While globalization has created economic and political opportunities for many, it is also responsible for the rapid spread and destruction created by COVID-19.
But if we thought that the effects of this biological contagion were massive (and they were), we can be fairly certain that the effects of a global cyberattack
will be just as significant, if not worse. Here are three lessons we've learned from coronavirus that shed light on the true scale of a future cyberattack:
- A digital virus will spread much quicker and farther than coronavirus.
The Reproductive Rate (or R0) of COVID-19 is estimated to be between two or three without any social distancing in place. This means that for every person who
gets infected, they pass it on to at least two other people. This is an important measure of how contagious the virus is, and consequently how quickly it spreads.
For example, researchers estimate that the infected population in New York state was doubling every three days before the lockdown was put in place. Pretty
Let's compare this with digital viruses. The 2003 Slammer/Sapphire worm, one of the fastest worms recorded, doubled in size every 8.5 seconds, infecting nearly
11 million devices within the first 24 hours. This puts cyberattacks in the vicinity of an R0 of 27 or above. Similarly, the 2017 WannaCry attack crippled
systems in 150 countries before it was brought under control.
Furthermore, while coronavirus was detected within weeks or months, zero-day exploits have been known to operate undetected for years. For example, Stuxnet, a
virus that successfully compromised the Iranian nuclear program hid itself for 18 months before launching an attack. If we extrapolate this to a virus which
spreads through a popular social media application like, say, Facebook, we could be looking at over one billion infections within five days (assuming a
relatively low R0 of 20).
- The economic impact would comparable to that of COVID-19 (if we're lucky).
Researchers estimate that a successfully executed global cyberattack would render 5% of infected machines inoperable, 15% would need to be wiped and systems
reinstalled, and 30% would be asymptomatic while continuing to spread the virus. Accordingly, the only way to slow the spread would be to enforce social
distancing which, in this case, would entail disconnecting all devices from one another as well as from the internet. This NetBlocks tool estimates that
each day without internet will cost the world over $50 billion dollars, meaning that we'll lose $1 trillion dollars every three weeks. And this is in addition
to all of the direct losses resulting from the virus itself as well as the psychological toll resulting from a sudden and complete loss of internet.
- Recovering from the attack will pose unprecedented challenges.
The sorts of shortages and supply chain disruptions that we saw with PPE will only be magnified by a cyberattack. If we estimate that 5% of machines will need
to be replaced, this will amount to nearly 100 million new devices. These will need to be manufactured without proper logistics, connectivity, and machinery.
Also, how do you roll out patches and reinstall systems without any internet connection?
Furthermore, if we look at where these devices will most likely be manufactured, we can see that political tensions will escalate extremely quickly. Currently,
China produces the overwhelming majority of phones, TVS, and computers.
. These include: