Will the next global pandemic be technological?
Digital pathogens behave much like their biological counterparts. So how vulnerable are we to a global computer virus outbreak?
Pandemics past and present have all been biological in nature. They started from a disease pathogen, often one that made the jump from animal to human contagion. The textbook definition of a pandemic is ‘an epidemic of disease that spreads across a large region, for instance multiple continents or worldwide, af- fecting a substantial number of people’. However, could we imagine a pandemic that wasn’t biological in nature? What if the affected people weren’t infected themselves, but rather affected by their technological devices becoming contaminated by a digital pathogen?
In other words: In our technologically interconnected world, does it make sense to talk about a pandemic occurring in the digital realm? After all, computer viruses are called viruses because they behave much like their biological counterparts, quickly spreading from host to host and growing from a local to a regional to a global problem in an exponential time frame. Similar to how a biological virus must hijack a human cell to spread, so must a computer virus hijack a piece of information — such as an infected file or document. An infected person can only travel at the speed of an airplane, but infected information can travel (almost) at the speed of light. There are no borders on the internet, hence no way to instate national quarantines. Consequently, diseases in our digital systems are less easily contained because they spread faster than we can adapt.
There have been several examples of computer infections that may be considered technological pandemics. In 1998, an estimated 10% of all internet-connected computers were infected by a piece of malicious software called the ‘Morris worm’, which slowed the computers down to a standstill. At the time, there were only about 60,000 such computers; today, a similar infection rate would be disastrous. Five years later, in 2003, the ‘Blaster worm’ infected millions of computers worldwide, and in 2007, hackers used the ‘Storm worm’ to take control of millions of computers and use them to spread spam and steal identities.
Since then, our computers have become better protected, but they have also become far more complex with more opportunities for finding exploitable flaws. In addition, we now use all sorts of connected devices that may not be as well-protected as our computers. In 2016, the Mirai botnet took control of an unknown, but large, number of surveillance cameras and other IoT devices and used them in denial-of-service attacks that made popular websites like GitHub, Twitter, Reddit, Netflix, and Airbnb inaccessible. With the growth of the Internet of Things and the rise of wearable connected devices, such exploitations of vulnerabilities are only expected to grow. Adding to the vulnerability is that almost all computers, tablets, smartphones, and smartwatches in the world run on just three operating systems — Windows, MacOS, and Android — which means that billions of devices are susceptible to an effective attack from a single piece of malware. We are also increasingly using the ‘cloud’ to run our software and store our data, with a few major providers dominating the market for cloud services — and if a major provider is successfully attacked, it could seriously affect hundreds of millions of users world- wide, potentially leading to permanent loss of vital information and the destruc- tion of ongoing development projects.
In the near future, artificial intelligence may be trained to target and exploit vulnerabilities in software and operating systems, finding flaws in updates within seconds of their release but waiting to ex- ploit them until the updates have been widely installed — all without human oversight that could step in and stop attacks that might do far more serious damage than intended.
Given all these factors, the future event of a serious technological pandemic may not be a question of ‘if’, but rather of ‘when’ and ‘how serious’. In the worst case, all the world’s computers may be blocked and all data on internet-connected devices destroyed, resulting in a massive economic meltdown. Medical devices from personal sports watches to advanced hospital technology would become in- operable, resulting in the loss of life for
potentially millions of people. Automated cars, trains, planes, and drones would run out of control, killing countless people in the process. Such an event could also trigger automated defence systems, launching arsenals of nuclear missiles that cannot be stopped — with no possibility of warning potential targets or launching countermeasures.
A technological pandemic of this magnitude is possible, but not likely. Just as there are global contingencies in place in case of a worldwide pandemic like COVID-19, there are also measures in place to prevent the spread of a computer pandemic. Even so, we may one day see a tech virus that these measures are unable to stop and which, because the virus is developed by a machine, it is impossible to find an antidote for. If so, we should be prepared to live in a low-tech world for quite some time.
An effective defence against such an event is to use devices that aren’t con- nected to the web for all vital purposes. This, however, would make a lot of work tasks and leisure pursuits far more complicated, making it a price for protection most of us are probably unwilling to pay.
