From brutal aggressors to confident incumbents — everyone these days seems to be perfectly comfortable with the notion of Digital Disruption. Centered around competitive advantage, its application ranges from the abrupt and irreversible stealth takeover of market dominance to a mere irritating interference of “fireflies before the storm” or even “wampum,” as the dotcom insurgents at the end of the 20th century were famously depreciated by IBM’s Lou Gerstner and GE’s Jack Welch. In our modern Cyber-Physical Systems universe however, where the digital mycelium has pervasively mushroomed, Cybersecurity vulnerabilities and threats rank among the most dangerous disruptive forces as they are inextricably linked to the omnipresent phenomenon of competitive Digital Disruption.
Want to know more? Then check out the new edition of Beyond the Buzz, and all other ones.
Digital Disruption beyond the Buzz
By the end of June 1999, seven months before the dot com crash set in, BusinessWeek devoted an issue to the then prevalent “Internet Anxiety.” Its symptoms were on the cover: “You’re Merrill Lynch when Schwab.com comes along. You’re Barnes & Noble when Amazon.com hits big. You’re Toys “R” Us when eToys shows up. What would you do?” The answer back then was the cover story’s caption: “Part in envy, part in fear, Corporate America is embracing a radically new business model.” Although Mr. Welch surely didn’t have to fear or envy any competitor, his stance towards the Internet was utterly respectful: “I don’t think there’s been anything more important or more widespread in all my years at GE. Where does the Internet rank in priority? It’s No. 1, 2, 3, and 4.” At that time, many mainstream corporate giants were racing to solidify and build out what was called a company’s “Web Strategy,” while digital development exploded.
The year 2000 not only saw the dotcom bubble burst but also the birth of Web Services (“a software system designed to support interoperable machine-to-machine interaction over a network”) as a new defining mechanism for what was commonly called the Digital Economy. Fifteen years later, Amazon has matured from a recommendation engine pure play around books to the poster child of modern retail, Amazon Web Services is a 5 billion dollar business, and much of the attention has shifted to APIs, i.e. to programmable flexibility.
The Internet has expanded to the “Internet of Things” – the phrase that Kevin Ashton coined in 1999 since he couldn’t think of something better. Radically new business models once again are transforming the way in which companies and industries operate. Sensor-laden smartphones and Smartphones On Wheels, aka Connected Cars, have followed the well-known application of RFID tags for Collaborative Planning, Forecasting and Replenishment (CPFR) purposes at Procter & Gamble, where Mr. Ashton, who headed the MIT Auto-ID Center, successfully and for the first time implemented his Connected Things That Talk & Think.
We have traded in dotcoms for lean startups, GE’s FastWorks proudly touting itself as The Biggest Startup Ever, and added both “Industrial” and “of Things (and Services)” to the Internet. Ours is the Age of Exponential Organizations where new entrants may well be ten times faster, better, and cheaper than incumbents. Increasingly, enterprises organize themselves around embedded automated sense & respond data feedback loops which enable better operations, faster product innovation, new service models, and vastly enhanced customer targeting and retainment. The “Anything Internet” phase we have entered is based on three mutually dependent “C” pillars: Cloud Computing or simply digital infrastructure, Cognitive Computing or digital intelligence, and last but not least Cybersecurity.
Cybersecurity Beyond the Buzz
The security of products and services is a key element of the overall security of cyber-physical systems, but a number of things are affecting organizations’ ability to put in place a solid digital defense system. These include an expanded attack surface, inefficiencies in the development process, a weak security architecture of the entire system, lack of specialized security skill sets, and insufficient use of third-party support. Securing a cyber-physical system is a challenge because of its multiple points of vulnerability. These include the products and services involved, the embedded software and the data residing within, plus the data aggregation platform, data centers used for analysis, and of course communication channels.
The current Top 10 list from OWASP, the Open Web Application Security Project, covers the following alarming basic issues:
1 – Insecure Web Interface
2 – Insufficient Authentication/Authorization
3 – Insecure Network Services
4 – Lack of Transport Encryption
5 – Privacy Concerns
6 – Insecure Cloud Interface
7 – Insecure Mobile Interface
8 – Insufficient Security Configurability
9 – Insecure Software/Firmware
10 – Poor Physical Security
Probably Target, Home Depot, Sony, JP Morgan Chase, the U.S. Postal Service, the Office of Personnel Management, the White House, and many other organizations and institutions around the globe could have done more to prevent their breaches. On top of security fundamentals, we badly need more sophisticated data-handling techniques: access control management, tracking and auditing; anonymization; encryption; separation of data; plus well defined and enforced data destruction policies. We simply cannot afford Internet Anxiety Disorder to disrupt economic progress and technological trustworthiness.
Note: This is the personal view of the author and does not reflect the views of Capgemini or its affiliates. Check out the original post here.