CatIQ conference: Beyond the elements — cyber cats

"Hollywood hasn't caught up to this yet."

Catastrophes aren’t limited to water, wind and weather anymore. Just think back to the 2003 blackout–a rounding error caused by a computer bug cut power to millions of Canadians and Americans, some for as long as a week. And that was only “an accidental cyber cat,” Jose Fernandez, associate engineering professor at Ecole Polytechnique de Montreal, said at CatIQ’s Canadian Catastrophe Conference in Toronto this morning.

Read more: Cyber risk conference: companies aren’t prepared for cyber attacks

Or in 2000, a disgruntled Australian engineer hacked into the computerized waste management system in Maroochy Shire, spilling millions of gallons of sewage into rivers, wetlands and golf courses.

Or the alleged Israeli-American Stuxnet attack which sabotaged Iran’s uranium production for years by hacking into their computer systems through a USB key.

“Hollywood hasn’t caught up to this yet,” Fernandes said. “Tom Cruise has nothing on them…”

But evaluating these cyber catastrophes is difficult, he added, due to the lack of insurance data and security companies’ reluctance to share their experiences.

Read more: Cyber Risk Conference: Educate SMEs on the importance of cyber coverage

To help mitigate these risks, the industry must bridge the great divide in the world of cyber security: operational technology (the hardware and software that control and monitor physical devices) vs informational technology (which creates, stores and shares information). Even the strongest ramparts aren’t impenetrable and once the hacker has breached the walls, you need to still be able to fight.

The industry can also leverage Big Data–with search engines for IP addresses, for example–and dispel the air gap myth, which argues isolated computer systems cannot be hacked. But, Fernandez pointed out, computers can never be isolated for long.

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.