World Monitor Mag, Industrial Overview WM_November_2018_WEB_Version - Page 84

additional content including the City Hall of Port-au- Prince, the Presidential Palace, the National Assembly building, and the headquarters of the United Nations Mission in Haiti. It also destroyed or severely damaged virtually all vital infrastructure — including telephone and other communication systems, hospitals and other medical facilities, and airports and seaports — essential to response and recovery. And because the quake struck during the afternoon, when business, government, and NGO offices were open, many experienced professional crisis managers were killed. These factors, which were not anticipated, gravely compounded the effects of the earthquake. 2. Vulnerable technology. Society’s dependence on the Internet (and, increasingly, on connected devices in the Internet of Things) makes it exceedingly vulnerable to asymmetric threats. Paradoxically, the Internet itself evolved out of an attempt to forestall an asymmetric threat. The original Internet, called the “ARPANET,” after the U.S. Defense Department’s Advanced Research Projects Agency (ARPA), was an effort to make critical control of communications technology invulnerable to nuclear attack, through the concept of distributed computation, or “packet switching.” In fits and starts, the ARPANET extended its reach, until ultimately it became open to all, including those who see advantage in selectively undermining it. As companies surrender more and more of their operations (and even agency) to automated systems, they tend to expect that the technology will always work as designed. This expectation becomes an Achilles’ heel — a vulnerability that will continue to be exploited by individual hackers and, 82 world monitor Society’s dependence on the Internet (and, increasingly, on connected devices in the Internet of Things) makes it exceedingly vulnerable to asymmetric threats increasingly, by sophisticated nation- states. And the odds are in their favor: With most digital technology, sabotage costs far less, and has a far greater ROI, than prevention. Even low-tech, low-resource mechanisms such as off-the-shelf ransomware acquired on the Dark Web can disrupt the basic technology that undergirds virtually every institution’s operations. The corrosive effect of repeated cyber theft and identity theft leaches down to the consumer level as well; it becomes a constant, unwelcome fact of life. A 2017 PwC consumer survey on cybersecurity reveals that only 10 percent of consumers feel they have complete control over their personal information, and that consumer trust in both businesses and the government with respect to protection of their personal data is fading. Businesses, meanwhile, are struggling to find the right balance between missing (or not disclosing) breaches and sending too many false positive warnings to consumers. The sheer scale and frequency of these kinds of threats are so potentially terrifying that individuals (and organizations) can become numb to them — a passive attitude that further wears down their resistance when a breach happens. Other technologies are also vulnerable. Breakdowns in autonomous vehicles, in dams and water management systems, and in health-related technologies are far more manageable when they are expected to fail. When technological failure is seen as unacceptable or impossible, this threat becomes more serious. 3. Underestimated disasters. Sometimes the worst-case scenario actually happens. And, typically, human beings are biased against foreseeing and preventing it, because of economic concerns, liability issues, a lack of long-term memory, or simply denial or rationalization. The most common case in this category is a potential threat that leaders are aware of — for example, a natural disaster such as a hurricane, flood, drought, earthquake, tsunami, or wildfire — whose damage is easy to underestimate. At the same time, leaders may overestimate their capacity to handle it. This perception, rather than the threat itself, poses the greatest risk. This category, however, does offer a great opportunity for learning, preparedness, and future mitigation, on the part of both the public and private sectors. When compounded by the first two asymmetric threats — unprotected infrastructure and vulnerable technology — underestimated disasters can expand to inconceivable magnitude. By strategy &