Cybersecurity goes prime time at Davos
- Michael Fertik is the founder and CEO of Reputation.com, an online privacy and reputation management company. He is a member of the World Economic Forum Agenda Council on Internet Security and recipient of the WEF Technology Pioneer 2011 Award. The opinions expressed are his own. -
The World Economic Forum (WEF) has named cybersecurity one of the top five risks in the world. In its Global Risks 2011 report, the WEF’s Risk Response Network nominated cybersecurity alongside planetary risks posed by demography, resource scarcity, trepidation about globalization, and, of course, WMDs. This is heady stuff. Cybersecurity has officially gone prime time. This week in Davos, I’ll be moderating and contributing to panel sessions on this topic.
The timing could not be more ripe. Right now we are witnessing the convergence of multiple seismic risks to data integrity. Social networks capture and mine ever larger amounts of data about humans and companies, opting users into increasingly invasive data collection with little or no notice. Apps operating on social networks and smartphones continually pull data streams about friends, families, personal connections, contacts, geo-location, behavior, preferences, tastes, and health habits — even when these data streams are unrelated to the stated purpose of the applications.
We’ve seen search sites mine public data, semi-public data, purchased information that was supposedly private, and even scraped or stolen data, and aggregate them together for sale and resale on the open web, claiming cover of current law. To date, the Internet economy has been nearly perfectly stacked against individuals’ control over their data. The proliferation of deep digital information about every individual on earth, along with the correlated explosion of its easy and unwitting accessibility by third parties, poses a “personal WikiLeaks” threat to each of us.
That brings us to Julian Assange’s WikiLeaks, which is itself the subject of at least one session at Davos this year. Reviled by some and relished by others, WikiLeaks represents either “radical transparency” or “radical invasion,” depending on your point of view. A large and growing raft of self-described “whistleblower safe harbors” pervade the Web, enabling and encouraging publication of confidential information that is difficult to authenticate as true or false. I suppose I was nonplussed by the bulk of the content published on WikiLeaks about American foreign policy — I think it’s fairly awesome that the United States is secretly saying pretty much the same exact things it says publicly.
But many people can agree that, when it comes to difficult questions of diplomacy, the ultimate resolution may be greatly benefited by the comfort of each party to talk freely within itself or with others when behind closed doors. The brilliant sunlight of transparency may be just the medicine needed to remedy a public lie, as in the case of the Pentagon Papers, but it may also turn from “transparency” to murkier “invasion” when it comes to secrets of hard-won technical innovation such as an automaker’s hybrid engine code base or a nation-state’s schematic for a particularly nasty weapon.
Indeed, states and non-state actors alike are taking note of the evident power of cyber tools to advance their often alarming aims. Cyber-warfare and cyber-terrorism are now the single most efficient ways to damage sworn enemies. Just as the most enterprising criminal networks have decided to abandon old-fashioned thuggery in favor of more profitable cyber crimes such as VAT fraud and identity theft, states and terrorists have taken to the Internet to realize the maximum possible benefits of asymmetrical warfare. A few smart people can infiltrate financial systems, transportation networks, energy grids, and key commercial installations to steal information, seize control of operating systems, or shut down critical infrastructure. Software engineers are now, pound for pound, the most valuable weapons in a military arsenal.
Two months ago, at the World Economic Forum’s Summit on the Global Agenda in Dubai, the Global Agenda Council on Internet Security — on which I serve — identified four major categories of risk to digital security in the foreseeable future. These included: 1) privacy, 2) reputation, 3) malware, and 4) exfiltration (a.k.a. cyberwarfare and cyber espionage). This week, leaders from business, policy, and civil society convene in Davos to continue the important work of identifying these risks and developing self-sustaining solutions. The WEF has correctly perceived the breathtaking range of failure points in an increasingly connected world. The work could not be more important. Or urgent.
Follow Fertik on Twitter: twitter.com/michaelfertik
(Photo: A logo of the World Economic Forum (WEF) sticks on a window as a private security man walks past at the congress centre in the Swiss mountain resort of Davos January 24, 2011. REUTERS/Arnd Wiegmann)