Are we prepared for a digital COVID 19

In a well known Hollywood action flick, directed by John Woo, Christian Slater makes a revelation that when a nuclear weapon is lost it is known as a Broken Arrow. Samantha Mathis another character in the movie asks, “Does the happen so often that it has a term coined for it?”

COVID 19, the virus that has taken the world by storm, is no less than a Broken Arrow, a nuclear weapon that we have lost control over. Developed, as well as underdeveloped nations have been devastated by it. Its modus operandi ensures that majority of the human race is still trying to grapple with the potential solution.

Nature is a great leveler. We were so used to a way of life, that we started taking things for granted.  It almost seems that nature clamored for break from mankind. The best and most workable solution that has come up - the social animal to maintain social distance.  Most of us would never have experienced a Pandemic of this scale in our life time. As paradoxical as it may sound, how can we be prepared for a world that we are not prepared for?

The issues under the bucket of unknown unknowns will start to hit us more often than we can anticipate. One of the key reason why COVID 19 spread so fast is because the human race is intricately connected. A key indication is a life time record 69 million global flight takeoffs in 2019 (as per flightradar24.com).

 The term COVID 19 first coined on February 11, as it started to become a known phenomenon, similar to the Broken Arrow. One cannot help, but think of the digital dependency we have in these times. What could make it worse is an e-COVID wave.

 The possible world of COVID 19 and e-COVID

 I see a scary similarity between the physical and the digital world that may hit us in the near future. Many would recollect the havoc that was caused by “WannaCry – The worldwide cyber attack”. Are we prepared for an e-Covid then ?

 What if the WannaCry virus was a trailer to a bigger digital upheaval. Similar to the SARS or NIPAH epidemic which was relatively better controlled since the spread was limited, is there an e-pandemic waiting to strike the digital world. Let us think of a scenario wherein a similar thing happens in the digital world, a fiercer version of WannaCry takes over. The only solution is to isolate computer networks or devices from connecting to internet, that are e-COVID positive. Given the reliance we have on the interconnectedness in the digital world the mayhem would be unmanageable.

 In such a case, we will not be able communicate with another / any communication device. A WhatsApp call may set in a chain infection …beginning with the cell phone, moving on to any website and taking over the laptops as well as corporate accounts.

 There are five reasons why e-COVID could be a strong possibility:

1) The world is getting more and more integrated with the advent of 5G it is only going to proliferate

2) There has been a significant rise in malwares and ransomwares in recent times

3) The technology to create such malwares and ransomwares has become easily accessible

4) The speed of infection will be rapid and the time to react will be minimal

5) A solution may not be an easy one to find

 We have all experienced software that make our lives easier. It has made the lives of good people easier, and the lives of bad people even more easier. An easily available service is RaaS or Ransomware as a service. You can avail of ransomware services for as low as USD 400 and the list of features is quite impressive. This means any layman with a small figment of negative intention and some creativity can cause significant harm.

 We are in a world of hyper connectivity, one infection connects x more people in a COVID 19 situation, in the case of Information technology this is raised to the power of x.   End of November the first COVID 19 patient was identified in China, the next case was in Thailand on Jan 13. A week later US reported its first case. The world had about a month and half to respond, we could have done better? As of 22 March 224,000 people were infected and the virus infection is still raging in some countries.

WannaCry struck on 12 May 2017, on 13 May 2017, it had infected 230,000 computers in 150 countries. The speed at which future viruses will hit the IT systems and leave us with no time to react.

 So what next?

As a consultant, one of the first lessons we were taught was if you don’t have the solution, you are part of the problem. Is there anything we can do to solve the potential problem? let’s look at the possible solutions:

Identify who can help - The solution for WannaCry was found almost by accident. A British researcher realized the code queried a particular domain. If the domain was activated, the infection was stopped. He bought the domain and stopped WannaCry from continuing to infect the planet’s IT systems. He became a hero overnight. In an unfortunate turn of events, just three months after his heroic act, the researcher was arrested by the FBI as it was found that he was the creator of a piece of malware that had been stealing banking details from people all over the world. He admitted to creating the malware, and pleaded guilty to the crime. It is likely that the one who discovered or developed such a virus, can also come up with solutions to destroy and protect. Reminds me of Amitabh and Dharamendra who were petty criminals, but were hired by the jailor who eventually made the dreaded Gabbar succumb. Can we keep an eye on the source of such viruses?

Identify the warriors – As much as there are COVID 19 warriors fighting the dreaded virus, we need an army of smart and efficient soldiers to fight an e-COVID battle. We need to identify these warriors as currently they are spread across the globe. The fight against an e-COVID will not be fought locally, this will be a global fight. A global repository of the e-COVID warriors needs to be developed, who can rise to the occasion and fight this battle from day 0.

Increased protection of personal devices (not just corporate devices) – A lot of organizations have started to spend money on security which includes the firewalls, VAPT’s, secure endpoints and solutions on these lines. However, in the times to come, more organizations will allow employees to work from home on their personal devices. These may not be controlled by the organization. Therefore, a significant opening will be created for hackers to pass on the virus to corporate networks and then onto the globally interconnected devices. Not to say there is a dearth of vulnerable corporate devices, the inclusion of a larger number of personal and relatively less protected devices with exposure to sensitive information will up the risk. We must figure out a way to secure personal devices.

Accountability in case of open source – A majority of organizations use freewares and open source tools to protect profitability and save cost, some of these tools are more efficient, easy to use than even the licensed version. I am not against profit making or open source tools, however we need to bear in mind that it leads to an increased exposure to unknown unknowns. Enough articles point to the origin of the COVID 19 virus …The risks were there, yet we chose to turn a blind eye. We should avoid such mistakes in the digital world from such opensource tools.

A smart mechanism to exchange information – If the red flags were raised, say a week earlier, several thousand lives could have been saved. How can we make sure that a seamless mechanism exists to identify, detect, exchange information immediately to block any such malaise. can all countries come together to establish such platforms which can share information on real time basis? The success will depend on how many are willing to share credible information in real time and is there a platform to do this.

 Build a strong mechanism to respond – It is a matter of time before an e-COVID hits us. It will hit us like the COVID 19 did, catching us unawares. Better prepared nations blunted the effect of COVID 19, others who did not respond well are facing the unfortunate brunt. The response in case of an e-COVID will not help if it is from a particular country, the response has to be a global one. Currently there are global agencies, but such is the nature of the world that we live in, it is going to be extremely difficult to come up with a unified response. All countries need to come together and plan for a response when the e-pandemic strikes us.

 Conclusion – We read of cyber-attacks almost every day. Several are unreported. The biggest worry of the future could be magnitude of the attack. We have not been kind to mother nature and COVID 19 is a strong push back for mankind. Are we protecting nature enough ? Are we damaging the very fabric that created us ?

 A question that begs to be asked, are we doing enough to ensure that the interconnectedness in the digital world remains safe . We survived the WannaCry phase, we will survive the COVID 19 pandemic as well. The history of mankind is a testament to the same. We need to have a comprehensive mechanism to respond and make sure the digital world is a secure place. With the advent of Artificial Intelligence and Machine Learning, could we be sure that some rogue is not misusing the technology that creates an uncontrollable virus ?

 By the way the Broken arrow in the movie was diffused before it could go off…If we could have done the same for COVID 19, much of the world could have been saved today.