Innovations in digital technologies have led us to witness a coexistence and increased interaction between old and new technologies. While the latter ones tend to be of a disruptive nature, the coexistence among technologies also brings a phenomenon of convergence, where previously independent technologies merge to create a new outcome. If disruptive technologies drastically change the way we work, interact, access and create content, their convergence shows that the degree to which we depend on those technologies for essential services and activities will also considerably impact every aspect of our lives. Disruption, as the ability to trigger unanticipated effects in already established technologies, and convergence, as the merging of previously independent technologies, represent two often complementary aspects in the penetration and use of digital technologies by societies worldwide. Such technologies are used not only by individuals to access services, work and interact among themselves, but they are also largely integrated in facilities, systems and sites, necessary for the well-functioning of a country and for essential activities of daily life. From emergency services to energy, from finance to transportation, and from healthcare to water, these sectors represent the critical infrastructure on which societies depend to function. While serving different purposes, these different sectors share a common trend: the increasing integration of disruptive and converging digital technologies in the facilities and provision of services.
Take the example of healthcare, whose critical function for societies worldwide has been further underlined by the COVID-19 pandemic. Advances in information and communication technologies have led the healthcare industry towards the use of electronic health record (EHRs) systems which allow the central storage of information and remote access for both medical personnel and patients. At the administrative level, Artificial Intelligence (AI) and machine learning have been used to streamline the workflow whilst on the end-user side (patients), converging technologies – like smartphones and web-based smart devices – empower and allow users to easily access online healthcare services through portal apps that prioritize schedules and treatments. Similarly to the process in healthcare, other critical civilian infrastructure sectors like water management have been digitized. The integration of digital technologies in these facilities has included converging technologies such as the internet of things, cloud computing, augmented intelligence and blockchain for better performance and risk management.
These technologies represent a newly added set of elements in critical civilian infrastructure management. If attacked or disrupted through cyber means, there are physical consequences for the individuals and communities that depend on this infrastructure and the potential impact can debilitate entire regions or nations. Indeed, in the two sectors previously mentioned, when healthcare critical facilities or services are attacked, the lives of individuals are at risk; similarly, when water management systems are attacked, people’s access to meet their basic needs are disrupted.
Converging technologies, however, are not only used at the macro-level of critical civilian infrastructure. At a more individual level, the use of converging technologies such as advanced prosthetics and brain-machine interface is blurring the boundaries between human and technology. This is making human vulnerabilities dependent also on technical vulnerabilities and creating new sets of questions for human security, dignity and equity. Whether converging technologies are directly used by individuals in their everyday lives or integrated into critical civilian infrastructure for the indirect benefit of communities, such technologies not only merge and better connect services and devices, but they create new sets of exploitable vulnerabilities that need to be assessed. From artificial intelligence to cloud computing, and from virtual reality to human-machine teaming and brain-machine interface, the disruptive feature of these technologies is just one aspect in a multi-faced analysis that should also look at the convergence nature of those technologies.
Contextualizing Convergence
Technological convergence identifies the integration of technologies that used to be separate. In other words, converging technologies represent the merging, integration, and transformation of independent technologies leading to a completely new converged device. When a converged technology emerges, it often replaces single-function technologies or renders them obsolete. Convergence can be contextualized as technological convergence, media convergence, or network convergence.
Technological convergence refers to the merging of previously different functions into a single unit and mainly refers to systems that interface with an end user. For example, a smartphone or a smart TV allows the user to access not only traditional functions such as calling, texting or watching traditional TV channels, but also to surf on the Internet, play music, store content in the “cloud” and allow video conferencing.
Media convergence refers to the availability of content across multiple formats and access points. For instance, content that used to be published only in newspapers is now available in digital audio-visual format.
Finally, network convergence refers to the existence of a single network infrastructure handling and distributing multiple media across different channels.
Inevitably, convergence of technology has created new innovation opportunities for better user experience and service delivery. Often used as an interchangeable term, another aspect that needs to be considered is the confluence of technology, represented by the deep interdependence and interconnection of devices among themselves. For the purpose of this blog, we refer to converging technologies as both properly converging and confluent devices.
From the traditional smartphone examples, to the Internet-of-Things, and from smart devices to the most disruptive brain-machine interfaces, converging technologies have increasingly been used for accessing essential services (i.e. access to food, healthcare and water); carrying out basic human activities (i.e. in the case of disabled people using brain-machine interface for communications or movements); and for political participation (i.e. biometric tools), to cite a few examples. Whilst often perceived as an innovative progression or evolution of existing technologies, research is lacking on how the convergence of technology is increasing technological and human vulnerabilities. In other words, research is lacking on whether such convergence increases technical vulnerabilities and, as a result, amplifies the societal impact that attacks or disruption to those technologies can have. Indeed, as the dependence on technology is rapidly increasing for human life-related activities such as access to essential services, technical vulnerabilities will put human lives and well-being at risk too.
Contextualizing Vulnerability
Vulnerability may refer to the technical vulnerabilities of technologies. It must also refer to the community of individuals that depend on these technologies. It is important to note that for some communities their unequal economic means, their social and knowledge divide, and their inevitable direct or indirect dependency on new technologies may make them even more vulnerable when those technologies are targeted and attacked.
Examples of technology-related vulnerabilities abound and will continue to do so as shown by the rising number of bug bounty programs looking for flaws in the technology. When it comes to contextualizing the impact on? vulnerable communities, there is not a specific definition that encapsulates the complexity and heterogeneity of variables that make a community vulnerable in a specific moment. Vulnerable communities can encompass political dissidents, human rights activists, journalists targeted by cyber offensive operations by repressive regimes, as well as children, women, lower socio-economic populations, people of color, LGBTQ+ individuals, religious minorities, elderly. The list can also include businesses and organizations without the budget or capacity to ensure up-to-date devices and security software. As the diversity of these examples underlines, vulnerability is contextual and can include all individuals especially when critical civilian infrastructure essential for life and well-being are targeted. For instance, as was analysed in detail in our recent strategic report on attacks on healthcare, when the critical infrastructure of services and needs essential to human life is under attack, we are all vulnerable.
As a result, when forecasting the societal impact of disruptive and converging technologies, the following questions emerge: How will convergence of technologies change the cybersecurity threat landscape? Will the convergence of technologies lead to an increase of cyberattacks? And how will individuals and vulnerable communities be impacted? These questions will lead our current and upcoming analyses.
The societal impact of converging technologies: a case-study approach
Through examples on the convergence of technology in the healthcare and water management sector, we will introduce below some general considerations on the societal impact of converging technologies for vulnerable communities which will be complemented and reinforced by our upcoming analysis.
A preliminary analysis of technological convergence in healthcare should focus on the use and implementation of merging technologies in critical healthcare systems. The healthcare sector is facing a constant yet scattered and disjointed digitalization largely differing from organization to organization and across regions worldwide. As the health and well-being of patients depend on healthcare services, hospitals have become a key target for cyberattacks using digital extortion, data theft of patients’ sensitive information, and cyberespionage of medical and vaccine research. As a result, the more that technologies converge and become interconnected, the more technical vulnerabilities will magnify existing threats and amplify human vulnerabilities. As digital converging tools become essential for human activities, technical vulnerabilities will put human lives at risk.
Similarly to the healthcare sector, the water sector increasingly depends on digital, often converging, technologies which makes it an interesting case study for our considerations on cyberpeace. While representing a critical civilian infrastructure, water grids are often insufficiently secured against cyberattacks: the convergence of technology used in water management systems makes them a valuable target with huge societal impact and consequences for individuals and vulnerable communities. As attacks against water systems, such as happened in Israel in April and July 2019 and the attack against a water facility in Florida in February 2021 show, critical infrastructure attacks represent a grave threat to everyone’s health, wellbeing and safety.
The convergence of basic technologies such as mobile phones and smartphones has empowered vulnerable communities traditionally marginalized; however, detailed analysis on the real societal impact of converging technologies is missing especially with regards to the use of converging technologies for services essential to individuals and communities. The convergence feature of technologies adds a new layer of vulnerability to the dependence of individuals and communities on new technologies especially in the case of civilian critical infrastructure. Protecting these technologies means protecting people from the harm that an attack to the technological layer can create.
Converging Technologies and Cyberpeace
The convergence of technologies represents important innovative advantages that will improve the quality and efficiency of devices and services essential to individuals and communities worldwide. However, as technologies merge and converge, it is crucial that we address it with a human-centric approach and shed light on the often non-quantifiable societal impact that attacks on these technologies can have.
We have to ask the following questions: How will converging technologies impact cyberpeace? To what extent do offensive activities against converging technologies essential to human activities impact individuals and communities? How can we ensure that the pervasiveness of converging technologies in human activities and critical civilian infrastructure does not undermine human security, dignity and equity?
Putting the individual at the center of attention requires assessing the impact that converging technologies can have on cyberpeace and analysing the threats and opportunities to safeguard human security, dignity, and equity. Too often efforts have focused on the technical protection of technologies but there is a need to shift towards a human-centric approach and put people at the center of the discussion and resilience activities.
At the CyberPeace Institute, we put people at the center of our evidence-led research, assistance, and foresight activities with the goal to empower vulnerable communities and for the promotion of a more secure and stable cyberspace. The more these technologies permeate our lives and enable our daily activities, the more crucial it is to assess how the convergence of such technologies, in addition to their disruptive features, will impact cyberpeace and especially vulnerable communities. The level of pervasiveness and interconnectedness of technologies is bound to increase in the coming decades and this requires important forecasting efforts on the basis of evidence-led analysis to anticipate risks and challenges as well as to leverage the benefits of converging technologies for social good.
Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.