Huffpost Impact
The Blog

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Jonathan Zittrain Headshot

Intensifying Cyber Threats

Posted: Updated:

Not too long ago, the phrase "electronic army" would have conjured up visions of a 1980s cyber-dystopian film -- the kind featuring Arnold Schwarzenegger and a lot of fog machines. But today the idea of an electronic army has been adopted outside the realm of entertainment, as a group called the Syrian Electronic Army, which supports Bashar al-Assad's regime, has successfully managed to temporarily cripple the online operations of companies like Twitter and The New York Times.

Perceived digital warfare is escalating as a sophisticated breed of attack against corporations, governments and individuals. The Survey on the Global Agenda tells us that people over 50 are more worried about it than the under-50s, but the shift to the cloud and the rise of the "Internet of things" mean that virtually all of us could be affected.

Until quite recently, most people and organizations with a web presence were operating their own servers. That meant that as the web developed it was naturally distributed -- anybody would be able to set up a web server anywhere, yet it remained only a click away for users. That worked beautifully for a while and it also meant that there was a certain kind of systemic resilience, because the eggs weren't all in one basket.

But the rise of denial-of-service attacks (typically by flooding a machine or network with spurious requests, rendering it temporarily unavailable) and other vulnerabilities have made it seem much more daunting to run one's own server. More and more are outsourced to one of a handful of vendors, but in the process, businesses are giving up more control than they appreciate. The eggs are increasingly in the same basket, so if Amazon Web Services goes down, then a bunch of otherwise unrelated websites -- and their users -- are in trouble.

But there's something else that's very pressing to bring up here and that's the "Internet of things." This is a very catchy phrase in the tech world these days, referring to the fact that physical objects, often very mundane ones like thermostats and refrigerators, are now internet-enabled. Security hasn't caught up here. It's shocking sometimes: a German IT security company called n.runs discovered earlier this year that communications between airplanes and the ground are not encrypted, and that it wouldn't take much for a hacker to give some rather unusual instructions to a plane, or to update its firmware while it's in flight.

It ought to be easier to secure such things, conceptually, because they're not meant to be accessible to the entire public. But because we're in a transitional phase where we're migrating so much previously isolated functionality into the "Internet of things," there are a lot of undiscovered vulnerabilities. If there's any meaning to something like cyberterrorism, it's more an attempt to use computer vulnerabilities to affect physical results, particularly as things that weren't on the Internet are given the power of connectivity for the first time.

So what can be done about this? Governments, private firms and NGOs can focus on resilience: ensuring that it's not catastrophic to get hacked, rather than attempting to prevent all possible forms of hacking. This is a distributed effort. Consider Wikipedia: if you want Wikipedia to be good, you have to figure out how to deal with vandalism, but a lot of the ways of dealing with it aren't about preventing vandalism under any circumstance. Instead it's about how to easily put it right as it happens, making sure that there are more editors fixing vandalism than there are vandals. The same goes with cyberthreats. You're always going to be dealing with an unpredictable current. But it's manageable if there are more people and resources working -- and working hard -- toward course correction, than those who are disrupting the flow.

This post is part of a series produced by The Huffington Post and The World Economic Forum to mark the Forum's Annual Meeting 2014 (in Davos-Klosters, Switzerland, Jan. 22-25). The Forum's Network of Global Agenda Councils consists of more than 80 select groups of experts, each focused on key topics in the global arena, that collectively serve as an advisory board to the Forum and other interested parties, such as governments and international organizations. Read all the posts in this series forecasting global trends for 2014 here.