for individuals, companies and states, from personal identification and medical records to national security information. The data brokering market—aggregating, disaggregating, copying, searching and selling data for commercial purposes—is worth an estimated US$200 billion a year. Data theft can enable the manipulation of individual and collective behaviour, leading to physical and psychological harm. Artificial intelligence (AI). AI has been dubbed both “the most impactful invention” and our “biggest existential threat”. Indeed, we may not even be able to comprehend AI’s full potential—or its full risk. Some risks—such as manipulation through fake news and “deepfakes”—are well known. Others are yet to be fully uncovered, including in such areas as braincomputer interfaces and hyper-automation (combining robotics and AI).

Fifth Generation (5G): 4IR technologies rely on high-speed digital infrastructure—on 5G networks and, further down the road, 6G. While 5G technology can be built in part on existing 4G infrastructure, significant shortfalls in capacity are expected as early as 2020 in some countries. Current projections show the risk of a US$1 trillion global gap in telecommunication infrastructure investments through 2040. In developed countries, the challenge is not only to build modern infrastructure but also to overcome reliance on legacy systems, on which the public and private sectors currently spend up to 80% of their technology budgets. Here, introducing new, safe and reliable systems into existing capabilities is key; some entities have already begun to do this.

Quantum Computing: Quantum computing could dramatically reduce the time needed to solve the mathematical problems on which encryption techniques currently rely— from months to minutes and seconds. It risks rendering useless most of our existing data security and critical infrastructure systems, including military networks, email and power grids.

Cloud Computing: While many technical advancements of 4IR are essentially digitally based, cloud computing has the potential to enhance trans-sectoral development, expand technological access to remote areas and further link AI to other 4IR technologies. At the same time, with increasingly more data hosted in the cloud, companies are amassing personal information like never before, which could ultimately create potential new data privacy and security risks.

The Importance of Global Tech and Cyber Governance

Attempts to address the security challenges of 4IR technologies are maturing, but they are often still fragmented and limited in scope and participants. Numerous initiatives bring together businesses and governments to build trust, promote security in cyberspace, assess the impact of cyberattacks and assist victims. Multilateral efforts, such as the Council of Europe’s Budapest Convention, also aim to define responsible behaviour in cyberspace and harmonise the patchwork of existing laws and regulations. Collaborative incident response and information-sharing efforts attempt to centralise cybersecurity capabilities to reduce the impact of cyberattacks. International efforts to develop AI standards are also ongoing (for example, in the field of AI and ethics alone, there are over 80 frameworks), yet the large increase in such initiatives serves to fragment the response to the threat, often imposing burdensome and sometimes conflicting obligations on organizations operating across national boundaries. The proliferation of standards also makes it more difficult for countries and companies to converge on a single one as more AI-enabled systems are adopted. Even more critical, international and national policies are not keeping up with technological advances. The need is urgent for a more comprehensive, inclusive and agile global governance architecture to address the dynamic and intertwined security issues raised by the 4IR. The “age of digital interdependence” will benefit all societies only if the wide-ranging geopolitical, economic and societal risks it could bring are managed in a coordinated and inclusive way. The current disruption of the multilateral system renders the development of such a framework more challenging.

Geopolitical Risks:

Digital innovation is both influencing and being influenced by geopolitical tension, which amplifies the possibility for risk and minimises the chances for cooperation. At the same time, the private sector exercises significant power to impact outcomes in this realm. Indeed, global tech companies have leveraged open digital borders to integrate global supply chains and connect people worldwide—but these companies are also challenging some core competencies of nation states, such as standard-setting and monetary policies. Technological predominance and future national competitiveness go hand in hand. The lack of a global tech governance framework increases business influence on standard-setting, the foreign participation in national critical infrastructure, foreign acquisition of domestic technology, the offshoring of data, and technology transfer as a price to access foreign markets, influencing societal risks as well.

Additional risks for states include:

Parallel cyberspace: Connectivity depends on internationally established protocols. Historically, multilateral stakeholders have tended to favour a fairly open and loosely regulated cyberspace. However, current international developments point to an increased risk of divergence in protocols—old and new—that could lead to fragmentation of cyberspace and future technologies. Additionally, if countries continue to seek “cyber-sovereignty”— national or regional versions of the Internet—global interconnectivity could be further disrupted.

 First-mover advantage: Patents in 4IR technologies are being filed at an increasing rate. Governments as well as businesses want to be at the forefront of cutting-edge technologies because they stand to benefit from being the first to make breakthroughs. First-mover advantage can shift geopolitical balance by influencing standards, systems and production chains.

A new digital arms race: Digital dependency is changing the nature of international and national security, raising three urgent issues:

  • How to protect critical infrastructure
  • Uphold societal values
  • Prevent the escalation of state-on-state conflicts

Digital technologies increasingly feature in asymmetric warfare, enabling attacks by smaller countries and non-state actors on larger states. Viruses developed as cyber weapons have been re-purposed by adversaries after being released into cyberspace. Cyberspace has become an extension of the military domain, triggering new technological arms races. In 2019, several countries agreed to pursue the establishment of guiding principles for the use of lethal autonomous weapons systems. However, key military powers are resisting international legal regulation in this area, increasing the risk of serious future mishaps.

Interruption of international interconnectivity: Increased intelligence sharing between government cybersecurity agencies and infrastructure operators has strengthened the appreciation of challenges related to cyberattacks and improved preparedness efforts. It has also raised the question of whether the participants in critical information infrastructure are trustworthy. The fragmentation of cyberspace will render those efforts moot and create possibly insurmountable technological incompatibilities for law enforcement to cooperate across varying systems.

Economic Risks

 It is no surprise that technology hardware supply chains have driven recent research and development (R&D) and trade debates between major global economies. Many countries are heavily scrutinising investment in—or acquisition of—technology companies by foreign investors. Countries are increasingly looking at foreign investment in universities to assess risks of intellectual property—in the form of research and its potential commercial applications— vanishing abroad. Technology transfers in exchange for market access have become a contested part of trade negotiations. These issues highlight the trade-offs countries are making between near-term economic gain at a time of slow growth and longer-term security in an increasingly challenging geopolitical context. Europe’s desire for its own cloud—in part to retain valuable data now being extracted by foreign players—risks it falling behind in this global race.

Other economic risks include:

Fragmentation costs: In today’s hyperconnected global economy, it is estimated that a total shutdown of the Internet would result in a daily GDP loss of 1.9% in a high-connectivity country and 0.4% in a low-connectivity country. Fragmentation of cyberspace and technologies could aggravate these economic consequences by having negative effects on businesses’ use of cloud services, increased transactional costs of doing business across parallel jurisdictions and lower productivity by requiring different production lines for different markets. These economic consequences undermine businesses’ ability to realise the potential of 4IR technologies.

Loss of sustainability: As the world is on the brink of climate collapse, the necessary duplication of efforts for overcoming such technical fragmentation would not only be economically counterproductive, but also environmentally inefficient. This inefficiency is further amplified by countries’ pursuit of isolated national technology regulations. Adaptation to different products for different markets would inevitably increase the negative environmental footprint of any industry. At the same time, today’s ecological footprint of mass data generated for and by AI— for example, the energy required to run servers—is already considerable.

Monetary and fiscal risks: The lack of coordinated efforts by nations on how to capture wealth created by open trade and through digital means is a major challenge, creating disparities with local companies and between countries. Moreover, new digital currencies operating outside a clear regulatory framework could undermine sovereign currencies and international cooperation against money laundering. Collapse in confidence in digital currencies could also threaten financial stability. At the same time, innovation in this space could provide social benefit but this requires, as then-IMF Chair Christine Lagarde warned, “being alert to risks in terms of financial stability, privacy or criminal activities, and ensuring appropriate regulation is in place to steer technology toward the public good.”

Societal Risks

The differential speed of 4IR developments around the world risks widening divides between nations. Highly digitised economies have the capacities and capital to invest in future technologies, leaving behind others— especially in Africa, ASEAN and Latin America—that currently trail in areas such as patents, IoT development and market capitalisation.

Societal risks include:

Digital divide and wealth gaps: A widening digital divide between countries risks a vicious cycle, as increasing wealth gaps and a brain drain make it harder for those left behind to catch up, and easier for regions to miss critical investment opportunities that would allow access to new 4IR technology markets. Hence, countries could lose out on the compounding effect of investments and subsequently lack the R&D capabilities needed to thrive, contributing to yet further brain drain.

A human dystopia: Given the growing societal awareness of problems such as biased algorithms and cyberbullying, there are many calls for deeper engagement on questions of ethics in the development and use of 4IR technologies. Due diligence must be applied to avoid negative consequences for under-represented communities. The lack of a global technological framework could lead to a dystopia involving, for example, cyberbullying without consequences, workplace surveillance and the erosion of employee privacy. While the open cyberspace has allowed the democratisation of certain processes and increased access to information and data, growing opportunities for promoting falsehoods (accidentally and deliberately) have resulted in a gradual erosion of trust in media, social networks and even governments. Data are increasingly being collected on citizens by government and business alike, and these data are then monetised and used to refine the development and deployment of new technologies back towards these citizens, as consumers. Amassing of data by a handful of small entities leads to a further entrenchment of gaps between advanced and emerging economies.

Global Governance Challenges for Businesses

Businesses, just as economies, rely on concerted global technology governance. Fragmentation and incompatibility between global cybersecurity and technology frameworks risk weakening businesses’ capabilities to adapt to the emerging challenges discussed in this chapter in a timely way, as raising transactional costs increases the financial burden on businesses.

More and more firms operate in complex, global and digital service ecosystems that not only expose them to their own cyber and technological weaknesses, but also to those of other participants—including customers, suppliers and managed system providers. At the same time, businesses are facing the challenge of implementing existing cybersecurity and 4IR standards (where they exist), while ensuring compliance with fragmented regulations on accountability, transparency, bias and privacy for developing—or simply applying—4IR technologies. Because government and corporate leaders equally share the responsibility for promoting global cybersecurity and digital trust, cooperation between the public and private sectors is more vital than ever in areas such as information-sharing, collaboration with law enforcement agencies, and skill and capacity development.

The new digital geopolitical race also risks affecting businesses’ development of 4IR technologies and their market readiness to harness the benefits of the 4IR transformation. An open and interconnected cyberspace, along with global technological compatibility, are essential for businesses to be able to counter the dislocating impacts of social media, the economic impacts of global technology giants and potential security issues resulting from the digital technology race between the world’s leading economies. By advocating for fair and concerted global actions on any 4IR-related governance frameworks, businesses can mitigate risks, ensure trust towards consumers and governments, and increasingly benefit from the 4IR.

Access the full WEF Global Risk Report HERE

Leave a Comment

Your email address will not be published.

You may also like