Cybersecurity

The Case For Designing A Resilience-By-Design Cybersecurity Strategy

While there is lots of attention being given to AI and quantum computing there are an estimated 200 critical and emerging technologies shaping today’s technological landscape, each with their own unique cybersecurity implications.

 “There is a Pandora’s box full of new technologies coming to market,” warns Dr. Hoda Al Khzaimi, director and founder of the Center for Emerging Technology Accelerated Research (EMARATSEC), and associate vice provost for research translation and entrepreneurship at New York University Abu Dhabi (NYUAD), United Arab Emirates. She is a co-author of a recent World Economic Forum report on Navigating Cyber Resilience in the Age of Emerging Technologies.

Indeed, the rapid growth in investments in emerging technologies– from approximately $4 billion in 2018 to more than $3.2 trillion today – demonstrates a significant surge in global interest and development, underscoring the need for a broad, inclusive approach to technology assessment and strategy development, says the report.

In the face of this complex and evolving threat landscape a traditional mindset of “security by design”, which focuses on embedding security features into new technologies from the outset, is no longer sufficient, says Al Khzaimi, who is also co-chair of the Forum’s Global Future Council for Cybersecurity and director emeritus of NYUAD’s Centre for Cybersecurity. Instead, there is a pressing need to adopt a “resilience by design” approach, which ensures that systems can withstand and recover from inevitable attacks that will occur as these technologies proliferate, she says. This approach involves embedding resilience principles into every stage of technology development and deployment. In practical terms this means enabling continuous monitoring, developing rapid response, and cultivating the ability to learn from incidents to strengthen defenses over time so companies can recover quickly with minimal impact.

Distinguishing Between Critical And Emerging Technologies

The first step in developing a resilience-by-design strategy is distinguishing between critical technologies which have already achieved a certain level of maturity and emerging technologies, says Al Khzaimi.

Critical technologies, such as smart and new material science, semiconductors and new means of energy generation, are already foundational and essential to national security and economic competitiveness, demanding immediate and sustained investments to protect them from cyber threats. In contrast, emerging technologies, such as AI, quantum computing and synthetic biology, are still at the developmental stage but have the potential to become critical as their applications expand and their strategic importance becomes more apparent. The two are not mutually exclusive. Some technologies fall into both categories. “This fluidity necessitates a flexible approach to cybersecurity that can adapt to both current and future risks, ensuring preparedness for a range of possible scenarios,” says the report.

Anticipating Worst Case Scenarios

While emerging technologies hold great promise for innovation and advancement across sectors, it is essential to consider the potential security challenges they might pose, says the report.

For example, biotechnology advances such as DNA data storage technologies raise questions about long-term data security and potential biological data breaches. Synthetic biology could potentially be used to create designer pathogens or manipulate existing organisms in unforeseen ways. If risks are not hedged within a certain framework of ethical and responsible development, the convergence of AI and biotechnology raises concerns about the potential for creating self-evolving biological systems.

Neuromorphic computing, an approach to computer engineering that designs hardware and software systems to mimic the structure and function of the human brain, may pose other risks. It can help improve efficiency and allow machines to perform more complex tasks but brain-like computing architecture could also prove vulnerable to new types of attack that exploit their learning capabilities, says the report.

Advanced 3D displays such as holograms could also be used for sophisticated phishing or social engineering attacks. Securing the data used to generate holograms is crucial in preventing unauthorized replication as there is potential for the creation of false environments that could manipulate decision-making in critical situations, the report says.

Creating Collective Cyber Resilience

Given the sheer volume of new threats how can companies and countries cope?

The Forum report contains three case studies. One illustrates how the French multinational company Schneider Electric is using generative AI (GenAI) for programmable logic controller code generation within industrial control systems. This application of AI can help to enhance operational efficiency and strengthen cybersecurity measures by automating code generation and improving code quality.

Another case study talks about how Singapore is working with multiple stakeholders on a critical information infrastructure (CII) supply chain program. “This program is a living blueprint that evolves to tackle changing risks and outlines guidelines to support stakeholders in risk management and cyber contracts,” says the report. “It prioritizes international cooperation to support cyber-risk management in supply chains with international and regional partners, working towards harmonizing cybersecurity standards across jurisdictions.”

The third case study highlights how the United Arab Emirates (UAE) is using emerging technologies at the national level to drive both technological innovation and cyber resilience. UAE government bodies are developing technologies such as AI, blockchain, quantum computing, 5G, IoT, digital assets, connected vehicles and smart cities with the goal of transforming sectors across the UAE, establishing it as a leader in technological innovation. The UAE is, for example, planning to transition all government transactions to blockchain by 2025 and has created the first official government body dedicated to the regulation of virtual assets. The Dubai Road and Transport Authority’s work on autonomous vehicles and the Dubai Electricity and Water Authority’s AI- powered operations are examples of the integration of AI into critical infrastructure while “considering safety, efficiency and decision-making,” says the report.

Relevant UAE government agencies are teaming with private-sector companies, research institutions and international partners in an integrated way to progress innovation while building in cybersecurity and anticipating future issues.

“They have an open assessment platform for all the new technologies that is being co-developed with different members of the private sector,” says Al Khzaimi. “What they are doing is creating collective resilience, by involving all of the stakeholders and not just the regulator and the government.”

The report acknowledges that this model is not applicable to all countries but endorses the approach that all nations must aim to derisk the potential threats of emerging technologies. “Understanding what types of bodies and what types of public–private collaboration lead to the most productive outcomes will ultimately serve more than just a single nation,” says the report.

Putting Resilience-By-Design In Practice

In addition to promoting cross-sector collaboration to build comprehensive cyber resilience the Forum report contains a list of practical suggestions for countries that want to put resilience-by-design into practice. They include:

  •  Focus dedicated research on fields such as quantum computing, blockchain, IoT and biotechnology to develop new technologies designed with inherent capabilities to detect, respond to and recover from cyberthreats.
  • Strategically integrate emerging technologies into critical infrastructure sectors such as energy, healthcare, finance and transportation. Technologies such as quantum resistant cryptography, IoT-enabled predictive maintenance and blockchain-based security protocols can enhance the resilience of these sectors.
  • Develop data-driven frameworks for technology and cyber governance with clear metrics for evaluating technology readiness, impact assessments and risk management.
  • Create training programs focused on emerging technology security, such as quantum computing, IoT and biotechnology to ensure workers have the right skills.
  • Implement ethical guidelines for emerging technologies
  • Adopt novel solutions tailored to local needs rather than existing technologies to reduce dependency on external technologies and promote local innovation ecosystems.
  • Establish continuous monitoring and incident response planning in cybersecurity practices.
  • Build trust in emerging technologies by communicating openly about cybersecurity measures, risks and responses to incidents.

“Emerging technologies require a multifaceted approach that integrates security, resilience, sustainability and quantifiable risk measurements into all aspects of technology development and deployment,” says the report. “By adopting these practical recommendations, leaders can enhance cyber resilience, promote responsible innovation and build a secure digital future. “

This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.

To access more of The Innovator’s Cybersecurity stories click here.

About the author

Jennifer L. Schenker

Jennifer L. Schenker, an award-winning journalist, has been covering the global tech industry from Europe since 1985, working full-time, at various points in her career for the Wall Street Journal Europe, Time Magazine, International Herald Tribune, Red Herring and BusinessWeek. She is currently the editor-in-chief of The Innovator, an English-language global publication about the digital transformation of business. Jennifer was voted one of the 50 most inspiring women in technology in Europe in 2015 and 2016 and was named by Forbes Magazine in 2018 as one of the 30 women leaders disrupting tech in France. She has been a World Economic Forum Tech Pioneers judge for 20 years. She lives in Paris and has dual U.S. and French citizenship.