(Washington – Brussels Morning) Bernard Kirchner serves as Ambassador for the Foretell, a crowdsourced forecasting project on AI and the future of Tech-Security that aims to support policymakers. The crowd-funded project is run by Washington’s Georgetown Center for Security and Emerging Technology (CSET). Looking at COVID-19 as a catalyst for change, what better time to talk about the future? And who better to have this conversation than Kirchner, known to be something of a modern oracle?
Our discussion is timely. By now, there are 3.5 million confirmed cases of COVID-19 in the EU/EEA and the UK. Prior to the pandemic, telework in Europe was common in certain sectors, especially IT, of course, and also among many of the self-employed. While teleworking accounted for just 5% of the work force in 2019, the share today is around 40%.
From shopping and communications to meetings, distance learning, tele-health and digital banking; all these technologies did exist, but were used only by a minority of the population. Health concerns about contracting COVID-19 have accelerated the shift towards working from home, accounting for an increase of 50% in internet use on one of Europe’s largest networks, Vodafone, which is attributed directly to the pandemic.
The necessity to limit non-essential human interaction has forced the pace of this rapid adaptation to and adoption of new digital services. Spain, the UK and Germany have all registered increases of 10 to 20% in online and mobile banking and a commensurate drop-off in the number of in-person meetings with financial advisers across Europe. Up to 90% of banking staff are working remotely, and the overall use of cash has decreased by half.
As economies throughout the EU have slowed, so have associated transactions, significantly reducing the earnings of banks in the process. The European Commission estimates a 7.5% reduction in GDP, representing more than Euros 1.1 trillion euros. When combined with historically low interest rates, this could result in banking revenues dropping by as much as 40% and equity by 11%.
Banking is one industry where digitalisation can help relieve both financial and health concerns. The long-term health of this transformation depends on transparency and security, two key incentives for any potential users. It will require the cooperation of both administrators and users to create barriers against cyberattacks.
Ambassador Tedo Japaridze (TJ): We see that COVID has destabilised many of the pillars of globalisation, and that this has led to further integration of digitalisation. What is the impact of COVID within the world of cybersecurity?
Bernhard Kirchner (BK). The general trend in the cybersecurity domain is a dramatic increase in attack surface combined with at-risk users. For example, last month, we witnessed the death of a woman in Germany due to a ransomware attack. According to Interpol, attacks on hospitals in general have increased significantly since the outbreak of the pandemic. Throughout the world, we hear about healthcare systems strained to accommodate the ongoing pandemic. With the spike in cyberattacks, the environment deteriorates further.
There is a team currently featured in WIRED that helps global healthcare systems to secure admin credentials for their systems in use as well as helping raise awareness of vulnerabilities and infected component in those systems. We see people helping others in need, which is one of many takeaways from this pandemic. These attacks may be financially motivated, but with an already overwhelmed healthcare system, the result compounds stress and risks compromising public health and stability.
(TJ) Europe and US are historic proponents of open information systems with China and Russia enforcing more government-managed information systems. How does this level of application of technology impact on electoral voting systems?
(BK) This is a fundamental issue in modern societies. First, system structures are being tested and in many cases these structures are cracking. The Electoral College in the US was originally created by the Founding Fathers to provide a backstop for a myriad of election issues. Over time, it has shifted, in some cases becoming more rigid, and in some cases even being used to repress the voting power of certain demographics. In 2016, Russian operatives made a concerted effort to influence the US election. Now we have even more people online for longer on average than we did four years ago. This points to a greater possibility of conducting influence operations.
Also, recently Russian operatives shifted tactics. During the last election, they used tactics that were easily identifiable but not tracked or stopped by companies. This year has already showcased that they are masking their operations with greater care. With exponentially more targets as well as increased vulnerabilities, the 2020 presidential election could see influence operations perpetrated from actual known voters and influencer accounts. The hacking of Joe Biden’s Twitter account in July was obtuse, but it does point to a style of attack that, if perpetrated with the technical and psychological capacity that state actors have access to, may be hard for even friends to discern.We need leaders to take this seriously so that education can take precedence in our schools and businesses. The open systems in the West are at risk of increased influence by external actors.
(TJ) Are we reaching a tipping point due to COVID, where cybersecurity as a political issue is a voting calculus for people?
(BK) This may still seem a peripheral issue for most people. However, the increased use of digital services like online shopping, video meetings, digital banking, and tele-health are contributing to overall public awareness of cybersecurity. In the UK, before the outbreak of COVID-19, small- and medium-sized businesses reported that almost 70% were victims of a cyberattack in 2018, with two thirds of those suffering financial losses due to these attacks. One third of SMEs expressed discontent with the resources provided by the UK government to help them prepare and mitigate these attacks.
In France, the average cost of a data breach to large corporations is just over Euros 3.5 million per data breach incident. Germany has lost over Euros 40 billion due to cyberattacks in past years. Companies failing to report these losses and the lack of transparency surrounding these issues impacts on people’s perception of the problem. Prior to the EU’s General Data Protection Regulation (GDPR), many companies would not report or even alert customers and shareholders of breaches.
With IT solutions an integral part of our lives, cybersecurity will become a driver in decision-making for individuals, and, in turn, also for corporations. We are seeing this with Zoom and how it has adjusted and increased its security offerings since the surge in usage over these past months. Consumers are starting to vote with their euros. We also see a shift in digital banking and online shopping based on the quality of services offered. But when security is not addressed, we will see consumers shift to other service providers. Although brand loyalty is not what it was decades ago, companies like Apple that publicly stand up for their users’ data security seem to be enjoying added brand loyalty.
(TJ) Since the EU was the leader in pushing for data protection of individuals, has the EU’s GDPR privacy law had an impact on Europeans’ cybersecurity in this crisis?
(BK) The impact of the GDPR on cybersecurity will continue to evolve positively. The mechanism of notification for individuals regarding data breaches by large corporations is a significant step in creating awareness of the extent of the problem. As companies risk sanctions, they are more likely to apply procedures to prevent cyberattacks. Still, as much as large corporations should have an increased responsibility with regard to their customers on data security, a significant portion of cyberattacks occur as a result of individual human action and lack of action on the part of both consumers and employees. Everything from opening a phishing email and attachment to using passwords that are easily hacked or not changed on a regular basis are things that make individuals vulnerable to cyberattacks. Although COVID has pushed more people to use more digital services, many people in general are not aware of the risks associated with their choices online. This is one of the reasons why we are seeing Zoom meetings interrupted or taken over.
(TJ) With COVID driving this move to adopt broader technologies, how will cybersecurity impact the next three-to-five years for people and politics?
(BK) It is intriguing to imagine the long-term impacts of this global health pandemic. Initially, we will see, as we already do, a drastic pullback from many elements of globalisation, as even the reliance on the constant movement of goods and people is now in question.Politically, there are groups voicing these concerns for local economic and lifestyle issues.
Now, we see the disruption of global flows of medical equipment, drugs and food supplies. Some of these disruptions were not due to globalisation but rather a result of our reliance on people working in crowded spaces. One industry that was affected in many countries was meat processing and production facilities hit with COVID. These two factors, issues of transport and close working quarters combined, point to the need for localized, automated production facilities. Denmark was ahead of the curve with respect to automation, and although their plants had workers testing positive for COVID, they maintained a safer environment and kept production up, compared to their American and European counterparts.
The largest meat processing company in the world just invested in a small New Zealand robotics company that is using machine learning to butcher lambs. Large companies will look to insulate themselves further from future health crises using more technology, much like individuals are using technology to insulate themselves from the same risks. Just as swiftly, as we quickly learned, when COVID began to severely impact global production and transports. Those core lessons are important to transfer to the next iteration of digitalisation.
It is critical that organisations like the European Union Agency for Cybersecurity help people educate themselves about cybersecurity, or we will be looking at similar disruptions to digitalisation in the future. Individuals’ use of predictable passwords and the likelihood of opening phishing emails are factors that can diminish or enhance the severity of cyberattacks.
Similar to the increased fatality rate of COVID when underlying poor health already exists, if people aren’t using good cyber hygiene, it increases the likelihood of breaches and damages in the system. Every decision we make either adds to vulnerabilities or decreases them. With the right education in cyber hygiene, people can build and maintain a healthy digital presence. The key takeaways from now on are basic, instinctive but also easier said than done: wear a mask, use complex unique passwords and employ dual factor authentication.
(TJ)What impact do you see non-US entities having on the upcoming elections?
(BK) Undoubtedly, China, Russia and Iran will exert influence on the upcoming US presidential election and every future election in the US and Europe. The adversary always has a vote, so the impact will be determined by the nature of our relationship with each of these countries, their assessment of our vulnerabilities, and how they think we can and will react. Granted, the first and last questions are determined by our politicians. However, it’s already evident that countries such as Germany and France that had at worst tepid if not entirely warm relations with Russia, have not shielded themselves from substantial election influence operations by Russia-aligned operatives.
The least complex and the most effective action we can take is to raise our collective abilities to identify and individually resist these operations. Education in basic cyber-hygiene and media manipulation can go a long way in retaining resources as well as diminishing the impact not only of foreign but also of fringe elements.