Adrian Davis: Is the free market failing cyber-security?
Dr Adrian Davis
Dr Adrian Davies of (ISC)2 says he wouldn't use those “dramatic words” exactly, but as all things and all people become connected, the terms of that world can't be left up to the free market to decide.
Davis, currently managing director of (ISC)2 for the EMEA region comes to this debate with more than a few credentials. His former positions have included the Principal Research Analyst at the Information Security Forum of PWC and he currently maintains a position as the co-editor at the International Standards Organisation. So SC doesn't take his predictions about what's to come lightly.
“If you think about contract law between businesses, if you think about medicine, there's always been a period when something new or something different happens and for a period of time everybody's trying to get to grips with it.”
This, more or less describes the world now; we are confronted with a bounty of new technological opportunities and though unsure how to go about using them properly, have settled on the fact they must be used: “In that interregnum there are very few rules and regulations and organisations and individuals can drift to the minimum which could be nothing.”
For some things that “have such a great impact on economies, individuals and societies having no framework in place could be very damaging.” But in what way? Tens of thousands of names being stolen from a mid-sized company's database can be harmful, but threat to life and livelihood isn't at the front of our minds when we remember the TalkTalk breach.
But there will come a day when that is exactly the case, says Davis. He's not talking about scare stories like airplanes being blown out of the air by hackers either. “I'm talking about simple things like getting food onto the shelves, things like payroll, the ability for people to find their way around cities”. The problem is that technology has become so tightly woven into the very fabric of day-to-day existence for people and organisations, that a small failure can quickly become a big problem.
The next ten or so years, says Davis, we will see that risk expand with, among many other things, the digitisation of health: “Technology is going to revolutionise a lot of health, not just healthcare but the whole health industry and at that point you really are talking about people's lives.”
For example, plenty of doctors use tablets and medical apps to diagnose patients. If you have an incorrect diagnosis tree, then you could end up with a lot of misdiagnosed patients. “As we digitise our personal lives,” says Davis, with health apps, Fitbits and more, “any failures could be quite damaging”.
Take, for example, someone who might use a Fitbit to monitor their heart rate. “Forget the hackers”, says Davis. “We need to make sure we're building technology in such a way that it is reliable, it is safe and it is secure.”
As much as we might like to believe in the infinite intelligence of the market and the forces of consumption that drive it, “It's our view that right now the free market, freewheeling approach that we've seen in regard to the internet might not be the best way to reap the benefits of the internet.”