How do we better protect our most vulnerable populations from cyber incidents? Michaela leads the conversation and posits that instead of thinking about it as a domain of war, we should use a climate analogy to think about the increasing vulnerability of our digital ecosystem. This could help us understand the disaggregated impacts on different communities and change the way we think about building resilience. If you'd like to reach out to us, send an email to cyberRAR.podcast@gmail.com!
How do we better protect our most vulnerable populations from cyber incidents? Michaela leads the conversation and posits that instead of thinking about it as a domain of war, we should use a climate analogy to think about the increasing vulnerability of our digital ecosystem. This could help us understand the disaggregated impacts on different communities and change the way we think about building resilience. If you'd like to reach out to us, send an email to cyber.rar.podcast@gmail.com!
Dusseldorf University Hospital Ransomware Attack: https://www.wired.co.uk/article/ransomware-hospital-death-germany
CISA alert on the increased threat of ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
Darknet Diaries Episode: https://darknetdiaries.com/transcript/106/
Cuckoo’s Egg: https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)
Resources for vulnerable populations:
--EFF: https://www.eff.org/pages/tools
--Access Now: https://www.accessnow.org/help/
--Department of Homeland Security: https://www.ready.gov/cybersecurity
--Consumer Reports: https://securityplanner.consumerreports.org/
INTRO
Bethan
Hi, everyone. Welcome to Cyber.RAR, a podcast by Harvard Kennedy School students. I'm Bethan, one of your hosts. And today Michaela, one of our resident experts, is asking the question, how do we better protect our most vulnerable populations from cyber attacks? Michaela, take it away.
STORY HOOK
Michaela
Thanks Bethan. In September, 2020 a woman in Germany, suffering from an aortic aneurysm died after her ambulance was rerouted to a different hospital 32 kilometers away. The local hospital told the paramedics that their emergency department was closed. So they couldn't accept the patient. This incident drew the attention of cybercrime officials because it was a ransomware attack that had forced the hospital to turn the ambulance. The attack compromised the digital infrastructure that the hospital relied on and limited their capacity, uh, closing it down by 50%. Following the attack, it was suggested that this may have been the first instance of death by ransomware.
After months of investigation, police say that the patient was in such poor health that she likely would have died anyway, but it is a telling sign of what could be to come. So let's get into it.
The premise today is to reframe how we think about the impacts of cybersecurity. Cybersecurity is usually talked about in the framing of protecting devices, protecting networks, protecting systems.
But I think that we should really be talking about protecting people, and that if we reframe our approach to understanding cyber impacts, to understand the impacts on people instead of systems, then we'll be better equipped to build a more resilient society overall.
Q&A DISCUSSION
Winnona
So Michaela, before we jump in. I know that there've been quite a few ransomware strains that have hit hospitals. Was this WannaCry? Was this NotPetya like, what was this one that we would have heard about?
Michaela
No, not at all. This was a smaller scale ransomware attack on Dusseldorf University Hospital. Not Wanna Cry.
Winnona
But that's also interesting, right? Because like you hear these like huge scale, you know, semi-state sponsored, well, actually state sponsored in terms of both WannaCry and NotPetya destructive attacks, but even smaller criminal organizations that are targeting these sorts of institutions are causing real life impact.
Bethan
Right. It's a, it's a great example of in cyber, how something or someone so small can have an outside outsized impact and take a life. As we, as we saw in this, in this horrible tragedy.
Michaela
It's true. And it's hard to know how much threat actors think about the potential impacts of their actions, but hopefully they aren't intending for deaths to occur. They're usually out for financial gain of some kind. But the negligence that is created by unleashing these types of attacks on hospitals and other elements, other parts of our critical infrastructure, shows how little control we have over the problem.
Grace
Yeah, I think it's an important distinction that I don't think it matters so much whether or not the people committing these types of ransomware attacks are intending to hurt people because they will hurt people, regardless of their intentions.
And I think like targeting a hospital. It's stuff like this. If I'm not mistaken, this attack was specifically targeting this hospital because they know how critical their services are. So the hospital administrators will work really hard to get, to pay the ransom. And I mean, I think that. It's unacceptable, it's unconscionable.
Michaela
Yeah. And you bring up a good point, Grace. I think one of the challenges of this space is that a lot of attention is paid towards the adversary. Who is it? How can we attribute? Do we know what they used? And very little attention is paid towards the actual impacts. We don't collect very good metrics on the disparate impacts of cyber attacks on different types of populations and different communities.
So I think it's important for us to start unpacking, “What does it mean for vulnerable and marginalized populations to be impacted by cyber attacks and how do we define what vulnerability and marginalization actually look like.”
Winnona
So then let's dive into it, Michaela. So what do you think or constitutes a vulnerable and marginalized population, specifically in this cyberspace? Or is there even a delineation there?
Michaela
Well, let's, let's take a step back because I think there are two different ways in which cyber incidents can affect vulnerable populations. And I really want to distinguish these because we're really going to be talking about one as opposed to the other. The first, which is covered by a number of civil society organizations, is that cyber incidents can affect individuals who are targeted by hacking, ransomware, whatever it might be. These are usually journalists, human rights activists, people who may have a target on their back. These people are often subject to targeting and harassment at a significantly larger scale than most private individuals. And it often intersects with different elements of vulnerability, like age, gender, gender, identity, political beliefs, religion, ethnicity, race, or national origin. And that is a better known and understood area of vulnerability.
But the second way in which cyber incidents affect vulnerable populations that I think is important to unpack is when individuals are affected by a broader cyber incident, like supply chain attack or infrastructure attack. And there are some people in our population who are more vulnerable to severe impacts than others. So when you think about our social infrastructure, everything from utilities to banks and healthcare services, these are all becoming increasingly vulnerable to cyber attacks, and they're going to have disproportionate impacts on different populations.
When we talk about vulnerability and marginalization, this may differ depending on context, but it often includes low-income residents, senior citizens, foreign language speakers, people of color, women, LGBTQ individuals, religious minorities, children and others. And it really can depend on the context, but there are a lot of ways in which different populations can be more vulnerable than others.
Grace
Yeah. I think that, um, we can see that in the case that you were talking about at the beginning, um, where this, this woman who was experiencing this medical emergency, she was 30 or so kilometers away that's what's 20 miles or so. Um, I mean, here in Cambridge, we, I mean, we have like three or four hospitals within like, you know, probably like five mile radius.
So like, you know, rural populations or different, um, people who already don't have a lot of access to like critical services are just put in more, even more danger. Um, so I, I think I can see what you mean by like the outsized impact that. It worsens already vulnerable populations.
Michaela
Yeah. It's very true. And I think there are other layers to it as well.
If I'm correct. I think this woman was in her late seventies. There are different ways in which people can be vulnerable, their health status can be vulnerable, that's not necessarily linked to the healthcare system, but has more to do with structural, economic and racial inequities as well. And so that's something that we don't think about very often, but can be layered into this particular scenario.
Winnona
I think that this also showcases just like a wider understanding of how cyber harms are also real-world harms where you don't just have this preexisting inequality. Um, but what happens when that resource is taken away from people who need it, and then what can you do to a) mitigate that or prevent that from happening in the first place and then b) try to repair the damage once it's happened.
So there's two different aspects, even when you're talking about more vulnerable populations. How do you ensure that a hospital system is robust enough to withstand a cyber attack, but then even after a ransomware attack occurs, how do you make sure that either that doesn't happen again, the family is, I mean, you can't really ever be, have any sort of recompense for a life, but how do you make somebody whole again when they've been damaged in this way?
Michaela
Yeah. And we can even use a less extreme example too. If we think about cyber attacks on other pieces of critical infrastructure. So I just want to highlight that in February of this year, 2022, CISA released an alert on the increased globalized threat of ransomware.
This was in conjunction with Australian and UK warnings, and they talked about different types of sectors that are, that have been hit, including emergency services, but also food and agriculture, education sectors. These are ones in which you might not have a loss of life as an impact, but there are a lot of other ways that that can, that can negatively impact people's quality of life or the way in which they're able to access services and resources.
So if you think about somebody who might be working from home because they need to, and the internet or their electricity goes out. If they're super reliant on the, on those systems for their livelihood and are going to be much more negatively impacted by loss of income than somebody else that might have more safety nets in place, then this kind of an impact we'll just have much more severe and lasting impacts.
Dani
One of the things I want to make sure we're also sort of holding here is we've talked only about ransomware and that makes a lot of sense for two reasons. One, it's I think the fastest growing threat, at least in the last four years or so, and two, it's something that impacts everybody, regardless of whether you're a vulnerable population or not. When you attack a major system or organization, all of its clients are impacted. So it's easy for anybody who might not be particularly at risk to still understand the costs and to be concerned about them.
There are other threats that are uniquely, um, targeting vulnerable people. Um, and I think it bears mentioning because we've seen actually I think a lot more costs in that space than necessarily in the ransomware space.
So things like, um, hacking explicit photos and releasing them and using that as leverage or exploitation. Um, there's a podcast a lot of us here are fans of, Darknet Diaries, that recently covered, uh, stealing or attempting to steal Twitter credentials and the ways in which people resort to swatting to do that, which is actually ended up in more than one death.
Um, and so the sort of total casualty count there is higher than in the world of ransomware. And the populations mainly involved there are kids, people who are on the internet and don't necessarily have the wisdom to be doing so in a responsible way. Uh, and. Passerbuys are getting hurt. Um, so I only raise that because I think as we consider the potential costs, um, it's important to bear in mind that there are particular effects that most of us probably won't run into on a day-to-day basis but that are sort of live and causing real harms right now.
Winnona
Or even to jump off of Dani's point here, like spam calls or voice phishing the elderly and getting them to reset their passwords or, you know, transfer funds out of their bank accounts. Like these are the things that, you know, people like us who are frankly, digital natives, aren't really going to fall for him in any way, shape or form, but it does hurt, um, specifically these types of populations.
Right. And it, it reminds me of, um, I was sitting in a lecture that I definitely wasn't supposed to be in, uh, back when I was a working professional and someone put up this pyramid of basically Trust and Safety where, when we talk about cybersecurity versus trust and safety, a lot of people in this field tend to focus on kind of what Michaela and Dani have been saying. Like the zero day threats, the ransomware threats, the ones that are the big buck, um, or big game hunting, kind of threats. Like you have this multimillion dollar business, and that goes down, shuts down entire supply chains, or you have this like big state actor that's going after these sets of organizations.
Big names. Usually if it's not big money attached to it, it's, you know, big geopolitical issues. But the vast majority of those things that I've just mentioned are at the very tip top of the pyramid, because most actors don't have those capabilities to do that. And so there's this entire rest of the pyramid that sometimes gets relegated to just quote unquote Trust and Safety, but is a serious security issue, right? Where, what happens when certain people get their life savings completely drained by a spam caller? What happens when a teenager gets swatted? Because somebody wanted to pull a prank on them or steal their Twitter password. Right. And it's just a wider societal issue that I think doesn't get talked about enough.
And there's all of these harms that result from it.
Michaela
Yeah. Two things to pull out there. Totally agree with you both Winnona and Dani that there are, there are some pervasive harms to certain populations that I think aren't fully addressed. And part of it is because those populations are less likely to report an incident or know what resources they can access for remedy.
And that includes victims of revenge porn, children, or folks under the age of 18, and the elderly. They don't know how to, they don't, they may not even know what happened and they might not know who to report it to or what kinds of remedy are possible. And then in addition, I think the point that Winnona raised about the big game hunting, CISA’s alert in February noted a trend away from big game hunting and more towards, uh, ransomware groups and other cyber attackers shifting toward mid-sized victims to reduce scrutiny after Colonial Pipeline and JBS foods, there is a lot more attention from the FBI, CISA, and others to find out who these attackers are. But if you don't have a big company name and a lot of firepower behind you, as some small businesses might not have, um, these are the new target victims for a lot of these attacker groups.
Bethan
It's an interesting, um, paradigm shift too, because yeah, you look at like JP Morgan getting hacked, um, at the minimum, um, and you know, the millions and millions of dollars and regulatory changes and hiring that they went through to address this massive vulnerability, but that did have an impact on people who had bank accounts with JP Morgan or had their savings or their 401k. And so it's one of those questions of these massive companies who have a huge amount of money. And then the disparate impacts of yeah this, this evolving threat to impact these smaller organizations of business who don't have the same resources.
So I'm curious how you think about the evolution of these threats and the disparate impacts, and if there needs to be a change in conversation surrounding yeah the impact of ransomware, um, and an evolving trend.
Michaela
Yeah, it really gets to a question of how we think about vulnerability and resilience. And I think it requires a change in our mindset away from this framing of it being a war where there's an adversary and there's a defender.
I think that really limits our ability to understand what's actually happening and understand the vulnerabilities that are seeping into every part of our societal infrastructure. I think a different analogy that might be helpful here is thinking about climate change and the vulnerabilities in that space where we understand that climate change does not affect all groups of people equally. And there are different dimensions of climate risk. There are people who might be living in low lying island nations that are threatened by rising sea levels that other people living elsewhere might not be threatened by or certain indigenous groups that are affected by natural disasters when they depend on certain resources for hunting and fishing and transportation.
And there's an interesting analogy to cyberspace where I wonder, who are those types of vulnerable populations when it comes to the digital space? How do we think about vulnerability in that environment? And therefore, how should we think about resilience measures? What are the things that we can do to better equip people to defend their own systems and take care of their own information and accounts, but also think about what recovery looks like if something dramatic happens.
Grace
I think that analogy works on a number of levels. Um, like with climate change at first, it was a communication problem where people didn't know that it was a problem.
So spreading the word. I think that's kind of where we're, where we're at, where there are people have kinda who we've heard about there being threats out there. But I would say the vast majority of people who use technology every single day, don't understand how much threat there is out there.
Winnona
Or know how to use technology.
Grace
Right. That's true too. Yeah. I, I mean the amount of times that as the course assistant here, I've had to help a professor out. Um, and yeah, I, I think like, I mean, yeah, you guys are much nicer than I am. I think my point is that it doesn't matter how smart you are, how much education you have. You can still be vulnerable to these types of attacks.
Um, So what I think kind of like how now the climate change is much higher on sort of the agenda, like the political agenda worldwide. Um, and there's so much disinformation around it. I think there'll be, there's also a threat of that happening with cyber attacks and how we can best approach those issues.
Like, something that we've talked about is like in previous episodes is if there are policy makers who don't actually understand this issue very well sort of ringing the bell saying that this is a problem, but then also, um, recommending changes that wouldn't actually be very helpful or just spreading disinformation even accidentally.
I think that there is a threat of that happening without enough, um, just a base of knowledge across the spectrum.
Dani
I'm not sure that, um, policy makers are sufficient, I think, to bring us to this space where we're understanding these disparate impacts. I think about climate change as being the example we're using, but also COVID, where there are much more mature and well-developed discussions of disparate impacts.
Those seem to me to have happened largely from a grassroots level where you have really strong community advocacy. Um, voices saying, “Hey, don't forget about this population over here when you're designing a solution.” And I wonder where those voices are, uh, when it comes to cybersecurity and, and I'd be curious, and you had an instinct on, um, why the disparate impacts discussion hasn't evolved in cybersecurity in quite the same way that it has in some other fields.
Winnona
So I..
Dani
And maybe you disagree with my characterization.
Winona
No, no I don’t disagree at all. Um, I actually think we might be using… Because cyber is made up of all of these different analogies. Let me actually put forward another one. Um, and you know, the resident hacker community expert, not really expert…
Grace
I’d like to point out that Winnona is currently wearing a black hoodie.
Winnona
As, as the resident InfoSec person in the room, Um, I do want to point out that this type of shift in how we perceive cyber has happened before. Um, specifically if y'all haven't read the Cuckoo's Egg, uh, it was published in 1989. Uh, it's this phenomenal book about this astronomy researcher at Lawrence?
Uh, I think Lawrence Lewis, no, no, no Lawrence Berkeley national laboratory. And how he ends up tracking this, um, Soviet led operation out of west Germany, hacking operation, that's stealing national secrets, um, through the national labs, MITRE, all of these other, uh, computers that are networked together. Um, and one of the first things he does is go to the FBI, back in 1987 and they say, I'm sorry, we're not going to do any investigation of this because there's no monetary loss attached. And so going from where cyber, uh, or how, you know, the United States policy on cyber was mostly related to monetary cyber crime, to more of an espionage led focus has taken us this, you know, almost 30 years at this point.
Um, and, and it's expanded the worldview of, of how policy makers perceive cyber. And I think that fundamentally what Michaela is implying is that another shift needs to occur and new policy levers and mechanisms and organizations need to be brought up to be able to deal with this broadening of what we see as cyber, because it's not just cyber crime, it's not just espionage.
It's about the harms and the day to day, uh, impacts of the digital world on the everyday human being, which I think that fundamentally criminal and, uh, espionage based or reactive policy isn't equipped to handle at the moment.
Michaela
Totally agree. And I, I'm very excited about the evolution of this space and where it could go.
I think, to make this happen, we required two different shifts. One, we need people who are currently within the cyber community. Those who are technical experts and thinking about it in a more warfare- like way. We need them to start thinking differently and better understanding the human impact of these questions.
And we also need people outside of the cyber environment currently, to train up on this. We need civil society organizations to better understand the digital world in which the people that they're trying to advocate for and defend, um, are operating in. We see a little bit of this happening with some civil society organizations like EFF, the Electronic Frontier Foundation, as well as Access Now and the ACLU.
They are moving into this space and becoming experts on how human rights intersect with technology and cybersecurity. But on the whole, there's still a huge gap for other types of stakeholders to better understand what these impacts are and contribute to, um, to an understanding and assessment of what types of populations are impacted here, what that looks like, and how we build resilience.
In my view, there's a lot of work still to be done.
Winnona
And it's also hard for these organizations, especially civil society organizations to even think about how to better protect their, uh, you know, representative populations or activists in the digital space, given how little training that they have on it.
And so Access Now, uh, specifically, and other institutions do phenomenal work, but they can't be the only institutions doing that, especially because they're just three, four, especially like non-profit advocacy organizations, there needs to be something a little bit more sustainable to help your everyday person or the more vulnerable people, uh, that we're mentioning in this podcast.
Bethan
Yeah. It's almost a privilege in a way to be able to think about these things. I think going back to, I know we have a lot of analogies here, but going back to that climate change analogy, like thinking about the direction of advocacy, like climate change began as a, an elite problem, right? Like you had. Al Gore and celebrities talking about this. And it's only recently that we've begin, we've begun to talk about vulnerable populations and their impact. Like there, we are only now centering those voices. I would say arguably in the last few years, being generous. Um, and this, this began as a problem that people who were, who had the privilege to think big thoughts and weren’t trying to focus on getting food on the table every day. Um, and, and so, yeah, right. Like to Winnona’s point, these nonprofits who have so many other things, these vulnerable populations who are truly thinking about surviving day to day or dealing with their actual mission. Well, the actual mission. Exactly. And whereas a lot of, uh, you know, either massive companies with millions of dollars or academics are up in our ivory tower, thinking about these bigger issues or, you know, these larger risks that are heavily technology-based and expensive and require a lot of niche resources.
I think that's a much broader issue that doesn't just apply to, to cyber attacks or threats, but also bigger issues like climate change.
Grace
Yeah. I kinda want to push back just slightly on the climate change part of it, because I think it wasn't necessarily that only like people like Al Gore and, I don't know, Leonardo DiCaprio had the time and resources to think about it. I would say the indigenous communities were certainly ringing the bell and there, I mean, like the environment that they know and understand was crumbling before their eyes. And were trying to ring the bell and, um, create awareness around it. Um, and I agree with you that their voices were heard so, so much later, but it's, I don't think it's like a lack of like analysis or understanding of the problem.
Bethan
Absolutely not. Yeah, that was definitely not what I was meaning to say. It's just no one, they've been talking about, these indigenous communities, have been talking about this for years, decades before. And it's only when you have these people with immense privilege, power and money that the world starts listening.
Grace
Yeah. I, I think I've never actually thought about, um, cyber threats as a grassroots issue. Um, Dani and I think that is a really interesting, um, way to sort of reframe my own thinking on it.
Um, I have a little bit of background doing grassroots organizing and political organizing, um, back when I was in undergrad and, um, the whole concept of grassroots organizing is empowering people and, um, providing them the capacity and resources to improve their own communities and, and, and create change in their own, in their own worlds and not like a top-down, but a bottom up way, right. And I, I think that that is exactly what we're talking about here. And that's the only way that this can actually, that we can actually lessen these threats.
Winnona
I mean, I, I agree with you.
Grace
Kinda sounds like you don’t.
Winnona
Hear me out! I agree in that bottom up is entirely necessary and that these communities need to learn. Be given the resources, frankly, to better protect themselves. But some of the benefits of technology is that top-down is also possible, right? The centralization of tech products, one of the benefits of having G suite, uh, you know, Gmail and Drive and Android is that they're all being protected by the same security organizations. Right. Um, but could also be a vulnerability. It could, it could be a vulnerability. You're right. Um, but the ability for these large big game hunting type targets or organizations to protect themselves ultimately means that they are protecting large swaths of users. So, you know, one of the benefits of signing up for 2FA or certain types of security is that you're being protected across multiple, uh, potential targets. Um, and I just wanted to point that out because it's not just like ivory tower stuff, right. It's not just like, oh, we're only going to protect ourselves. Fundamentally, like some of it does trickle down. It's just not enough.
Dani
I'm struck listening to you both that I think there's a real space of overlap between both of those approaches. So in large tech companies, the idea of, um, what Grace is talking about, this sort of grassroots understanding, for us by us organizing is sort of baked into the product management cycle.
That's the idea of understanding your customer's user journey. Um, and you have to do that through deeply, deeply understanding your customer. I think that's the value of grassroots organizing. You understand the quirks in how people use technology. The most likely ways that tech is going to fail for them and the most likely they are going to fail to use it in a safe and secure way.
And, you know, uh, whatever the cadence is that a Google or whoever's doing the user journey. The key is that whether it's top down or bottom up, that connection has to be constant enough that the product really is for and by every community that is using it. Um, and that can be through members of that community being Google employees–we’re continuing to use Google as example here, since Winnona brought it up–you know, being Google employees or it can be because there's a line of communication there and, you know, representatives and members and activists within that community are, are deeply embedded in the process of understanding their, you know, Google's products and then translating that for their community, as well as translating back to producers, the reality of how those products are being used.
So I think there's, um, as I said, a sort of middle ground where one can be the other, um, and it's not top down or bottom up. Um, it's both.
Winnona
Dani just doesn't want us to fight on camera or on mic.
Grace
Well, I don't think we're really disagreeing though. Well, I mean, I also think that we shouldn't fight cause I’ll lose… But I, I think, yeah, I think that this is more, I think that we're more in agreement than yeah than it seems because it's, it's more about. I think I'm more worried that large companies have so much power, like, like the tech companies right now that, um, if they didn't want to care about the customers, it's honestly possible, because they, I mean, their products are something that I use every single day, everyone really needs.
Um, and I think also though, if they didn't give a rat's ass about the users, then the users will also stop using their products and eventually they will lose their power. So I do think like there is like an incentive mechanism, both ways, um, to, to both hear and be heard.
Dani
Yeah. One of the things that, um, I keep coming back to since the beginning of COVID is, um, I'm from New York and when they rolled out the response, one of the things they included was, um, help for people with substance abuse issues, who they realized were going to be stuck at home, nothing to do. And were in significant, significant risk of relapsing. And that was just mind-blowing to me, because I was thinking like, oh God, we're in a pandemic like Businesses, Health, Groceries. Like that particular need was so far from my consciousness. And I have to assume it was so far from most people's consciousness in City Hall, and yet they clearly had somebody on their team who was there to represent that community. And could anticipate like, even while all these other fires are burning, here's this other thing that is going to impact your community, that you need to worry about.
And like, that's the kind of real representation and, and grassroots voice that I think needs to be present when you're talking about cybersecurity, because there will be unique use cases that impact a certain population that everybody else is blind to. Unless somebody in the room is voicing those needs.
Grace
Michaela, what can we do about this ?
Michaela
Dani’s point really illustrates how important it is to, to center our understanding of these issues on people. As opposed to thinking about systems first and then thinking about people on the margins. That's not a sustainable way to look at this problem. We really have to center these questions on the impacts on people and on communities. It really is going to take baby steps though, because we're not even close to understanding the impacts and dis-aggregating those impacts across different types of communities.
So my impassioned plea would be to start by measuring these impacts and building up our arsenal of dis-aggregated data that can better inform policy decisions in this space.
Winnona
More advocates, more advocates, and more training. I think the more resources and training that we're able to bring vulnerable and less digitally literate individuals into the population.
And the more ways that we can do that without having single points of failure. I think the better off society can be.
Dani
Diverse product managers. I'm going to keep saying it!
Grace
Um, yeah, I mean, I think it's, like you said before, Winnona, it's not just cyber people talking about cyber threats or InfoSec it's… This is going to affect everybody. If you have a phone, if you use a computer it's going to affect you. And even if you don't.
Bethan
We saw with it with the story at the beginning of September, a woman who probably wasn't on an iPhone every day and she was still, the worst impact possible. Right. She lost her life as a result. And so none of this is isolated and we're all so interconnected that we have to think of a new, a new framework.
Michaela
And I'll just say at the end here that these risks and vulnerabilities are going to continue to evolve as the space evolves. So the challenges that we're seeing today with attacks to critical infrastructure and ransomware, that might not be the priority problem that we're dealing with in five years or 10 years.
And so we're going to have to continue thinking about what comes next and how to anticipate the ways in which new threats might impact vulnerable and marginalized populations.
Bethan
As if we don't have enough on our plate!
Michaela
But excited for it, excited for the challenge and really appreciate having this conversation with all of you.
So thank you.
CLOSER
Winnona
Thanks for listening to Cyber.RAR, a podcast by Harvard Kennedy school students. Given that this is a student led program, this podcast doesn't represent any views of any institution or even our own thoughts after we finished recording this episode on May 2nd, 2022. We're all just students learning everyday, trying to navigate this murky area of cyber policy and stay tuned for more episodes and discussions.
Michaela
If you or anyone else, you know, might be at risk of an attack or targeting in any way, we've put some resources in the show notes that point you towards best practices, guidance and organizations that are looking out for people who might have digital security needs. So take a look at those. Thanks.