When the World Economic Forum convened last week in Davos, Switzerland, two of Northeastern’s research priorities—environmental resilience and cybersecurity—were listed among the top global threats of 2018.
But conference leaders also warned that conventional methods of addressing these threats won’t be enough. They emphasized that the challenges facing the modern world are so interconnected that solutions will require a systems approach.
This is exactly the type of thinking that led to the founding of Northeastern institutes focused on global resilience, network science, and cybersecurity.
“Our systems used to be localized and failure would cause localized disasters,” says Stephen Flynn, founding director of Northeastern’s Global Resilience Institute. “But now they are all interconnected. So while we need to continue looking at the science of the hazard itself, we also need to look at how the natural environment interacts with the systems built by humans.”
Hurricanes, earthquakes, wildfires, crop failures—natural disasters are the top threat facing the world today, according to the 2018 Global Risks Report released at last week’s Davos conference. And natural disasters are becoming more frequent and more severe.
“We can’t stop hurricanes and earthquakes, but we can be ready when they happen,” says Flynn. “We need to get out in front of these issues so we can bounce back quickly.”
This is why Flynn created the International Disaster Assessment program, through which a team of experts from a range of fields flies into disaster areas, assesses the damage, and devises ways to prepare more effectively for the future.
“Our goal is to turn recent disasters into teachable moments,” says Flynn. “The response is so often, ‘Who knew?’ But the fact is, we can figure how to respond to these disasters in advance.”
So when Boston was pummeled with the worst series of winter storms in its history, Flynn’s team came up with a plan to make the city more resilient.
“Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated. But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies, and the environment.”
The storms, which began on Jan. 24, 2015, dumped a crippling 94 inches of snow on Boston in just 30 days. The entire mass transit system closed down on three occasions, affecting 3.3 million daily commuters. Businesses closed, roofs collapsed, hospitals operated short staffed, and home healthcare workers couldn’t get to their assignments. To clear the roads for traffic city workers had to plow 25 million tons of snow, enough to fill the Patriots stadium 90 times.
By the time the city dug itself out, there had been an estimated $2 billion in economic damage.
The team’s analysis of “snowmageddon” produced a host of lessons that can be applied to communities far beyond Boston. It suggested modifications to federal regulations restricting funds for prolonged disasters, and underscored the importance of targeting early relief to poorer neighborhoods that house many of the blue-collar workers who make critical repairs and provide essential services needed for disaster recovery.
Possibly the most important lesson was the need to create computer modeling systems to guide pre-disaster planning. The goal would be to create detailed maps of each complex system—electricity, water, transportation, health, wastewater—and identify the key points in each of these systems.
“The solution lies in visualization tools and gaming programs so that the people responsible for planning could run ‘What if?’ scenarios,” says Flynn.
The ultimate goal is to determine the specific points in each system that are most critical to getting it up and running again.
It would also make it possible to identify the points where key systems intersect and can potentially cause a “cascading effect” of collapse across multiple systems.
“Everything is so interconnected now, that you no longer have to be in the crosshairs of a disaster to feel its effect.”
For example, when wildfires ripped through huge portions of western U.S. and Canada in 2016, Flynn’s group also conducted a post-disaster analysis and its “lessons learned” report was used to improve the response to the wildfires and deadly mudslides outside Los Angeles earlier this year.
What they found was that the 2016 fires did much more than destroy the houses and businesses in their paths. They also wiped out power and water systems that affected thousands of people untouched by fire, while closing down shipping lines that disrupted supply chains for business throughout the world.
“Everything is so interconnected now, that you no longer have to be in the crosshairs of a disaster to feel its effect,” says Flynn.
Flynn’s work dovetails nicely with the hard science approach of Northeastern’s Network Science Institute, which uses statistical physics to determine how complex systems—both natural and manmade—interact with one another. The work of the two co-directors, both endowed physics professors, provides a window into the type of groundbreaking work the institute has undertaken.
Alessandro Vespignani focuses on how technological and social systems interact. He created a computational model for predicting the spread of the Ebola virus and other deadly diseases by combining detailed analysis of the overlapping systems of disease biology, transportation, migration, and cultural beliefs. This model is being used to recommend specific changes to both human and biological systems that will help slow the spread of disease.
Albert-László Barabási has developed a complex mathematical model to predict system collapse. His model applies to both biological systems and technological systems, such as complex power grids. It analyses millions of variables to identify a system’s tipping point and reduces thousands of measurements to a single number that indicates the point of system collapse. The goal is to create an early warning system so we can take preventive measures before it’s too late.
When it comes to cybersecurity, the statistics compiled by the Davos conference are staggering: In 2016 alone there were more than 4 million data records compromised and 357 new malware variants released. Meanwhile, the number of interconnected devices in the world is expected to increase from 8.4 billion today to 20 billion in 2020.
“Cyber is in everything—airplanes, hospitals, weapons systems, public transportation,,” says John Manferdelli, executive director of Northeastern’s Cybersecurity and Privacy Institute. “And none of those systems were built with cybersecurity in mind.”
He points out that there are disincentives—both psychological and economic—to developing strong security.
“Cyber is in everything—airplanes, hospitals, weapons systems, public transportation—and none of those systems were built with cybersecurity in mind.”
“Engineers are good at creating the complex systems we all rely on, but their goal is to make them work, not to figure out how others can make them fail,” says Manferdelli. “The last thing they want to do is find the 50 ways someone can get in and damage them.”
An even stronger disincentive is economic. To create cybersecurity, companies must hire a separate team to find the weak spots in the system. That’s expensive.
“So customers have to be willing to pay more money for your product than for the competing product that works just as well but isn’t cybersafe,” he says.
Tech security crosses over into many other complex systems. For example, Manferdelli notes the justice system has no enforcement mechanism to punish cyberthieves who used phishing scams to steal sensitive personal and business information. Nor is there any way to follow the money trail in ransomware attacks because of the proliferation of bitcoin as a black market monetary system.
The stakes are enormous, says Manferdelli, citing the May 2017 WannaCry attack that crippled companies, banks, and power grids in 150 countries, including a large portion of the British healthcare system. Fortunately, the shutdown was short-lived thanks to the discovery of a “kill switch” that disabled the attack.
But we may not be as fortunate next time—and Manferdelli notes the goals of the attackers could escalate to weapon systems and government intelligence.
This is more than just a theoretical concern. Earlier this month, the world was rocked by news of two major vulnerabilities—Meltdown and Spectre—which make virtually every modern computer and internet of things device vulnerable to hackers. Both flaws reside in computer architecture and allow hackers to slip through security walls to steal passwords and other sensitive information.
“The internet of things is embedded into every aspect of our living—from refrigerators to entire water and transportation systems,” says Flynn. “Increased connectivity creates convenience, but it also creates a system where disasters can cascade in ways we’ve never experienced before and don’t have a firm grip on. Only a comprehensive ‘system of systems’ approach will allow us to deal with the mounting risks associated with this.”