Montreal, 30 June 2012
When the HIV virus spread in the 1980s, the Red Cross remained rather blind to the threat that was about to upset its established model of collecting and distributing blood samples. We know the story: The inability of the organisation to test blood for the virus over several years inevitably led to a widespread scandal of contamination, deaths and legal fines in 2005. It is rather easy today to fault the governance of the organisation and the inertia of its practices. But how did it look to directors and managers when the new threat visibly arose and the established system in place could not cope with it?
Interestingly there is another example in the making and the same governance lessons and challenges apply today. It is not affecting the health of individuals but rather the health of corporations. And it has stealthily built up in the last 10 years: cyber hacking that is vacuuming our technology repositories.
Ever since the publication of the book ‘Cyber Wars by Richard Clarke in 2010, articles have multiplied in the Medias about the proliferation of cyber threats: a collection of frauds, thefts, disruptions, malwares, etc. The Financial Times published last June 1st a special survey on cyber security. The Montreal conference recently presented a panel of experts on the issue. The main argument is simple enough: specialized military units from various nations (USA, China, Russia, North Korea…) have been escalating means and mechanisms of cyber attacks and cyber defenses. What is now scary is the very large gap existing between these cyber warriors and elite hackers and the IT security capabilities prevailing in most private companies. Specialist hackers get in and out, with little traceability, if at all. Not surprisingly foreign agents have been intruding in our private repositories of technology and intellectual property for years.
Most technology companies, research centers, and high tech start-ups are not prepared to adequately defend their technology treasures from the buccaneers, big or small, government linked or not. Yet the facts are there about the existing threats and we are still turning a blind eye: security breaches are rarely acknowledged and even reported. Consider the case of Nortel, which suffered a serious and major hacking incident (IP theft) about 10 years before it collapsed. Not only was the incident not publicly reported, but it then appeared that Nortel did not fix the problem in any meaningful way thereafter.
We are all counting on some technology edge to face competition from China and other challenging nations. Yet the technology leaps that China has achieved in the past 10 years, has exceeded the most optimistic predictions. Yes there are plenty of rightful transfers of technology, but security experts suspect that a great deal of unlawful transfers is taking place electronically, under our nose. We should bear forth an awkward question: Are we currently feeding our technology edge to our competitors at practically no cost, thereby foregoing our future options on economic growth? Some informal indicators are disturbing to hear from experts.
Today the virus is there. We can only hope that directors and governors of technology companies are putting the necessary safeguards in place even if this means some minor budget reallocation and changes in internal practices? On the three main counts underpinning risk assessment (threat, vulnerability and consequences), cyber hacking of technology scores high. The true cost of letting critical technology slip into foreign hands does not show on today’s balance sheets but will tax our future.
Elite hackers are having a field day. If you are still unsure, read the book.
André Du Sault
MBA (LBS), MPA (Harvard)
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.