All of a sudden, the dream of digital possibilities has turned into a frightening experience. It has obviously dented the confidence of the people in the digital infrastructure in handling critical affairs. In the aftermath of losing US$100 million in the biggest-ever cyber robbery, responsible people are blaming each other over the handling of the incident which may be likened to a tsunami or earthquake. Some officials have also been fired. Now, what measures should the government of Bangladesh take to combat information security menaces?
Like a coin, cyber security threat has two sides. The heist of US$100 million of foreign currency reserves of the Bangladesh Bank (BB) from the account of the Federal Reserve Bank of New York has exposed the devastating side of the coin, traumatising the whole nation. Although this is one of the largest known bank thefts in history, this is not an isolated incident. Cyber-security, which involves protection of both data and people, is facing multiple threats, notably cyber-crime and online industrial espionage, both of which are growing rapidly. According to The Economist, a recent estimate by the Centre for Strategic and International Studies (CSIS), a think-tank, puts the annual global cost of digital crimes and intellectual-property thefts at $445 billion-roughly equivalent to three times the GDP (Gross Domestic Product) of Bangladesh.
The other side of the coin opens up immense opportunities to innovate solutions for making it harder for digital thieves or robbers to compromise security. Information security is a big business not only for miscreants, but also for companies engaged in developing gears to make it harder for thieves to break digital security locks. According to different estimates done by reputed organisations, including Gartner, total global spending on information security would have increased by 4.7 per cent by the end of 2015, taking the figure to $75.4 billion-roughly equivalent to half the size of the GDP of Bangladesh. The lion share of this $75 billion originates from software and services. So, in addition to investing in protection from cyber security threats, should Bangladesh also make investment to take opportunities of this global business of innovating and commercialising cyber security guards?
There are many examples, across the world, to draw lessons from. The United States was puzzled to find solution to set the direction of the 2nd World War in their favour, which led to the creation of deadly nuclear bombs. But the same effort created the nuclear power industry, which is gradually becoming base power solution in many countries, including Bangladesh. During the Cold War period, the US had an impending threat of missile attacks from former Soviet Union and other countries, including neighbouring Cuba. To deal with this threat, the US invested in expanding science knowledge base, inventing technology and innovating solutions, which not only created large defence industry, but also supported innovations for diverse civilian applications, leading to the formation of firms and industries around them. The well-known software supremacy of the US has roots in developing national capacity to develop air defence system to protect it from impending Soviet missile attacks.
The importance of software for the demands of Cold War defence, especially strategic air defence during the 1950s, meant that the software industry received considerable support from the US Federal R&D and procurement funding throughout the post-war period. It's worth noting that R&D investments were primarily made around academic institutions like the Massachusetts Institute of Technology (MIT), and solutions innovated around academic R&D were procured from companies residing in Route 128 of Boston, which span off from such academic R&D activities. Such Federal support for creation of this ecosystem provided important benefits to the commercial US software industry. Through smart investment made to deal with threat, the US has created a large software industry for civilian applications, making it an engine for economic growth and employment. The civilian software production of the US has grown to over US$500 billion, almost 2.5 per cent of GDP, creating direct 2.5 million jobs.
The use of software also has increased the productivity of other industries, thereby contributing to the growth of their production. Analysis shows that software accounted for 12.1 per cent of all US labour productivity gains from 1995 to 2004 and 15.4 per cent of those gains from 2004 to 2012. Should we not learn the necessary lesson from a series of rational decisions the US made to leverage from investment made to deal with national security threat to create a large economic opportunity?
Following this episode of cyber security compromise, making Bangladesh the victim of one of the known largest bank robberies, many vendors will line up to propose foreign products as solutions to government departments, financial institutions and many other organisations. There is no doubt that demand for budget will increase by many folds, in both public and private organisations. The country will start pumping millions to buy information security products. Should we just focus on procuring foreign products or start creating national capacity to make smart choices of adopting those solutions, adapting them as well to fit our purpose better, and most importantly, building capacity to innovate next generation solutions not only just to address our problems, but also helping other countries as well?
Should we draw lesson from Canadian icon of inspiration and hope Terry Fox? In 1980, with one leg having been amputated for cancer, he embarked on a cross-Canada run to raise money and awareness for cancer research. Upon being victim of cyber attack, should we build the capacity to innovate solutions not only to protect us, but also to protect the whole human race? Being blessed with millions of students, it is now Bangladesh's opportunity to invest in developing human capability to deal with information security threat and building the ecosystem to turn that capability into innovative products and services to empower the country and the whole world to deal with this impending threat, making the path of leveraging digital possibilities safe and secured.
Bangladesh should not miss this opportunity to build the foundation to spur innovation-led economic growth. Instead of just buying off the shelf products, sending officials for foreign trips in the name of training, and engaging foreign consultants, Bangladesh must focus on building the epicentre of information security innovation and entrepreneurships around universities-which may take a decade to start producing tangible results. But this is the only option we have to turn cyber security threat into the opportunity of growth for us-like the way many smart nations have turned critical impediments to new engine of economic growth.
The writer, an academic, researcher and activist in the field of technology, innovation and policy, is Professor, Department of Electrical and Computer Engineering, North South University.