The Devil’s in the Cloud: Our Headlong Rush into Ultimate Cybersecurity Vulnerability

This is the first part of a four-day series I will post this week highlighting an astonishingly neglected area of cyber-vulnerability. I will be presenting it tomorrow (remotely) at the Jules Verne Corner segment of the ITU's meetings this week in Kyoto, Japan

Cover caricature of Jules Verne, L'Algerie, 15 June 1884, courtesy of Wikimedia CommonsThere appears to be consensus in many quarters today that migrating to the Cloud is highly desirable – indeed, that we have already embarked upon an irresistible and indeed inexorable migration.  Multinational IT vendors view this transition as the next great market opportunity; governments see in it an opportunity to finally rationalize their Byzantine legacy systems without incurring massive up front capital costs; and enterprise users find the value proposition increasingly compelling as their systems become more complex, expensive and difficult to maintain. 

Meanwhile, the data, records, pictures and social relations of individuals (often without their pausing to think about it) move with the tap of a key from hard drives and back up device from the supervision of their owners to who knows where, owned by who knows who, and vulnerable to who knows what?

As this process continues, all-too predictable market forces will drive cloud services towards commoditization, and with commodization will come consolidation – again, in response to classic market influences. 

At the same time, as the share of global electric power consumed by data farms and networks approaches an incredible 10%, concerns over climate change and rising energy prices will drive the data farms that receive all this data to cluster around the lowest-cost energy sources – wind farms, hydroelectric dams and, someday, perhaps solar and geothermal sources as well.  Already there are millions of servers humming in data farms adjacent (for example) to the Columbia River in Washington state that dwarf the agricultural farms that they have replaced. Have YOU Discovered the Alexandria Project?

A Tale of Treachery and Technology

Ten years from today, what percentage of all that matters will live within an increasingly smaller number of ever more enormous data complexes?  Not just the transactional wherewithal to enable transportation, finance, government, food production, power transmission, manufacturing and education to function, but – far more consequentially – all data and, indeed, all human knowledge, less and less of which will find its way on to non-electronic media (remember paper?) for archival purposes at all.

Let us add one final trend: as the First World becomes more networked and Cloud dependent, its asymmetric vulnerability to less network-reliant enemies will increase exponentially.  After all, when the United States has a military budget equal to that of the next 17 most militarily profligate nations combined, what incentive can there be for a lesser country that wishes to tweak the lion’s tail to spend a Rial or a Won on traditional weaponry?

This last trend has been well-recognized as a reason to take electronic cybersecurity more seriously. But this realization masks a far more serious vulnerability entirely, because systems that are the victim of a cyberattack can usually be restored again – often within hours. But a data farm that has been transformed into a smoking ruin by kinetic weapons of war or a terrorist attack will never be brought back on line again.

In the next installment of this series, we will explore how remarkably simple it would be for a nation – indeed for the entire First World – to be reduced to a state of famine and near-non-existence by an enemy the identity of which it may never learn.

Available Now for $2.99 or less

at Amazon, iTunes and Barnes & Noble (and in ePub and PDF formats at GooglePlay)

The moral of the story is that equal attention must be spent to developing and mandating adherence to standards of physical security for our Internet-dependent modern society as well as standards intended to protect against cyber attack.  To do otherwise will be to render ourselves vulnerable to a degree of societal destruction that would rival that induced by a nuclear war.

Does that sound false and alarmist?  Read the scenario that I post tomorrow and make your mind up then.

Sign up for a free subscription to Standards Today

a trusted source of standards news, ideas and analysis

since 2002

Comments (1)

  1.  This has been a concern for mine for a long while.

    The company I work has been asking and fiddleing with "TheCloud" for a while now.  While I have been talking them out of it, it’ll be my job to rescue the thing from disaster, we have now installed our own.

    While no disaster hits "TheCloud" it is more likely to be huge when it does.  We need a series of smaller disasters to educate the rest of the users.

    Unless these smaller disasters hit? no one will learn the vlnerabilities, and a fall "Headlong" into oblivian is more likely, the longer this false sense of security is able to persist.

Comments are closed.