Cyber-terrorism is becoming more sophisticated, whether the malicious actors belong to private criminal organisations or are state led. There are a great number of tools and resources at their disposal and, moreover, the focus of a cyber terrorist is to effect a breach, whereas the targeted entity is primarily focused on its own operations and security is often a secondary concern.
Colm Murphy, senior cyber security adviser with Huawei, points to the fact that there is now a much larger attack surface than previously.
“We speak of living in the fourth industrial revolution where everyone and everything is connected. And it’s happening – there are billions of devices connected to the internet. These devices are governing critical functions of our lives in healthcare, finance, transport industries – every industry to be honest.
“Add into that mix there is the exposure for human life.”
Previously, early cyberattacks were after data which was typically sold on the blackmarket. Now, cyber terrorists are closing down systems and seeking recompense directly from the organisation and that is where human life can be exposed.
“Consider the HSE attack. Ireland’s entire healthcare system – including emergency rooms, ICUs, operating theatres, cancer treatment centres – everything was shut down by the hackers. Medical staff were forced to proceed using paper and pens, trying to remember patient histories and provide the same level of care.
“We are lucky in that we have amazing healthcare professionals – but it was also terrible to subject our overworked frontline workers to even more pain. The opportunity for human cost was extremely high and we can only thank our medical professionals again.”
This is what Murphy sees as the challenge for the future – the increased attack surface and the potential for real human exposure – it’s not just about data, human life is involved.
Sharing responsibility
At Huawei, their approach is to share responsibility with regulators, governments, policy makers and the standards bodies.
“We as a technology company have a role to play but we need to do it in conjunction with real life stakeholders.”
Murphy works out of the Huawei Transparency Centre in Brussels which covers cybersecurity and privacy protection. This centre has a role greater than mere technology development; it is one of several centres around the world that seeks to engage with stakeholders in dialogue and to look for solutions together.
This ecosystem has pockets of exploration in Geneva and Paris, the former being part of a global think tank on cyber security. Paris Call is another platform formed many years ago by the French to address these issues in a holistic, collaborative fashion.
“We need to understand what ‘good’ looks like and that is normally defined by standards. At Huawei we have an ABC mantra – Assume nothing, Believe nobody, Check everything.”
Standards are, according to Murphy, key to putting defences in place. He argues that standards can be used as a benchmark. Putting together certification schemes means the international ecosystem can independently check what is in place and see if the defences conform to agreed international standards. Working together with all the stakeholders, from technology companies to governments, is key to survival.
“I can’t say that the HSE attack could have been prevented, I was not involved in the security team, but I do know that this collaborative approach means cyber terrorists will not be protected by governments.
“The people who attacked our health service had no morals or scruples as to what they were doing. We all need to co-operate to defend such vulnerable institutions from the top down. There is already a conversation on this with the Geneva Dialogue and Paris Call.
“It’s literally all hands on deck to defend our world.”