Killing us with cyber incompetence

Published on the 15/10/2019 | Written by Heather Wright

Social Cyber Institute_Cybercrime

Can social science save tech – and all the innocents – from incompetence?…

A Bureau of Software Safety, human capital policies for cyberspace and new c-suite roles – vice president for social cyber ecosystems, anyone? – are among the possible measures touted in a report from two Australian professors pushing for a new approach to technology.

Professor Greg Austin and Professor Glenn Withers of the Social Cyber Institute, say social science should be a central foundation in technology at all levels of national policy, enterprise development and human welfare.

The pair are calling for a ‘radical shake-up’ in organisational structures to place CSOs and CISOs under a new post responsible for all aspects of information technology, especially human capital and social aspects. The ‘senior vice president for cyber ecosystem’ idea would reorganise reporting lines and see a VP for Human resources (managing ‘digital human capital’), the CIO and CISO (you can breathe easy – your roles remain the same) and the VP of strategy (‘Seizing profit gains from future IT transformation’) reporting through to the new position.

“Behind each death by computer error is a human mistake.”

It is, Austin and Withers, just one, indicative, option in an ambitious report, which also suggests, among other things, the potential for governments to create new ministerial appointments for social cyber systems ‘instead of drawing ad hoc on separate portfolios for cyber security, digital transformation, education, industry and employment’.

It might pay to note too that despite the name, the Social Cyber Institute is effectively a consultancy.

In an interesting argument, Austin and Withers claim cyber incompetence will kill more people than cyberattacks. They cite the case of the 2018-2019 Ethiopian Airlines and Lion Air Boeing 737 Max crashes, which killed 346 people ‘because of mismanagement of software’.

“No-one is tracking the number of deaths caused by computer error in hospitals and on our roads, much less framing a comprehensive policy response,” Austin says.

“Behind each death by computer error is a human mistake, usually caused by faults in management of the cyber ecosystem.”

Austin and Withers note too that there’s a financial cost to managing software’s power and pitfalls, claiming those losses are higher than those incurred by breaches in the worst cyberattacks.

So what’s the solution?

In Withers and Austin’s eyes, we need a new concept of ‘social cyber value’.

“We have to recognise human use and misuse of relevant technology as central,” says Withers, who is the immediate past president of Australia’s Academy of Social Sciences.

Bringing a social science perspective to technology could help mitigate the ‘five I’ problems of cyber insecurity, incompetence, intransigence, ignorance and insensitivity, Withers and Austin say in the Creating Social Cyber Value report.

“It is the contention of this paper that there may be substantial benefit in an overarching approach that treats the five problem sets as unified, in the sense of their all deriving from inadequate understanding of the human factors in cyberspace,” their report says.

“If this is correct, an approach that adds the social to the technical could optimise financial outcomes in big business, and community outcomes in non-profits, as well as policy outcomes for government.

“The proposed approach is to manage them all through the concept of the social cyber ecosystem.”

So what is ‘social cyber value’, even?

According to the report: “[Social cyber value] proposes an integration of management of four pillars of business activity: cyber security, digital infrastructure management, strategies for digital transformation (business processes) and human resources (a function which has to become human resources for digital life as well as digital competency). Underpinning the proposed new interaction between all of these four pillars is the consideration of ethics underpinning the social and political values of the enterprise.”

Social cyber value (which the authors themselves say is a ‘novel concept’ to help reorient things and position social science at the centre of cyberspace management at all levels of national policy, enterprise development and human welfare) is a measure for information ecosystem performance: Maximising benefit, while minimising insecurity and incompetence.

“This can only be attained when the human use and misuse of relevant technology is recognised as central.”

Creating Social Cyber Value argues that cyber incompetence is largely unstudied but may be more costly and far more common than cyberattacks and that in any organisation, digital transformation decisions can either undermine or enhance security, and the effectiveness of those decisions depends on the competence of decision-makers. Equally, it says, leaders, managers and users may be swayed by disinformation, creating threats to business and security.

By pulling together technical, socio-technical and social strands, Creating Social Cyber Value says we create the DNA of any information ecosystem.

“A central assumption of this idea of optimised social cyber value is that solutions will be unique to each organisation and that each organisation needs to invest in longitudinal social science research by in-house teams to device optimal outcomes.

“The field of activity is simply too complex to leave to the imagined leadership judgement of senior executives uninformed of detailed consequences.”

Post a comment or question...

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow iStart to keep up to date with the latest news and views...