IS CYBERSECURITY ENOUGH?

“I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image.” Stephen Hawking

A few days ago, I needed to hard reset my smartphone, as I forgot the key password to unlock the phone. To achieve this purpose, I had to install a small application downloaded from an unknown randomly searched website which required to get the windows firewall of my laptop turned off and I allowed the window to turn the firewall off despite its warning signs because at the moment my main aim was to hard reset my phone and there was no other option left for me.

As soon as, I launched that application, a gigantic surprise was in front of me. Each and every file on my laptop was changed into encrypted files with unknown file extensions. Infect, I came to know that the application which I installed for hard resetting of my phone, consisted of ransomware and was developed by unidentified international hackers. When you launch these types of applications, this ransomware encrypts all files on the hard disk, and to recover these files, we need that decryption key, which the hacker or developer of this ransomware has used to encrypt these files.

This key is only known by the hacker itself which may provide you to recover your data on the condition to pay him some money US Dollars as a ransom. Due to this, this malicious software is called ransomware. But it is advised that never pay ransom to such hackers as pay ransom to hackers is an act of supporting such crime. Anyhow, I lost my whole data of Ph.D. research work stored in that laptop, which I knew couldn’t be recovered. Thanks to the cloud storage facility due to which I was able to recover my backup of all lost data.

On that day, I found myself so much helpless for some time prior to recovering the backup but this experience also made me think and raise questions related to data security at not only individual level but also country or global level, as, after all, we are all connected to each other somehow.

Development in information technology, use of the internet, and smart devices in recent times is on an exponential rise. Further, as a result of advancements in machine learning and artificial intelligence, humans have developed state of the art technologies which amplified the progress and life style. Despite these developments and human progress, security of private life, datasets, national and international security and progress is still questionable because of developments in cyber attacking technologies.

In any country specially developed and developing countries, many industrial and management systems are operational which are designed for the efficient progress of that nation. These systems may include political establishment, defense, electric power generation, and distribution, water resource allocation and distribution, industrial manufacturing, oil, and gas infrastructure, and assets, education and research systems, agriculture, and last but not the least national database related to population management.

These national systems may be using modern technologies including the internet, sophisticated software, and machine learning algorithms. Further, the whole data is gathered through sensors, transmitted through communication systems, stored, and analyzed for further decision making at governmental levels. More and more cyber-physical systems are in hand, these systems are vulnerable to equally more potential cyber threats. These cyber-attacks may result in many catastrophes, in developing countries like Pakistan where the technologies are still in progress and not much up to date.

The recent blackout in Pakistan also alerts us to think about potential cyber-attacks on our national assets database including the grid system, which requires oversee before any damage is done. A country like Pakistan cannot afford such shutdowns of power systems frequently, as whole industrial production may get affected which may result in huge economic damages. Imagine an oil and gas production and distribution system, health services system, and/ or power generation structure in any country under cyber-attack. If God forbid, this happens, how collateral damage that country will have to bear in terms of economic growth and how the lives of people and of course the sovereignty of that country will be affected.

In order to secure the physical system from potential cyber-attacks, managements need to apply up to date well-designed cybersecurity policy, the latest artificial intelligence, and machine learning technologies to detect the anomalies and to develop a strong relationship between academia and industry for future research. Multi-layer security systems may be developed to fight against potential cyber-attacks and these layers must be redundant (if one part is not working then back up option must be in hand so that smooth working is not hindered), robust and resilient (even after an attack is detected the system must not get failed and working in full capacity).

Developed nations like the USA, Europe, China, and Canada must come forward for the help of poor and developing nations for the implementation of foolproof cybersecurity systems and training of IT professionals for the progress of humanity at large.

Still, is prevailing measures related to cybersecurity enough?