Without a secure energy supply, there is no IT security
In light of the energy crisis, IT security is taking on a whole new meaning and an explosive nature that we had not expected. It is high time to draw the right conclusions, says Andrea Wörrlein in her commentary.
Empty pipelines in the east and idle nuclear plants in the west, for example in France, are causing horrendously rising prices and massive supply bottlenecks. This not only jeopardizes the energy supply of IT and thus IT security as a whole, but also the vital interests of our society as a whole. Societies with a high level of digitalization maturity are hanging on the umbilical cord of IT. We have long since crossed this "virtual" line. And IT, in turn, hangs on the drip of a smooth energy supply. Large parts of our economy, our infrastructure and our social services are unable to function without stable IT support. And IT needs power from the socket - whether we like it or not. IT security must therefore be thought of first and foremost as IT resilience. And the conditions for this are currently very poor.
IT networks depend on supply networks
Instead of blue-eyed voluntarism and tactical mirror fencing, we need strategic foresight, geopolitical sobriety, concentration on what is necessary and a complete renunciation of ideological blinkers. One thing is clear: The events of the last few weeks have shown us how much our society, based on the division of labor, depends on a secure energy supply. We have always known this, but we have been very successful in suppressing it. There was no reason to burden ourselves with this unpleasant certainty in boom times. But now it's payday and the bill is being served. Right at the top, it lists the dependencies we have entered into with IT and the digitization of all areas of life for our livelihoods. What happens in a digitized warehouse if the IT control system fails? Just try to access a high rack without a robot. Nothing can be done manually. Even if, for example, urgently needed spare parts for pipeline pumps were stored there, we wouldn't be able to find and access them. What happens in hospitals, waterworks or waste disposal companies without secure, i.e. simply running IT? The list could be continued indefinitely. Critical infrastructures are more or less digitized. Without functioning IT, they will have to cease operations just like value-added businesses with hundreds of thousands of jobs. A bleak picture, admittedly, but with a not inconsiderable probability factor.
An end to daydreaming
IT security therefore means first and foremost security of supply. In our euphoria about digitization, we took this for granted. But this naïve optimism has come to nothing. The more digitized modern societies become, the more they hang on to the energy-hungry IT umbilical cord. Digitized functions, however, cannot be replaced by manual intervention. This is conceptually intended and correct within the digital logic. But woe betide us if the energy supply is missing. In 1973, we were still able to have a car-free Sunday. In 2022, an IT-free weekend? Absurd. Even seemingly mundane activities like milking or refueling would no longer be possible. The idealizing notion of the reversibility of technological developments turns out to be a romantic illusion in the case of IT and digitization as well. Instead of dreaming of a roll-back, it must be given a more stable foundation. IT resilience starts with the conveyor systems and pipelines, the wind turbines and solar plants, the power plants and supply networks. And this fundamental form of IT security urgently needs to get to the top of the to-do agenda.
Author:
Andrea Wörrlein is managing director of VNC in Berlin and member of the board of directors of VNC AG in Zug.
