The Scotsman has just published an article outlining that Cyber crime costs Scottish Businesses £160 per second (here]. While this figure can be debated, like any other figure related to cyber risks, it does highlight a changing world, and it is good to see that Scotland, as nation which supports its businesses and citizens, is now trying to understand the new risks which are evolving in this digital age.
The worry here is the scare factor of the article and that this cyber economy is one that is there to scare us, and where the usage of the term cost implies a negative effect. It is likely, though, that our cyber economy will provide many more benefits than costs. Where would our higher education sector be without the usage of the Internet, where the benefits the Internet brings to education vastly outweighs any costs in protecting its infrastructure? Thus we should see the costs related to cyber threats as investments, and where the investments see an increase in profits for our businesses, and in supporting all the other areas of our economy. Thus for a small nation, Scotland needs to take full benefit of the opportunities that the digital economy brings, and understands that it needs to invest in the skills and knowledge involved in this new economy.
Cyber is the New World
First let’s get behind the shock stories, in order to understand the benefits that a cyber economy will bring to Scotland. One word that is often used to highlight the dark-side of this new world is Cyber, but as a term it should actually relate to the operations of a computer or computer network, and cyberspace thus basically represents our on-line environment. So our cyberspace is really just the place that allows us to intercommunicate, and it is now one which supports so many applications. Few would have thought on the creation of the Internet that we would now carry voice and video, along a network infrastructure that was intended to carry data between a few privileged mainframe computers.
So, in this article, I wish to outline some of the benefits of our cyber (on-line) economy, and that we need to invest in the skills for the future. Companies have long employed accountants to tally-up the profits of companies, an which can be seen as a cost to a company, but it brings benefits too, as companies know their financial position, and overall this often bring benefits to the company. So an investment in a cyber infrastructure should bring great benefits, and it is thus naive to think that any company can use the Internet, and especially the Cloud, and not have to invest in methods to overcome some of its risks. We would never see that fitting locks on our doors as a cost to living in a city, as it is just an investment in the safety of our families and our belongings. The cost of the lock would thus will be minimal in comparison to the cost of us loosing our belongings.
So if we are seeing cyberspace as a scary place which is fully of people spying on us, and where we are under treat continually, we are missing out on the new and amazing virtual world that we have all created. It is strange world when there are people who say that we should cover our kid’s Web camera, as there are people out there who can switch them on remotely and watch what we are doing. the continual feed of these scare stories only makes us feel left comfortable on the Internet.
It’s a new Age
It is to Bruce Schneier that we must turn to when understanding this new age, where our new architectures are being built within the Internet. He outlines that there is a balance to be struck between perceived risk and actual risk, and that we often over react to intentional things, and under-react to those caused by accident, and, unfortunately, many of the key risks within a cyber economy are ones caused by accident, and less by malicious intent. Of the recent outages that have been caused in the finance industry in the UK, most have actually been caused by human failure or in a design flaw, and not by a wide scale attack from malicious parties. For industries have led such a privileged life than IT. Just imagine if your car broke down every day with a generic error of “Unknown fail Please restart”, and you had to reboot it. In this new age, we need the reliable access, and Cyber threats are as much about creating an infrastructure that is robust and reliable, than it is about risk from malicious purposes.
Bruce hints towards a new society that is build on trust, with:
“Trust and cooperation are the first problems we had to solve before we could become a social species. In the 21st century, they have become the most important problems we need to solve—again.”
We are thus moving into an age where it is trust that it is key, and where users we are becoming more educated on what they trust on the Internet.
At Edinburgh Napier, we have just undertaking a survey on the attitudes to the access to electronic health records, which is about as risky an area for the access to data as most other areas. We have found, in our survey, that 96% of those who responded, want access to their health record. I am fairly sure that if the same survey was done five years ago would have actually shown a resistance to the access. But, in this new age, it feels like everything should be on-line and available when we want it. For us booking an appointment on-line with the GP seems so natural as possessed to arranging it over the phone.
One thing that has been highlighted in our survey is that, in terms of identity the citizen, that Facebook is the least trusted of all the major identity providers. So we trust Facebook to post our comments and see what others are doing, but we are less likely to trust them to prove our identity, as we know that for every proof-of-identity, Facebook could gathering data on our activates and use this for their benefit. Whilst the debate our PRISM has shown that very little on the Internet is actually secret, there is a line drawn on what Internet companies can do with our data.
Bruce then highlights the changing world with:
“Our global society has become so large and complex that our traditional trust mechanisms no longer work.”
and this points towards a rebuilding of our society, which has less to do with national boundaries and Government controls, and more towards a new one-to-one trust relationships that we have with the Internet. This is where we cannot draw boundaries around our societies anymore, and define how and what they should do. A changing world is thus being build around our own trust relationships.
Let’s create a new society
A major problem with scare stories is there is often an immediate kick-back, which can go against the reason they were intended for. In this new world we need to balance risks against benefits, and just because there are risks, we should aim to overcome these if there are benefits to our country. Unfortunately if you outline a new positive scheme to share data across a range of organisations in order to improve the lives of our citizens, it is unlikely to reach the newspapers.
So scare stories can actually have a negative affect, and can actually hold-back the building of our new world. An example of this is within the public sector, where data is often siloed, and where each sector can hold data that when brought together can actually improve our health and social well-being. There have been many examples of problems of a lack of sharing, in the past, including with Baby P, Solomon, and so on, and these show the extremes of the problem. There are though some fundamental problems in our current IT infrastructures in the public sector, and this it is highlighted by the lack of access that we have to access health care, and is especially highlighted by the lack of sharing between primary and secondary care. Scare stories can often cause a kick-back against cyber threats, and which can actually cause a barrier to future develops. It is thus important that as a society we try to understand the risks that we all face, and take much more responsibility for our environments, and thus enable a new and forward looking nation, which embraces the Internet, and move our economy and public sector forwards into the New Age.
Toward Big Data
So it is that we are now producing much more data, and the days of this data being locked behind firewalls is gone, as it is all much more public, where 90% of the data in the Cloud was produced in the last two years. Boris Evelson, from Forester Research outline that:
“Big data is such a new area that nobody has developed governance procedures and policies, there are more questions than answers.”
and it is thus now a major challenge has moved away from actually protecting assets within organisations to understanding how and where our data is within the Cloud. For this, business in Scotland need to understand how they can use the Cloud, and segment their data within private spaces, and within more public ones. The fundamental factor is now the concept of ownership of data, and the governance of it, where our health care information, such as related to the immunisations that your have had, is actually owned by you, but you trust the NHS to govern the access to this information. This type of approach is a fundamental change in our society, and is one that seems natural in this new age. Why shouldn’t we have the rights to see our health record, and then define who we trust in terms of accessing it? If an elderly person trusts a son or a daughter to gain access to their health record, even if it is to see the ward that they are in, then, in a future digital age, we should provide the mechanisms to do this.
So, in conclusion, the progress we have made in the past few years on the Internet, and with its adoption, cannot be underestimated, so for “costs” read “investments“, and it is an investment in the future of our nation that we are actually undertaking. While the scare stories will continue, we must all be proud about our own contribution to this amazing infrastructure that we have created. It is one that will true benefits to everyone in the World, and it is one that a small nation can make use of to transform our lives. In Scotland I am proud to save that we, generally, have a good attitude to working together and there are great signs of our changing environment, and it is something that needs us all to contribute. One statement that stands-out for me is from George Crooks, Medical Director, who says that there needs to be a “push and a pull” in the way that health and social care services are provided. The “push” comes from Governmental and Regulators, but the “pull” must come from us … so, if you want it, why not ask?
If you are interested, the full details of our survey on the attitudes to health records will be publish on Friday at our event on Big Data in Health and Social Care at Edinburgh Napier University.