Cybersecurity and Climate Change

If you want to spoil your day, read the Sunday Magazine section of The New York Times of August 1, 2018. The entire magazine, which is devoted to climate change, was written by Nathaniel Rich. The title of the issue is “Losing Earth: The Decade We Almost Stopped Climate Change.” If you want to get even more upset, read the report by the UN Intergovernmental Panel on Climate Change (IPCC) released on October 8, 2018. And to add insult to injury, read Volume II of the Fourth National Climate Assessment (NCA4), Impacts, Risks, and Adaptation in the United States, released on November 23, 2018 (the day after Thanksgiving). The NCA4 report analyzes the impacts of global change, as described in Volume I (Climate Science Special Report), on topics and regions of the United States.

If you are really a glutton for punishment, you might also read the review by Nathaniel Rich (same reporter as for the NYT Magazine, mentioned above) of William T. Vollman’s two-volume “Carbon Ideologies” in the October 2018 issue of The Atlantic. The title of the review is “The Brutal Truth About Climate Change” and the subtitle is “William T. Vollman’s latest opus is one of the most honest—and fatalistic—books about global warming yet written.” Reading the review is enlightening and since you (and I) are unlikely to read the more than 1,200 pages of actual books, it gives the flavor of where Vollman is coming from.

Whatever your leanings, whether you believe that human activities are responsible for the increasing temperatures that confront us or not, it doesn’t really matter, except that if you do think that humans are worsening the situation, you should agree to taking Draconian steps to assuage the onslaught. If you don’t think that our pumping carbon dioxide and other gases and solids into the atmosphere is to blame, why not take measures now to reduce those damaging substances from being emitted … just in case you are wrong? After all, you’d be hedging your bets.

“Aha,” you might say, “but just look at what Nature does with volcanic eruptions, which we cannot control.” Or from massive wildfires. The recent Camp Fire wildfire in California created the worst air pollution on Earth. Yes, it’s true that natural events may produce huge amounts of damage. Just consider what would happen if a large asteroid were to plummet down to Earth. But there is little, if anything, one can do about those events.

We can all see what is happening to our climate regardless of the reasons for it. Vollman presents a pessimistic and disconcerting view that there is nothing much that we can do to change the relentless juggernaut of a warming globe. My contention is that the same is true of cybersecurity.

I found a couple of points made in Rich’s review that are particularly relevant to cybersecurity risk management. One is that “… human nature is [the] true subject …” and the other is that “Vollman seeks to understand ‘how we could not only sustain but accelerate the rise of atmospheric carbon levels, all the while expressing confusion, powerlessness and resentment.’”

I have mentioned many times that the opportunity to have achieved protection of our critical infrastructure against cyberattacks arrived more than twenty years ago with the May 1998 Presidential Decision Directive No. 63 for Critical Infrastructure Protection and departed a couple of years later with the change in Administration. And that initiative has never recovered any momentum to this day, much to our detriment.

I strongly believe that human culture and behavior, rather than technology, are the drivers behind the current miserable state of cybersecurity. The combination of “the tragedy of the Commons,” where no one is responsible for common facilities (such as the Internet), and “moral hazard,” where leaders are not called to task for obvious dereliction of duty, serves to relieve those who should be liable of any responsibility. And the confusion and seeming powerlessness of lawmakers only add to the predicament. While victims of cyberattacks are resentful, they often feel that there is nothing much that they can do about such attacks other than apply their own minimal protection measures or avoid certain online activities altogether.

The main message for cybersecurity risk is that, while modest attempts at mitigation might achieve some low level of rollback, the overall trend towards digital Armageddon (we’ve already experienced the “digital Pearl Harbor” with the Russian invasion) is relentless and unavoidable.

That certainly isn’t good news, but it describes a reality that we must adjust to and deal with the best we can. Will we be able to slow down the unstoppable advance of cyber damage and destruction? That’s hard to say. It will take an enormous effort, tremendous resolve, and huge amounts of money, and some real hardship, to protect even small enclaves from continuous and growing attacks.

Despite all the above, I am still optimistic that we can find the courage and conviction to manage cyberspace and that the super-wealthy FAANG (Facebook, Apple, Amazon, Netflix, Google) companies should fund much of such an effort, since their lack of interest has contributed mightily to the problem and their inaction has allowed them to reap massive profits. But the longer we wait, the more difficult and costlier any solution will be.

Post a Comment

Your email is never published nor shared. Required fields are marked *