We are living in fascinating times we could not even imagine just a few years ago. And we enjoy freedom: We can buy products in our cities that were made on the other side of the world. We can travel almost anytime and anywhere, we can communicate almost free of charge with anyone on the planet, often with people we don’t even know and who have a false identity. We live predominantly in a virtual reality full of social networks, information technologies and now even artificial intelligence. On the one hand, we do our best to protect our privacy, and on the other hand, we frequently put it to the mercy of fate in digital space. We are mortally addicted to modern technologies. We are so addicted that we cannot imagine life without electricity, the internet, computers or smartphones.
For the most part, we have no understanding of this new “modern” environment; we are fascinated lay people who admire the perfection and beauty of the environment. And we are unwilling to be aware of the dangers of digital space (cyberspace). After all, it is only virtual reality.
The biggest danger is therefore our addiction, inadequate education and poor understanding of the opportunities and risks that modern technologies involve. For thousands of years, we have learned to live in the real world and to behave appropriately. Yet the digital world has only been around for a few decades and we believe that nothing bad can happen. We are becoming more and more dependent and we often lack critical thinking and common sense – “The main thing is that it makes our lives easier.” We are often unable to decide and distinguish what is meaningful and contributes to our lives and what is just a “gadget” that we can skip.
An Unacceptable Risk
We may be a man on the street, a businessman, a large company or sometimes even the state, and we are all too quick to give up our technological sovereignty. Quite often, we don’t even mind giving up control of supply chain security for our critical systems and applications. And that’s usually the case when the applications are developed by unknown programmers and distributed to different public data repositories (“The main thing is, I can install it on my smartphone…”), or when we’re dealing with large supply chains for the critical systems that provide security for the state where it is pretty obvious that this is an unacceptable risk.
For decades, our developers have been given the possibility to roll out systems and applications without guarantees, without responsibility, without supervision. We are unwilling to take responsibility, even in part, for the development, reliability and quality of such systems. Still, we are always surprised when our electronic systems prove vulnerable and imperfect.
On the other hand, we believe that standards, regulations and laws will solve all problems. If one does not have many years of experience, such standards are good prerequisites, but certainly not a solution. Finally, in road transport we have many legal standards and a traffic system with modern regulations, driving licences, TÜV certificates, traffic signs, technical and police checks and many other aspects, including preventive and repressive measures. Nevertheless, year after year we have millions of road accidents and deaths on the roads and many court cases. What then leads us to conclude that by creating laws, regulations and technical certifications in the cyber area, we can solve all the problems of the digital world?
Many experts believe that it would be a good solution to consistently secure critical processes and important information systems and even to separate them from the outside world. The economies of our countries, however, are mainly driven by small and medium-sized enterprises and not by critical systems. In the European Union alone, SMEs account for more than half of GDP. We invest too little in education and general awareness. We offer too little help to small firms, which usually have neither many sensitisation opportunities nor the financial means to invest in security and especially cyber security (after all, it is not their core business). However, these companies are the pillars of our economies. Do we offer them enough help and opportunities to safely develop and run their businesses?
A Cultural Change
We don’t have enough experts. But it is not only the experts who are missing, but also the IT-literate users, managers, lawyers, diplomats, members of science – simply the informed society. On the one hand, we should start shaping a younger, better-informed generation and do so at a tender age. Maybe in this way we can bring about cultural change and raise a generation of people who not only move easily through the virtual world, but can transform the virtual world for the good of society. On the other hand, we must also take care of our current employees and expand their knowledge and retrain them. Nonetheless, this learning process will take at least a generation.
Events in the cyber world may not be so visible and are certainly less tangible. However, the same laws apply here as in the real world. There are many risks and threats that exploit human and technological vulnerabilities. These cannot be completely eliminated, but we can minimise their impact. But this requires an active interest in our technology, an understanding of the principles and shortcomings, and, above all, not a thoughtless acceptance of what we encounter in cyberspace. Our world is teeming with daydreamers and cheaters. The biggest threat is then excessive trust and unwillingness to expand our knowledge and overcome the lack of critical thinking.