The interconnectedness of the Internet – while immeasurably beneficial to society – is at risk of cascading into disaster, both digitally and in the real world.
This is according to Atlantic Council Zurich’s Risk Nexus report, which explains that the growing number and complexity of cyber attacks is threatening to outstrip efforts to fight against them.
Data breaches are today’s top concern and a serious risk: 2013 was the worst year thus far, with 740 million data files potentially viewed or stolen worldwide,” the group said.
“But governments and forward-looking organisations need to take a holistic view and look beyond these issues to broader risks, including the increasing danger of global shocks initiated and amplified by the interconnected nature of the internet.”
The group runs a parallel between what could happen with the Internet and the global financial crisis of 2008.
According to its research, there are similar patterns in thinking surrounding the two systems: a widely -held belief that, should one segment of the system crash, it would be able to be contained in isolation without a ripple effect.
“Pre-2008, many experts insisted that due to its own complexity, correlations (in the financial system) had been engineered out of the system, though in the end, it was this very complexity which helped bring the system down.”
Complexity, interconnectedness a recipe for disaster
According to Zurich, the internet is the most complex system humanity has ever devised – “and our track record of successfully managing complex systems is far from perfect,” it said.
“The internet is highly interconnected and tightly coupled with society, meaning that (as in other such systems) a small failure or series of them in one place can cascade, producing an outsized impact elsewhere.”
As an example, should a major cloud service crash or be destroyed, the effects of such a failure would cascade to all systems and businesses dependent on it.
While at face value, this threat may seem most directed at business, as society, governments and even the most mundane of tasks get coupled and linked to the Internet – the growing complexity of the networks puts the entire system at greater risk.
“On the internet, it has been easier to attack than defend for decades. The original architecture of the internet was founded on trust, not security – software is still poorly written and secured, and the system is so complex that it is difficult to defend.” Zurich said.
“Systems in which one set or participants have asymmetric advantages, year after year and decade after decade, must hit a tipping point when there are more predators than prey.”
This is a real-life threat
In the past, Zurich noted, cyber attacks and incidents online have only really broken “things made of silicon” and impacted networks in a digital sense. However, this will not always be the case.
“As the internet connects increasingly with real life, in places like the smart grid interconnection with the electrical power infrastructure… cyber incidents will break things made not of silicon, but of concrete and steel.”
To combat the increasing risk, Zurich recommends that risk managers, regulators, and organisations with system-wide responsibility all need to focus more on resilience and agility rather than simply prevention.
“In an increasingly interconnected world, risks can strike quickly and from any direction – so, too, is it equally critical that those affected are able to respond quickly to ride out the shocks,” the group said.