Apr 23, 2020

COVID-19 Illuminates the Blessings and Vulnerabilities of the Internet

COVID-19 reveals cracks in data security that must be addressed
Robert Graboyes Senior Research Fellow , James Ronyak

Had the COVID-19 crisis occurred 30 years ago—before the internet became a part of everyday life—the depth of the crisis would have been immeasurably worse, both in terms of death and of economic devastation. Aside from that, the internet has given many of us living through the pandemic a semblance of normal life that would not have been possible during a 1990 outbreak.

Although many are still reeling from the economic pains of this pandemic, most people now have a new appreciation for the internet-enabled technologies that have made our quarantines more comfortable than people in the previous 10,000 years of contagion could ever have imagined. Connectivity has granted important yet unsung productivity gains to businesses, too, which has allowed them to better weather these uncharted waters.

Still, technology is not magic. This crisis has revealed some of the system vulnerabilities that had only been visible to IT professionals in years past. To better prepare for future calamities, we need to take stock of these dangers so that we can eventually reduce them—to allow COVID-19 to advise us going forward.

The upside of connectivity

For weeks, Americans collectively and individually have engaged in a grim calculus that asks, “How much privation and poverty are we willing to endure to reduce the death and suffering from COVID-19?” We’ve practiced social distancing to “flatten the curve” (slow the contagion enough to avoid overwhelming the medical system’s ability to deliver care).

As we approach the end of April, the strategy appears to have worked remarkably well in this country. American medical personnel are certainly stressed, but to date, the United States has not suffered the nightmarish shortages of ventilators and hospital beds seen in Italy and other countries. Only time will tell, but for now mortality forecasts have plummeted from just a few weeks ago.

But the economic costs of achieving this goal have been staggering. Bankruptcies could rival Depression-era levels, and unemployment filings are at all-time highs. Stock market valuation plummeted in a short period by one-third, though some of those losses have been reversed in recent weeks. When, how well, and whether the economy will recover is anyone’s guess.

But it’s hard to overstate how much worse this all would have been in a 1990 pre-internet world.

The authors of this article are among the very fortunate. Unlike tens of millions in service, transportation, manufacturing, and other sectors, we can work just as much and just as well (perhaps better) from the solitude of our homes. Our paychecks continue rolling in. When someone sends us the occasional paper check, we can deposit it in our banks from the comfort of our couches and use the proceeds to buy things we need or want. We have face-to-face meetings and social events with colleagues via videoconferencing apps. We communicate with anyone in the world via email. We can shop the markets of our hometowns and of the world. Through services like Instacart and Amazon, groceries arrive at our doorsteps.

Technology helps us work, too

Since the COVID-19 lockdown, we can receive shipments of athletic gear, electronic devices, dog food, dishware, cookbooks, photographic equipment, a seltzer-maker, hobby supplies, and, yes, even toilet paper. Our grocers can restock their shelves from their computer screens. The truckers who refill the shelves use computers to arrange pickups from farms, and farmers obtain their inputs the same way. Bob’s family has arranged to install a backup home generator. With the help of an iPad camera, the installer was able to “walk” around the house, reviewing the terrain, gas meter, and electrical circuitry without wasting travel time or the risk of exposing anyone to the virus.

None of this would have been possible in 1990. Bob is 66, and had he been that age in a 1990 pandemic, he would likely have chosen to stay at home—ending his ability to work and perhaps ending his income—also crimping the incomes of grocers and other merchants. Perhaps someone like Jim, age 49, would have dutifully gone into work, exposing himself repeatedly to infection and, if infected, carrying it home and to others. Both of us would have had no choice but to visit grocery stores—perhaps several stores apiece because of breakdowns in pre-internet food supply chains.

But perhaps most importantly, connectivity has provided powerful weapons to contain and fight the virus. Medical, and political decision-makers are not flying blind as their forebears did during the 1918-1920 Spanish flu pandemic or as they would have had to do 30 years ago.

Communications technologies also make life and work much easier for those who are fighting COVID-19 or who still must clock in at an office. Bob got a taste of this firsthand way back in 1993, when the possibility arose that a deadly hantavirus could have been circulating through the ventilation system of the Federal Reserve Bank of Richmond’s 24-story tower—where Bob worked at the time. Thanks to the just-installed email system, the bank’s in-house physician, Victor Brugh, was able to reach the Centers for Disease Control and Prevention (CDC) and determine within an hour or two that no threat existed.

As Bob wrote about the incident, “The bank had only recently installed an email system, and the technology still seemed other-worldly. Brugh shook his head in disbelief at how rapidly he and others had resolved the potential crisis. Just a short time earlier, he told me, the incident would have meant hours or days of back-and-forth phone calls, busy signals, and missed connections.” Thank goodness that the email system was installed when it was. That technology meant the difference between a speedy resolution versus an anxiety-filled week of uncertainty and lost productivity.

What’s more, we’ve come a long way since then. Researchers around the world can now communicate instantaneously, generate data, share that data with colleagues worldwide, brainstorm, and implement strategies to contain, prevent, and cure the virus. Data from searches on Google and other platforms offer real-time hints as to the course and behavior of the pandemic. Hospitals can seek ventilators and face masks online—through traditional supply chains or through improvisational crowdsourcing.

Medical practitioners can see and hear patients any hour of the day or night via telemedicine, using laptops, tablets, and smartphones. For many patients there is no need to wait till they can physically get to a doctor or the risk carrying their illnesses to crowded emergency rooms. Public health officials can use web-based resources to make better decisions and to disseminate targeted announcements rapidly. Crucially, as the Communist government in China withheld and suppressed information on the pandemic, lonely voices in that country were still able to broadcast warnings to the world. And we here at Mercatus can publish a wealth of research of potential use to public policymakers seeking strategies to lessen the impact of COVID-19.

Again—none of this would have been possible 30 years ago.

The downside of connectivity

But just as the increasing complexity of technology can help solve disasters like the COVID-19 crisis, such complexity creates challenges as well. The ongoing COVID-19 pandemic has revealed vulnerabilities in that connectivity—issues we need to understand and address. Not only are many technologies vulnerable to hacking and social engineering, the information passed through the internet can be suspect as well.

For example, farm equipment, such as picking sorters, has become more efficient through computerization, which can help keep food flowing during times of uncertainty. Yet this digitized farm equipment still runs on the antiquated original Windows 95 and 98 software, for which manufacturers stopped producing upgrades many years ago. Rather than replacing older electronics, which can be expensive, farmers have attempted to limit vulnerabilities by merely unplugging older equipment from the internet.

During a recent visit to a local farm to help upgrade security, Jim was able to walk up to the main equipment location, install a radio connection, and shut down the picking sorters—all without being seen by the farmer. This exercise showed the farmer how much his supposedly cordoned-off equipment is actually exposed and how easy it would be for a malevolent actor to shut him down.

A different example of this type of vulnerability lies in renewable energy facilities. Communication centers that produce wind or solar power are typically secured to prevent electronic or physical intrusion or both.

On another trip, Jim drove past a wind farm where this wasn’t the case. Using his phone, he was able to capture the username and password to log into the closest turbine. For someone with criminal intentions, this information could grant control for each turbine within the farm—perhaps disabling or destroying them. Instead, Jim tracked down the IT director for the company that owns the equipment and explained how to address those vulnerabilities.

From crisis to cybercrime and beyond

Criminals tend to attack or attempt security breaches when people are scared and focused on a crisis and not on daily tasks, and because resources are stretched thin. As COVID-19 has unfolded, the electronic equipment of many businesses and individuals has faced immediate danger from large-scale increases in cybersecurity breach attempts. The federal government, in particular, saw an 800 percent increase in this type of activity a mere two days after much of the country turned to remote work.

Another emerging cybersecurity issue posed by widespread remote work is the inability of meeting applications like Zoom and Skype to maintain adequate security on their platform infrastructures during peak usage periods. Several meeting application providers have neglected to enact important security parameters and updates because of resource constraints and the immediate needs of schools, businesses, and governments for their product.

Many schools, businesses, and governments have had to reschedule or cancel meetings due to growing concerns over whether it is possible to prevent uninvited parties from intercepting data or verbal content from those meeting. Likewise, medical appointments have been shut down or canceled because someone was inappropriately entering the remote medical meeting.

Another problem is the rapid dissemination of news through the internet. Many people have lost faith in internet news—including news on COVID-19 and potential treatments—and are unsure of what to believe. Quality control of internet-based information has always been an issue, but the ramifications are especially heightened during a global crisis.

Then there’s the interference of politics in the flow of life-saving health information. Due to the potential political ramifications of this pandemic, people in positions of authority may slow data from getting to people who need it. Agencies may call for increased review time for public notices, thereby delaying information from getting out, especially in rural areas. The increased review timeframe has delayed information. We need to be able to review vital information at healthcare providers’ websites to make quick decisions affecting our own lives and the lives of those around us.

What is to be done?

While these issues are real, they are not insoluble. One silver lining to the COVID-19 catastrophe is that it has reminded us of the huge importance of security.

Indeed, for both personal life and work decisions, we must augment our knowledge about how to protect ourselves from cyber threats. We need to perform basic tasks, such as updating Windows or Mac operating system software, updating any application software in use, updating all computer virus software, and slowing down enough to take time to read all information and IT emails sent to us to make sure we don’t expose ourselves to an attack.

Businesses and individuals need to do their research on how platforms work before they make considerable investments. Prudent practices include investigating a company's privacy statement, end-user licensing, and security statements. It’s advisable to research or ask for trusted recommendations on any application being considered. Meeting platform vendors did not plan well how to deal with a sudden upsurge in remote work and its effects on their infrastructures. Any platform that takes in 22 million new subscribers in three days will most likely have growth issues until they improve their infrastructure enough to support that growth. This means providing appropriate security for services, such as medical telehealth, to render them continuously functional and secure.

Indeed, as COVID-19 reveals cracks in data security, it’s an excellent time to learn and re-learn these lessons.

James Ronyak is the Vice President for Information Technology at the Mercatus Center and Institute for Humane Studies at George Mason University.

Photo by Justin Paget / Getty

Support Mercatus

Your support allows us to continue bridging the gap between academic ideas and real-world policy solutions.Donate