Future of Security: Cyber Risk in a Connected World
All crises tend to expose vulnerabilities and accelerate transformation. In the aftermath of Covid, more potential disruption to operational and technological infrastructure has come to light as the world becomes ever more digital and remote.
The root causes have been laid bare as technology, globalization, evolving demographics and resource scarcity all continue to shape societies and economies across the globe.
Russia’s invasion of Ukraine aside, insecurity is becoming the new normal. Within this VUCA world (volatility, uncertainty, complexity and ambiguity), cyber risks are emerging as a major threat, and nations are scrambling to protect their populations and their wealth.
The large-scale sabotage of computerized networks, systems and activities, commonly referred to as ‘cybergeddon’, conjures up notions of fear, loss of control and inevitability. And it’s all rather scary.
The scale of the challenge for the cyber security industry is significant. Just consider what happened in 2013. On a normal April afternoon, the entire internet – all 3.7 billion connected computers and devices in factories, pockets and offices around the world – was pinged by a single operator.
That ping revealed about 114,000 manufacturing control systems vulnerable for attack, about 13,000 of which could be accessed without inputting a single password. If nothing else, this event acted as a much needed wakeup call for the cybersecurity industry.
A more recent example involved a group of hackers that broke into the security camera data collected by Silicon Valley companies, which gained them access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies that had footage exposed included the carmaker Tesla.
Some of the cameras used facial recognition technology to identify and categorize people captured on the footage. One of the videos even shows officers in a police station in Stoughton, Wisconsin, questioning a man in handcuffs.
Put simply, as more devices become ‘smart’ through wireless connectivity, OT systems that once required hands-on manipulation – such as adjusting a valve or flipping a switch – can now be controlled remotely. And many of these OT systems are becoming part of an organisation’s critical infrastructure.
Take NASA, the US-based National Aeronautics and Space Administration. Its OT systems are used to test rocket propulsion systems, control and communicate with spacecraft, and operate ground support facilities. They are also associated with the electrical power, heating and cooling systems, and other supporting infrastructure.
While the convergence of IT and OT can lead to cost savings and other efficiencies, it also means OT systems are potentially vulnerable to the types of security challenges more common to IT systems, including malicious hacking1.
In short, integrating OT with IT will have a great impact on network structure and will force companies to think of a more effective way to protect their network. With the addition of new connected devices, the surface of attack will increase tremendously – and any new device connected will be an entry point for an attacker.
Catalysts such as 5G embody a quantum leap in capability for the connected economy, unlocking the potential of the ‘Internet of Things’ (IoT) by connecting everything from manufacturing machinery to domestic appliances with unprecedented speed and capacity. McKinsey estimates that the ‘Industrial IoT’ (IIoT) market will grow by 12% per year until 2025, reaching a market size of $500 billion2.
Yet it’s difficult to appreciate the full scale of the opportunity – it is still in its infancy after all, and very few companies communicate on OT or have dedicated solutions for OT.
Indeed, connecting an operating apparatus to a network is the same as connecting any device. The ‘zero-trust’ architecture – that is, the designed approach that assumes devices should not be trusted by default – does not care about the kind of device that is connecting to the network. What matters is the identity behind the device.
What is different, however, is the pace of change at which these drivers can accelerate and disrupt growth in markets and companies. There will always be companies that will miss the next opportunity and go from innovator to a legacy provider – the infamous ‘technology trap’ that has ensnared many, not least the likes Kodak or Nokia.
Furthermore, the shift from perimeter-based IT security to the cloud has brought about completely different challenges and associated technologies. For the savvy investor, staying up-to-date with the latest innovations and being curious about where cybersecurity is headed is essential.
Changing ways of working and connecting since Covid accelerated the pace of change and compounded the challenges we face. Companies and governments therefore have a major role to play in bridging the cybersecurity gap for critical infrastructure – and it needs to happen fast.
Of course, once the cybersecurity gap is closed for critical infrastructure, the nature of the industry means that there will already be another surfacing somewhere else in cyberspace. This makes cybersecurity – like the safety of governments, individuals and corporations more generally – a perennial theme in our lives and in our investments.
A multi-thematic portfolio built for the future
- 5G: 5G is the fifth-generation technology standard for broadband mobile networks, which mobile phone companies began deploying worldwide in 2019, and is the planned successor to the 4G networks which provide connectivity to most current mobiles.
- Internet of Things (IoT): The internet of things describes the network of physical objects – a.k.a. ‘things’ – that are embedded with sensors, software, and other technologies and connect to or exchange data with other devices and systems over the Internet.
- Industrial Internet of Things (IIoT): Refers to interconnected sensors, instruments, and other devices networked together with computers’ industrial applications, including manufacturing and energy management.
- Operational technology (OT): Hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.
- Zero trust: An approach to the design and implementation of IT systems. The main concept behind zero trust is that devices should not be trusted by default, even if they are connected to a managed corporate network and were previously verified.
2 Source: https://www.mckinsey.com/~/media/mckinsey/business%20functions/mckinsey%20digital/our%20insights/a%20manufacturers%20guide%20to%20generating%20value%20at%20scale%20with%20iiot/leveraging-industrial-iot-and-advanced-technologies-for-digital-transformation.pdf