Blackout – How stable are our systems?

On the third evening of the Dialogue Forums 2018, under the theme "Blackouts – How stable are our systems?", participants discussed the inherent risks in the everyday digital world. Professor Gabi Dreo Rodosek argued that we are right to be concerned, considering that we are now so dependent on the smooth functioning of infrastructure for energy and water, as well as for the internet. The Director of the Cyber Defence Research Centre at the University of the Federal Armed Forces in Munich reminded the audience that there had been an enormous increase in the quantity, and more importantly quality, of cyber threats. 

Efficiency is threatening stability
With serious consequences: "A blackout is bit like a knockout blow, a moment of irritation in which the world is no longer the way it should be," explained Dr. Harald Katzmair, philosopher and researcher into networks and resilience. But unexpected moments like these are normal aspects of our lives, and should be factored into planning in advance. Katzmair’s recommendation was therefore as follows: "The more chaotic and unpredictable the world becomes, the more variable and flexible our response needs to be." In an effort to make this idea more understandable, he used the metaphor of a tightrope walker, who is only able to keep his balance by stabilizing his body with flexible arm movements. Problems arise if variability is sacrificed in the interests of cost efficiency in key infrastructure systems such as the electricity grid, which form the backbone of our society. For example, large power plants are taken off the grid for financial reasons, and then are no longer available in critical times to compensate for fluctuations in electricity generation from renewables – or when blackouts occur in one of the remaining power plants. 

Computer scientist Dreo called for a rethink of cyber security. "You can now do more damage with a laptop than with a rocket. And there are a huge number of points of attack." That applies in particular for the Internet of Things (IoT), which by 2020 will have networked an estimated 50 billion devices or sensors worldwide: these range from the coffee machine in your kitchen to cars. Dreo fears that this will steadily increase the number of entry points for hacks. When designing devices, manufacturers must therefore ensure that personal privacy and the security of the system are automatically guaranteed (security by design). However, the cyber expert is all too aware that there will be no such thing as total security. An attacker only needs to find and exploit a single weakness, whereas to defend against attack, every possible weakness must be identified and protected. So we need to try to make things difficult for potential attackers, for example by managing data dynamically in different places, rather than in one fixed location.

Basic digital education needed
Dirk Engling, spokesperson from the Chaos Computer Club Hamburg (CCC), is someone who knows all about IT weak points. Today, the CCC is a highly respected club that advises computer users, business people and politicians. Engling is engaged on an official mission as a hacker and knows that data security in companies is far from robust. "The government should support the modernization of outdated hardware and software with a stimulus package. This would help small and medium-sized enterprises (SMEs) to remain competitive," he argued. In addition, device manufacturers and system operators should be made liable and obliged to disclose the length of time they will offer security updates. "Consumers should not be stuck with the liability issue," he said.  But at the same time, consumers need to play their part to ensure security. "Everyone needs a basic digital education and should use their common sense when working with IT." And systems should not be too complex in case people feel overwhelmed. "It will be a major step forward if we can succeed in anchoring security consciousness in everyday life, thereby making society more resilient," he said.

There are other hazards originating from a very different area. In a cyber war, by using information technology tools, governments attempt to damage other countries, institutions or society, and to disrupt key infrastructure. Dreo pointed out that this is already happening. The German Defence Ministry recognized some time ago that cyber security is an overall government task, and has responded accordingly to the threat. But a certain critical mass of specialists is required to make any impact in this area. The USA and one or two countries in Asia would need to make serious investments. "Once powerful quantum computers arrive, we will need new approaches because our encryption technologies will no longer work," she warned. "Israel realized at an early stage that cyberspace will be the theatre of war of the future, and is therefore employing a suitably large number of computer specialists," Engling added. He pointed out that there were also many government-employed hackers working in Russia, China and the USA. "The situation in Germany, where there is an arm’s-length relationship between the hacker scene on the one hand, and the government and military on the other, is fairly unique," he admitted.

Attack with algorithms – normal citizens are the target
"When we talk about attacks from cyberspace, we should not forget the giant tech corporations in Silicon Valley," Katzmair reminded the audience. "We need to ask what their technology is doing to us as human beings and to our society." Filter bubbles on Facebook are already changing our patterns of perception, and the topic of fake news shows that, as a society, we can no longer agree on what we believe to be true. "The strategic destabilization of our patterns of perception is a serious matter, particularly because there is an incredible level of intelligence behind it," the researcher warned. 

This is why he considers the tech corporation algorithms represent another type of attack on us. Facebook, for example, investigates users’ surfing behaviour, and tries to keep them hooked like addicts to maximize the length of time they spend in the system. In Europe, he said, people have not yet fully realized the explosive power that comes from combining IT and findings from behavioural research. "As a society, are we even capable of forming a uniform picture of the situation, or do we simply curl ourselves up in a ball in our personal echo chamber?" Katzmair wondered. Under such circumstances, social cohesion can very quickly become a casualty.

The Dialogue Forum clearly illustrated that there are more threats to our society than just blackouts in the electricity grid. The algorithms of the leading internet corporations are at least as dangerous for us, and can lead to blackouts in democratic structures. According to Dirk Engling, we can protect ourselves to a degree against hacker attacks by taking the right precautions. But he pointed out that it is much more difficult to escape from the systems the Silicon Valley tech corporations have built up around us, because they are so pervasive today.

The next Dialogue Forum will be held on 12 April 2018 on the subject of "Digital Dictatorship – Prisoners in the New World".

23 April 2018