How COVID-19 Is A Lot Like a Digital Virus

Cartoon pumpjack at border post being tested for COVID19

How COVID-19 Is A Lot Like a Digital Virus

The novel corona virus number 19 is laying waste to people, industries and economies, but what lessons does this human viral scourge have to teach those of us embracing digital in oil and gas?

The Backstory

In case you’ve shut yourself off from the wave of virus porn that has overwhelmed the airways and media feeds, here’s the backstory. A new virus, for which medical science has no vaccine, begins to bloom in Wuhan, China last December, presumably originating in a wet market where humans and animals are in close contact, and where transmission of the virus from one mammal species to another can take place.

Years ago, I lived in Hong Kong and frequently visited the wet markets. To westerners, whose food is tinned, styrofoam tray’d, plastic-wrapped and heavily processed, the wet market is a assault on the senses. It’s a visually traumatic, bloody, and noisy affair. Anything you could imagine eating is available—alive, incarcerated, and anxious. Chickens and ducks are simply decapitated and dropped into large plastic barrels to thrash about while their blood spews forth. Frogs are skinned alive with just two strokes of an experienced knife. Fish, still alive but on ice, are cut open to let their organs inflate and deflate, like some grotesque balloon artist. And that’s Hong Kong, a kindler, gentler version of Wuhan.

The world is visited by weird new illnesses regularly, and by regularly I mean every decade or so. Recent examples in my lifetime include SARS, bird flu, swine flu, and MERS (also known as camel flu). These are on top of seasonal flu which befalls hundreds of thousands annually, with a sadly high mortality rate among the elderly.

The virus has been christened COVID-19 (or C19 for this article) to distinguish it from all the other corona viruses, but we’ll certainly want to come up with a more sinister handle. The virus spreads quickly from human to human and is now well beyond its market roots to just about any country that has a border, a port (air or sea), and people movement. Basically everywhere.

Most of us spend precious little time thinking about how viruses impact our human lives, and just as little time considering the role of viruses and other cyber threats in our industrial world (until we have an outbreak).

COVID-19 should prompt a little introspection among Boards and management teams about the health and security of their human talent, but should also provoke a discussion of preparedness for cyber issues.

Industry is adding billions of new sensors and digital automation into its infrastructure, creating a fertile new landscape for the transmission of computer malware, viruses and other malicious elements. We must be vigilant.

The Vulnerable

C19 doesn’t look like it discriminates between hosts. Anyone, at any age, can get it. All it takes is a little exposure. Medical professionals seem be disproportionately represented among the victims, which is worrying because there’s a finite supply of doctors and nurses. The medical profession should also be best prepared to avoid contracting the virus because of their training, available equipment, sanitation practices, and awareness of the hazard. It doesn’t bode well for the rest of us.

I’m waiting for someone to appear who is naturally immune to C19, but how would you find that person? Some testing must be going on since there is at least one case already, in Japan, of a survivor becoming re-infected.

In our digital world, we should also assume that computer viruses will not discriminate between possible hosts to infect. Everything is vulnerable. Digital professionals, with their training, edgy gear and experimental practices are likely not any safer than any other professional group, and may even be less prepared. And having survived a bout with a digital virus does not guarantee immunity from a re-occurrence.

Mortality

C19 seems to be a particularly mortal affliction among those with a compromised immune system already (to quote a Darwinian phrase — the old and the weak).

In oil and gas, the parallel is to our brownfield site systems (that is, oil and gas infrastructure like wells and plants that have been running for years already). These systems predate digital and are protected from harm because the systems are obscure and are ‘air-gapped’, meaning they do not have an on-line pathway connection to the internet through which a virus can be transmitted. They’re not in the internet wet market.

But like the elderly, brownfield systems are still ‘weakened’ and compromised. New sensing tools can sniff out or monitor their unencrypted data transmissions. An artificial intelligence system can fully mimic one of these old systems and fool users into thinking that the system hasn’t been compromised. Employees are bringing all manner of new devices into proximity with their closed systems. These trojans may contain compromising technology, and listening posts for the maleficent.

While the risk of C19 to me as a person might, in my worst case, be my very existence, the risks to an oil and gas business from a virus infection, particularly one aimed at infrastructure, could be much, much worse.

Data Gaps

Mortality data for C19 suggests a mortality rate of 3.5%. That is almost certainly inaccurate because, while we know precisely who has succumbed to the virus, we have no solid data on who has been infected. One thing that the medical world has agreed, however, is the need to share data quickly and with urgency on the basics of an outbreak — testing and detection rates, affliction rates, recovery, mortality, and by gender, age, risk category, location, and timing. Mechanisms and organizations are in place and at the ready for when outbreaks happen.

Similarly, viruses in our digital world can be coded so as to infect but not display any signs of infection. The virus can lay dormant until the right moment when its lethality is at a maximum.

What industry does not do, unlike our human virus world, is share any data about a digital viral outbreak. To protect owner interests (ie, stock price or valuation), almost all businesses hide their outbreaks and the resulting impacts to keep bad news out of the public eye.

Industry does not have a clearing house for collecting and disseminating digital virus data. There is no Center for (Digital) Disease Control and Prevention, or World (Digital) Health Organization. I would not be surprised to learn that the big cloud companies have informal networks of security professionals who alert each other to digital virus outbreaks, but there’s no transparency.

Preparedness

Given the history of disease outbreaks, most if not all countries should have a level of preparedness for dealing with viruses like C19. China’s draconian tactics include quarantining entire cities, building hospitals in a week, and sending everyone home to sit it out. Many nations simply block cruise ships from landing or screen arrivals from hotspots such as Italy and Iran. Japan, deeply concerned about its upcoming summer olympics, is simply keeping foreigners out until the outbreak is under control.

The world, including the Chinese population if rumours are accurate, are appalled at how the whistle-blower doctor was treated. He was hauled into a police station, made to recant his actions, and sign a promise not to disrupt the public order with rumour-mongering. And he subsequently succumbed to the disease. The actions of the Chinese authorities in their treatment of this medical professional do not inspire confidence in the transparency of China’s digital infrastructure, including the role of its key telecoms champion, Huawei.

Business in a digital era also need to be prepared for a digital virus break out. Whistle-blowers are to be rewarded, not punished, even if they are the victims of an accidental attack. Plans should be in place to isolate or quarantine affected parts of the digital zone. Unpatched and unpatchable gear need to be identified and secured. Mechanisms to test for infections at scale need to be at the ready. Draconian actions, such as seizing mobile phones and wearables, may need to be on the planning books, along with tactics to cope. Switching back to paper is at best a very short term solution — most employees these days will simply quit if they’re told that they need to use paper ledgers for any length of time.

On-going exposure

Seasonal flu kills many thousands every year, in both the Northern and Southern Hemispheres.

When I lived in Australia, we were bombarded with annual invitations to get a flu shot during the winter months of June, July and August. I didn’t take advantage of this service. Flu to me is something that you only contract during the cold winter months in January and February, when the temperature is in the negative double digits. How can there be a seasonal flu where the temperature is plus 10 at night and mid twenties during the day? That’s what we call Canadian summer.

C19 looks like it is a cold weather virus, and when the warm weather returns to the north, it’s likely the virus will simply move south for the winter, like a reverse Canadian snowbird.

Many industrialists assume that once a digital virus has been brought under control or eradicated, there’s no need to maintain an on-going vigilance. Untrue. Viruses can shape shift, reappear years later, and even reinfect the same victims. The flu shot is the software patch, released by the software publisher, to counteract a security flaw or vulnerability. Keeping current on the patches is how digital leaders keep their kit from becoming infected.

Conclusion

In the same manner that COVID-19 is testing our human health systems, industry should also consider the preparedness of its digital infrastructure to cope with disruptive, permanent, invisible and dangerous new digital assailants. Detection, prevention, and reaction all matter in this ongoing battle.

***

Check out my book, ‘Bits, Bytes, and Barrels: The Digital Transformation of Oil and Gas’, available on Amazon and other on-line bookshops.

Take Digital Oil and Gas, the one-day on-line digital oil and gas awareness course.

Mobile: ☎️ +1(587)830-6900
email: 📧 geoff@geoffreycann.com
website: 🖥 geoffreycann.com
LinkedIn: 🔵 www.linkedin.com/in/training-digital-oil-gas

No Comments

Post A Comment