The question is not whether the Digital 9/11 or Pearl Harbor will happen, but which will come first and whether we'll have implemented the societal structures to prevent complete disaster prior to the big event.
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Preventing the Digital 9/11 & Other Cyber Disasters
1. Digital 9/11: Next time, what if the
attackers never have to leave home?
The rise of autonomy & IOT means the next
attack may not require physical hijackers or
bombs to kill Americans & damage our economy
Kevin Mireles 1
2. Despite the dangers, today IT, largely exists outside of a
formal regulatory, legal, law enforcement & security
framework as if computers were still relegated to our desktops
Kevin Mireles 2
3. As a result the IT security model relies on
private armies & a buyer-beware model
Kevin Mireles 3
4. Meanwhile computers have migrated from the desktop in
accounting to being integrated into every facet of our life, from
brakes to brain implants putting each one of us on the front
lines of cyber warfare & anarchy
Kevin Mireles 4
5. We are returning to the middle ages, when national
borders & armies didn’t exist, so every little region built
their own castles & turned to mercenaries for defense
Kevin Mireles 5
The problem is, just as castle walls couldn’t be built tall enough & thick enough
to defend against new technologies, e.g. cannons, neither can individual
organizations defend against ever more devious and destructive cyber weapons
6. Unfortunately, where companies can spend millions
on defense, nation states can spend billions on
offense, overwhelming any individual target
Kevin Mireles 6
7. A new parallel cyber legal, regulatory, public health,
law enforcement & military infrastructure is required
to adapt to the new challenges
“Organizations are designed to meet the needs and
challenges of yesterday, not of today or tomorrow,
but lessons and frameworks can be leveraged from
the past to build the future.”
Kevin Mireles 7
8. We need to develop new laws & institutions just like we did in
the 20th century to address the rise of new technologies like
cars, planes, nuclear power, medical devices, electricity, etc.
Kevin Mireles 8
9. Developing a cyber public-health framework
and ecosystem is a key first step
Kevin Mireles 9
12. Today, we are largely in the dark about the
cyber health of the organizations that govern
us, employ us, hold our data or we invest in.
Would we have invested in TNT if we had have known the risk?
How come citizens weren’t aware that Atlanta was so vulnerable,
especially when security experts weren’t surprised?
Kevin Mireles 12
13. Hackers & viruses don’t need report cards to target
vulnerabilities, but we do & we need cyber public
health organizations setting standards and providing
insights to us just like they do for restaurants
Kevin Mireles 13
14. We need sensitive high-velocity detect and
react systems, just like are being built for
earthquakes & diseases so organizations can
instantly take protective measures
Kevin Mireles 14
15. IT-enabled products must meet key safety/ security
standards in accordance with their potential risk, just
like cars, medical devices, etc.
Liability & responsibility for security must be shifted to
the creator not unsophisticated buyers
Risk
Regulation
Kevin Mireles 15
16. A safety first model becomes ever more critical given
the rise of autonomous systems that can be
reprogrammed to cause physical harm
How long before the first rabid robot attack occurs?
Kevin Mireles 16
17. Citizens and companies should be able to turn to
public institutions for assistance for prevention and
emergency response, not just private companies
If I’m getting physically robbed, I don’t just call ADT, I dial 911!
Kevin Mireles 17
18. The first step is recognizing that the new threats are
bigger than the pain of new regulations & build coalitions
to help shape the inevitable government intervention
Kevin Mireles 18
Notas do Editor
Apply 20th century concepts to 21st century cyber challenges
Public health organizations implemented, monitored and enforced regulations designed to keep the public safe.
Public health organizations implemented, monitored and enforced regulations designed to keep the public safe.