EXPERTISE SERVICES: DRR VOICES BLOG
Dr. Toregas is the Director of the Cyber Security and Privacy Research Institute (www.cspri.seas.gwu.edu ) at The George Washington University and manages the NSF Scholarship for Service and DoD Cyber Scholarship Program and conducts research on diverse areas including the community college role in cybersecurity workforce development, cybersecurity insurance and cybersecurity curriculum development including cyber competitions. He also serves as the IT Adviser to the County Council of Montgomery County, MD, overseeing the investment of $230m annually in Information Technology goods and services. He is a fellow of the National Academy of Public Administration, and past chair of its standing panel on Social Equity in Governance. He serves on the boards of many non-profit organizations including Women in Cybersecurity (www.wicys.org ), the National CyberWatch Center (www.nationalcyberwatch.org ) and the National Cyber League (www.nationalcyberleague.org ), and supports the UN Disaster Risk Reduction’s Global Risk Assessment Framework through participation in its Expert Group. He has PhD, MSc and BSc degrees from Cornell University.
In recent weeks, stay-home COVID-19 mandates have pushed crowds of people to work from home, often for the first time. Workers have turned to communication platforms such as Zoom, Webex, Hangouts and Skype, as well as simpler ones like email and file sharing.
Training and experience have prepared established online professionals for cyber-attacks. But many of these new digital workers have little experience and context for cyber security. This sudden increase in the use of digital tools has exposed a lot of personal data and program information.
Increase in attacks and damage expected
Recent incidents illustrate this growing risk:
All these problems will worsen over time for two reasons. The sheer volume increase in digital transactions will bring with it a commensurate increase in attacks. But the number of affected organizations will also increase through cascading effects. Indeed, the impact of an initial attack can cascade to all the interconnected systems. For instance, a cyber-attack on a trucking company could impact food security. The disruption could affect weekly food deliveries to supermarkets. In turn, the loss of revenue would weaken the business sustainability of distributors and producers.
Addressing systemic risk with the Global Risk Assessment Framework (GRAF)
Years before the Covid-19 pandemic, the UN Office for Disaster Risk Reduction (UNDRR) began to explore the potential management of long-term risks around the globe under a Global Risk Assessment Framework (GRAF). This framework enables officials to manage the overall risk accruing from specific events rather than focusing on isolated hazard analysis and response. This shift was articulated in the 2015 Sendai Framework, and work has been underway since then to deploy helpful management tools and strategies supporting a systemic approach to risk.
While traditional hazard definitions do not explicitly include cyber risk, systemic approaches call for an increased focus on this modern cyber disaster environment. Indeed, cyber risk can rival with other hazards in terms of reach, extent of damage and future cascading damage. The 2019 Global Assessment Report (GAR19) explores this topic in a contributing paper focusing on the cascading risk of cyber-attacks, using food security as a case study.
Recommendations for policy makers
What can policy leaders and managers do to reduce the impact of current and future cyber risks driven by the migration of work to an online environment? Here are some simple steps:
The COVID-19 pandemic is a dramatic illustration of the systemic nature of risk. As we move away from a hazard-by-hazard approach, DRR professionals need to improve their understanding of cyber-risk and its potential cascading impact.
You too can be featured here. Share your expertise in DRR with the community.Sign up now!