Key transformative technology that will contribute to the changing dynamics of cyberspace: Ubiquitous connectivity
Devices, networks and services are increasingly hyperconnected and interdependent, operating on sophisticated shared infrastructures. Factors such as the speed, reliability, low latency, agility and intelligence of communications architectures are leading to significant changes in the way in which they are used and relied upon pervasively throughout our environments.
Systemic risks related to this development:
-Scale and criticality: The sheer scale of the connected ecosystem means that the potential attack surface is expanding rapidly. As previously unconnected systems become connected to each other and to the internet, there is an increased risk to the confidentiality, integrity and availability of digital assets – whether it’s data, information, algorithms or digital services. The potential implications in terms of compromise for industry and society are becoming more severe.
-Interdependency: A range of new entangled relationships between actors in the digital ecosystem is evolving. The emergence
of new products and growth of new service-based models is creating complex interdependencies between organizations, supply chains, sectors and individuals. This interdependency creates a risk of unforeseen cascade effects: Incidents occurring in one part of the ecosystem could harm those actors and systems dependent on it. Imbalance in perceptions of risk could lead to situations where high-value business., assets are connected to third-party systems whose owners assess them to be low risk and that therefore do not have the appropriate levels of protection. A failure to maintain the visibility and assign the accountability that is needed to assure end-to-end processes across multiple parts of the ecosystem could lead to gaps in security and heightened risk.
-Shared resources: Many entities are sharing a growing dependence on a concentrated underpinning infrastructure and set of shared services, including cloud, internet service providers, hardware, software and the equipment supply chain. This creates an attack
surface of high-value shared resources with a high probability of attack, and the potential for compromise to have severe and systemic
impacts. The homogeneity of the shared technology infrastructure that results from its being delivered by a small pool of providers may result in systemic risk, as the exploitation of a vulnerability found in a widely used resource could affect vast swathes of the ecosystem. Similarly, there is a risk of collateral damage occurring as a result of targeted attacks against a single client via this shared infrastructure. Identifying the critical shared resources, who owns them and their key dependencies is a complex task.