Hi there. Welcome to this lecture on perceived and objective Risks in Cyberspace.
My name is Bibi van den Berg and I work at
the Institute of Security and Global Affairs of Leiden University in the Netherlands.
Today, I will tell you a little bit about the many faces of
cyber security risk and the key challenges
with respect to citizens perceptions of these risks.
Let's begin by asking ourselves,
"What is risk in relation to cyberspace?"
There's no easy answer to that question.
Risks come in many forms and guises in cyberspace.
One of the most tangible and high impact risks
revolves around targeting so-called critical infrastructures.
Think of waterworks, food and water supply systems,
but also transport systems or healthcare institutions.
If these elements of a nation's infrastructure fail,
this leads to significant societal and economic disruption.
So what does that have to do with cyberspace?
Many critical infrastructures today are
connected to the Internet for reasons of efficiency.
Operators can then access systems remotely,
but if operators can so can hackers of course.
What does that mean in practice?
One risk could be that a hacker would open a dam and flood a large area of land.
Another could be that outsiders could change
the chemical composition of our drinking water which may lead to
health risks or an attacker could let
a pipeline explode by increasing the pressure inside it.
A second large cluster of risks relates to military activities.
Cyberspace can be used as a battleground for wars between states,
using cyber weapons to attack the opponents
critical infrastructure with all the potential risks we just discussed.
Attackers be they military or civilian could also tamper with
another country's media or meddle with internet
availability thus effectively putting citizens in the dark.
These two clusters of risk all relate to
the level of the nation state, but unfortunately,
cyber security risks are not just a problem for national governments,
the military or the international community.
A wide range of cyber crimes may target industries,
individual businesses and organizations and even citizens.
Think of for example stealing or manipulating data, Cyber theft,
making information or services unavailable,
Cyber terrorism and Hacktivism or disrupting and damaging systems through malware.
The impact of such crimes may vary but we do witness
a steady increase in their occurrence in many countries around the globe.
As you've heard in the introduction it is difficult to establish
exactly how big each of these categories of risks objectively are.
We have very little historical evidence to go on.
However, experts all agree that the categories of
risk that we just discussed are at the top of the agenda,
at least with respect to the potential disruption they may cause.
But what about perceived risks in relation to cyberspace?
Do these align with the objective risks we have described?