How resilient is our ‘digital’ world?
Technology is now all around us. The digital transformation we have seen over the last few years has increased the emphasis on being ‘always on-line’. Take India for example, in 2015 India had 7.5 percent of its population connected to the Internet, by 2019 this percentage increased to 34 percent (WB data). Indian mobile data users consume 8.3 gigabytes (GB) of data each month on average, in fact India is digitizing faster than any other country (McKinsey).
On one side, the digital transformation has opened doors to alleviate poverty, create opportunities, monitor and improve emergency response. But this has also added a new layer of vulnerability. A single disaster caused by natural hazards could lead to serious damages to critical information systems and trigger the failure of whole networks.
Not only our banks, airports and transport infrastructure are networked but increasingly energy, education, security, health and protective assets are also intertwined through the cyber domain. Remotely managed flood gates, early warning systems, waste management, social sites for crowd-sourcing safety information and space technology for conducting damage assessment, among others, are now part of a complex and connected system.
The hyper-connected environment of today’s society, underpinned by the reality of growing hybrid risks, is magnifying the impacts of events such as floods, earthquakes, financial crisis and pandemics including cyber-attacks. These hazards are having an amplified impact at local, regional, national and global levels, thereby affecting the resilience of key societal systems and functions.
The COVID-19 pandemic shows that digital connectivity is critical to societal resilience and business continuity in times of crisis. For digital infrastructure providers in developed and emerging markets, higher demand for connectivity may be counterbalanced by frequent negative shocks.
Take Hurricane Harvey, for example. Back in 2017 when the storm made landfall in Texas and caused more than a hundred deaths and US$125 billion in damages, local hospitals were quickly overwhelmed. They lacked the essential resources to treat patients and many had to evacuate due to flooding. While relocating patients, staff had to leave records behind, with limited ways to access them from afar. The shift to different hospitals severely reduced operational capacity as doctors scrambled to piece together critical data. The efficiency and effectiveness of patient care undoubtedly took a hit as a result. (Acronisscs, 2020)
The 2019 cyclone Fani that struck the coastal state of Odisha in India, ripped apart the telecom infrastructure, with direct losses amounting to more than $70 million in direct losses.
In the aftermath of the 2011 Queensland floods, over 50 percent of organizations reported that they had experienced disruption of their business operations to different degrees, as server rooms were affected by inundation (VOCUS, 2017).
Cyber security threats are another major risk, which has already taken a toll on a few notable occasions (e.g. the 2015 cyber-attack in Ukraine, which affected the electricity supply; and the 2017 Wannacry and NotPetya ransomware, which heavily disrupted critical infrastructure services across Europe).
The correlation of such complex events with the risk of malicious hazards, such as cyber-attacks, may exacerbate the most vital of societal functions including authorities’ capacity to mitigate the impacts of these cascading events. In effect, cascading events make it difficult to estimate the extent of any single induced disruption, as many intervening variables may affect the outcome.
Such risks are further compounded by the fact that many of the small and medium sized companies on which much of national economy relies are likely to come with their own cyber security related vulnerabilities. Multiple studies indicate that SMEs are identified as a clear target of cyber-attacks, and they are less able to withstand such attacks: one study identified that 43 percent of SMEs are the target of cyber-attacks (UNDRR 2019). The current ambition to digitize as soon as possible as part of the SME recovery and response to COVID-19 has increased the occurrence of cyber-attacks: one study estimates that spear-phishing attacks have increased seven-fold since the beginning of the pandemic (McKinsey 2020).
To increase resilience of digital infrastructure investments it is necessary to monitor and measure their vulnerability, sensitivity, inter-dependency and exposure to risk. This shift requires investors, operators and decision makers to make sure that disaster and climate risks are considered in the location, design, construction, and operation of planned infrastructure investments. Equally, infrastructure regulators and operators need to facilitate the transition to resilience through the development and use of indicators that enable systems thinking that understand the complexity and interdependencies of global dynamics and recognize patterns of change (Lonsdale et al., 2015).
For digital infrastructure to be classified as ‘sustainable,’ regulators need to include natural hazards as a key criterion, as well as have a clear definition of resilience. For that, there is a need to explicitly require institutional investors and asset managers, as well as infrastructure developers, to integrate disaster risk reduction, climate change adaptation and resilience into their decisions.
Based on the growing body of evidence of increasing uncertainty and unknowns, resulting from new potential risk drivers such as fast digital transformation or climate change, disaster risk management capacities need to be able to withstand shocks and stresses characteristic of grey rhino and black swan events. Probabilistic stress test measuring the performance of existing risk reduction capacities would support greater understanding of current capacities and improvements that may be required – with the understanding that an event of great magnitude or multiple failures at the same time could exceed all existing capacity to reduce, absorb or transfer the risk.
With trillions of dollars ready to be injected into the recovery from COVID-19, now is the right time for governments and private sector to consider how best these investments can be resilient, green and equitable. In our rush to recover from COVID-19 we must not miss a golden opportunity to reduce existing levels of risk and to avoid creating new risk. Sustainability and resilience are two sides of the same coin. Unsustainable infrastructure undermines the resilience of those who are dependent on its smooth functioning.
It is high time to address these critical issues and to ask ourselves: Are we investing in resilience or obsolescence?
By Mr. Abhilash Panda is Head of Infrastructure Resilience, UNDRR
The views and opinions expressed in this blog are those of the author and do not necessarily reflect those of the Coalition for Disaster Resilient Infrastructure (CDRI).