England is about to take a huge gamble.
On Monday, July 19, the country is ditching all of its remaining pandemic-related restrictions. People will be able to go to nightclubs, or gather in groups as large as they like. They will not be legally compelled to wear masks at all, and can stop social distancing. The government, with an eye on media coverage, has dubbed it “Freedom Day,” and said the lifting of safety measures will be irreversible.
At the same time, coronavirus cases are rapidly rising in the UK. It recorded over 50,000 new cases on Friday, and its health minister says that the daily figure of new infections could climb to over 100,000 over the summer.
In theory, a full reopening during a surge in cases sounds like a combustible mix. But the UK government is betting that this time won’t be like the others because of its vaccination program.
Researchers say it’s extremely difficult to predict what will happen next, with multiple overlapping, complex factors at play. So let’s examine what we know, what we don’t know, and what we need to keep an eye on over the coming weeks.
What we know: the vaccines are working
The UK’s vaccination program is still under way, but it has been broadly successful so far. In all, 52% of the adult population is fully vaccinated, and about 87% of adults have received their first dose (this includes the 52% who have had both doses). Just 6% of Brits are hesitant about getting a shot, according to the Office for National Statistics.
There is still plenty of cause to be nervous, however. The country is months away from fully inoculating the entire adult population. Young people are particularly vulnerable; the over-18s have only just started to receive their first doses, and only a quarter of 18- to 39-year-olds have had both shots. And unlike the US and much of Europe, the UK has not started vaccinating children.
“That’s dangerous,” says evolutionary virologist Emilia Skirmuntt. “We need to vaccinate teenagers urgently, especially before they return to school in September.”
This matters because the overwhelmingly dominant strain of covid-19 in the UK right now is the delta variant. While fully vaccinated people have relatively little reason to worry about delta—with both Pfizer and AstraZeneca vaccines offering over 90% efficacy against hospitalization, according to data from Public Health England—the variant is bad news for those who have only had one shot or are unvaccinated.
It’s about 60% more transmissible than the alpha variant, which was previously dominant in the UK, and almost twice as likely to lead to hospitalization, according to Scotland’s public health body. A single dose of either the AstraZeneca or the Pfizer vaccine is just 33% effective against the delta variant, versus 50% for alpha, says data from Public Health England.
“This reopening is going to lead to a lot of avoidable damage,” says Deepti Gurdasani, a clinical epidemiologist at Queen Mary University of London. “We should be halting easing up until all adults and adolescents have been offered both doses of the vaccine.”
What we don’t know: when cases will peak
It’s clear that the UK is experiencing yet another wave of the pandemic. What we don’t know is just how bad it’s going to get—or how lifting restrictions will change that. Even the top experts in the field can’t say for sure.
“It is very hard to know what is going to happen after July 19,” says Graham Medley, professor of infectious disease modeling at the London School of Hygiene & Tropical Medicine and chair of SPI-M, a group of scientists that advises the UK government on pandemic modeling.
A lot depends on public behavior, and that is notoriously very tricky to predict. While some will enjoy their newfound freedoms with gusto (a tendency that was on full display last weekend during the final of the European soccer championships), others will be far more cautious.
Many people are frustrated at the ditching of masks, one of the most basic and effective public health measures. An Ipsos Mori poll found that a sizable majority of British people plan to continue to wear masks in stores and on public transport. If people follow through on this, it may help curb the spread somewhat: Israel, which also has high vaccination rates, had to reimpose mask-wearing indoors last month in the face of a steep rise in cases.
Regardless, it is very likely that cases will continue to rise for at least a few days, if not a few weeks. And that means more hospitalizations and deaths are inevitable, according to Medley. The big question is how high this wave gets.
In a webinar on Thursday, Chris Whitty, the chief medical officer for England, said the country could see “quite scary numbers again” and “get into trouble again surprisingly fast.”
But the government seems to be betting that not all numbers are equally scary. It hopes that hospitalizations will stay low enough to stop the National Health Service from being completely overwhelmed. It is making the assumption that the link between cases and hospitalization rates has been weakened, if not broken.
“This wave is very different to previous ones,” says Oliver Geffen Obregon, an epidemiologist based in the UK, who has worked with the World Health Organization. “The proportion of hospitalization is way lower compared to similar points on the epidemic curve before the vaccination program.”
But not everyone agrees. NHS bosses are already sounding the alarm over capacity, and more than 1,200 scientists have signed a letter in The Lancet arguing that Britain should care about the huge rise in infections, regardless of the rates of deaths and hospitalizations.
Gurdasani, the epidemiologist, is one of them.
“Cases matter,” she says, pointing to two main dangers: the increased chance that large numbers of people will develop long covid, and the risk of new, vaccine-dodging variants.
What we know: more people will get long covid
The UK already has a significant problem with long covid. More than two million adults may already have—or have had—complications that persist for 12 weeks or more, according to a major study from Imperial College London. But long covid is poorly understood, with over 200 symptoms ranging from fatigue to shortness of breath to memory issues, according to the largest study of it yet, recently published in The Lancet.
About one in 10 of those who catch covid-19 go on to develop long covid, according to the WHO. That means if another million people in the UK get sick during this wave—a plausible scenario by most estimates—there could be another 100,000 people with long-term issues.
Whitty is worried. “I think we will get a significant amount more long covid, particularly in the younger ages where the vaccination rates are currently much lower,” he said on July 6.
That could place huge pressure on the NHS, businesses, and society in general, not to mention causing untold misery for vast numbers of individuals.
“Some symptoms may persist for years, and there’s a chance we’re exposing a whole generation to very bad health for the rest of their lives,” says Skirmuntt.
What we don’t know: whether this could all spawn another dangerous variant
The big fear for many experts is that the government’s approach is creating an ideal breeding ground for the emergence of a vaccine-resistant variant.
On July 5, Steve Paterson, co-director of the Centre for Genomic Research at the University of Liverpool, summed up the concerns in a tweet: “Letting a virus rip through a partially vaccinated population is exactly the experiment I’d do to evolve a virus able to evade immunity.”
This AI could predict 10 years of scientific priorities—if we let it
The survey committee, which receives input from a host of smaller panels, takes into account a gargantuan amount of information to create research strategies. Although the Academies won’t release the committee’s final recommendation to NASA for a few more weeks, scientists are itching to know which of their questions will make it in, and which will be left out.
“The Decadal Survey really helps NASA decide how they’re going to lead the future of human discovery in space, so it’s really important that they’re well informed,” says Brant Robertson, a professor of astronomy and astrophysics at UC Santa Cruz.
One team of researchers wants to use artificial intelligence to make this process easier. Their proposal isn’t for a specific mission or line of questioning; rather, they say, their AI can help scientists make tough decisions about which other proposals to prioritize.
The idea is that by training an AI to spot research areas that are either growing or declining rapidly, the tool could make it easier for survey committees and panels to decide what should make the list.
“What we wanted was to have a system that would do a lot of the work that the Decadal Survey does, and let the scientists working on the Decadal Survey do what they will do best,” says Harley Thronson, a retired senior scientist at NASA’s Goddard Space Flight Center and lead author of the proposal.
Although members of each committee are chosen for their expertise in their respective fields, it’s impossible for every member to grasp the nuance of every scientific theme. The number of astrophysics publications increases by 5% every year, according to the authors. That’s a lot for anyone to process.
That’s where Thronson’s AI comes in.
It took just over a year to build, but eventually, Thronson’s team was able to train it on more than 400,000 pieces of research published in the decade leading up to the Astro2010 survey. They were also able to teach the AI to sift through thousands of abstracts to identify both low- and high-impact areas from two- and three-word topic phrases like “planetary system” or “extrasolar planet.”
According to the researchers’ white paper, the AI successfully “backcasted” six popular research themes of the last 10 years, including a meteoric rise in exoplanet research and observation of galaxies.
“One of the challenging aspects of artificial intelligence is that they sometimes will predict, or come up with, or analyze things that are completely surprising to the humans,” says Thronson. “And we saw this a lot.”
Thronson and his collaborators think the steering committee should use their AI to help review and summarize the vast amounts of text the panel must sift through, leaving human experts to make the final call.
Their research isn’t the first to try to use AI to analyze and shape scientific literature. Other AIs have already been used to help scientists peer-review their colleagues’ work.
But could it be trusted with a task as important and influential as the Decadal Survey?
Securing the energy revolution and IoT future
In early 2021, Americans living on the East Coast got a sharp lesson on the growing importance of cybersecurity in the energy industry. A ransomware attack hit the company that operates the Colonial Pipeline—the major infrastructure artery that carries almost half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of their computer systems had been compromised, and unable to be certain about the extent of their problems, the company was forced to resort to a brute-force solution: shut down the whole pipeline.
The interruption of fuel delivery had huge consequences. Fuel prices immediately spiked. The President of the United States got involved, trying to assure panicked consumers and businesses that fuel would become available soon. Five days and untold millions of dollars in economic damage later, the company paid a $4.4 million ransom and restored its operations.
It would be a mistake to see this incident as the story of a single pipeline. Across the energy sector, more and more of the physical equipment that makes and moves fuel and electricity across the country and around the world relies on digitally controlled, networked equipment. Systems designed and engineered for analogue operations have been retrofitted. The new wave of low-emissions technologies—from solar to wind to combined-cycle turbines—are inherently digital tech, using automated controls to squeeze every efficiency from their respective energy sources.
Meanwhile, the covid-19 crisis has accelerated a separate trend toward remote operation and ever more sophisticated automation. A huge number of workers have moved from reading dials at a plant to reading screens from their couch. Powerful tools to change how power is made and routed can now be altered by anyone who knows how to log in.
These changes are great news—the world gets more energy, lower emissions, and lower prices. But these changes also highlight the kinds of vulnerabilities that brought the Colonial Pipeline to an abrupt halt. The same tools that make legitimate energy-sector workers more powerful become dangerous when hijacked by hackers. For example, hard-to-replace equipment can be given commands to shake itself to bits, putting chunks of a national grid out of commission for months at a stretch.
For many nation-states, the ability to push a button and sow chaos in a rival state’s economy is highly desirable. And the more energy infrastructure becomes hyperconnected and digitally managed, the more targets offer exactly that opportunity. It’s not surprising, then, that an increasing share of cyberattacks seen in the energy sector have shifted from targeting information technologies (IT) to targeting operating technologies (OT)—the equipment that directly controls physical plant operations.
To stay on top of the challenge, chief information security officers (CISOs) and their security operations centers (SOCs) will have to update their approaches. Defending operating technologies calls for different strategies—and a distinct knowledge base—than defending information technologies. For starters, defenders need to understand the operating status and tolerances of their assets—a command to push steam through a turbine works well when the turbine is warm, but can break it when the turbine is cold. Identical commands could be legitimate or malicious, depending on context.
Even collecting the contextual data needed for threat monitoring and detection is a logistical and technical nightmare. Typical energy systems are composed of equipment from several manufacturers, installed and retrofitted over decades. Only the most modern layers were built with cybersecurity as a design constraint, and almost none of the machine languages used were ever meant to be compatible.
For most companies, the current state of cybersecurity maturity leaves much to be desired. Near-omniscient views into IT systems are paired with big OT blind spots. Data lakes swell with carefully collected outputs that can’t be combined into a coherent, comprehensive picture of operational status. Analysts burn out under alert fatigue while trying to manually sort benign alerts from consequential events. Many companies can’t even produce a comprehensive list of all the digital assets legitimately connected to their networks.
In other words, the ongoing energy revolution is a dream for efficiency—and a nightmare for security.
Securing the energy revolution calls for new solutions equally capable of identifying and acting on threats from both physical and digital worlds. Security operations centers will need to bring together IT and OT information flows, creating a unified threat stream. Given the scale of data flows, automation will need to play a role in applying operational knowledge to alert generation—is this command consistent with business as usual, or does context show it’s suspicious? Analysts will need broad, deep access to contextual information. And defenses will need to grow and adapt as threats evolve and businesses add or retire assets.
This month, Siemens Energy unveiled a monitoring and detection platform aimed at resolving the core technical and capability challenges for CISOs tasked with defending critical infrastructure. Siemens Energy engineers have done the legwork needed to automate a unified threat stream, allowing their offering, Eos.ii, to serve as a fusion SOC that’s capable of unleashing the power of artificial intelligence on the challenge of monitoring energy infrastructure.
AI-based solutions answer the dual need for adaptability and persistent vigilance. Machine learning algorithms trawling huge volumes of operational data can learn the expected relationships between variables, recognizing patterns invisible to human eyes and highlighting anomalies for human investigation. Because machine learning can be trained on real-world data, it can learn the unique characteristics of each production site, and can be iteratively trained to distinguish benign and consequential anomalies. Analysts can then tune alerts to watch for specific threats or ignore known sources of noise.
Extending monitoring and detection into the OT space makes it harder for attackers to hide—even when unique, zero-day attacks are deployed. In addition to examining traditional signals like signature-based detection or network traffic spikes, analysts can now observe the effects that new inputs have on real-world equipment. Cleverly disguised malware would still raise red flags by creating operational anomalies. In practice, analysts using the AI-based systems have found that their Eos.ii detection engine was sensitive enough to predictively identify maintenance needs—for example, when a bearing begins to wear out and the ratio of steam in to power out begins to drift.
Done right, monitoring and detection that spans both IT and OT should leave intruders exposed. Analysts investigating alerts can trace user histories to determine the source of anomalies, and then roll forward to see what else was changed in a similar timeframe or by the same user. For energy companies, increased precision translates to dramatically reduced risk – if they can determine the scope of an intrusion, and identify which specific systems were compromised, they gain options for surgical responses that fix the problem with minimal collateral damage—say, shutting down a single branch office and two pumping stations instead of a whole pipeline.
As energy systems continue their trend toward hyperconnectivity and pervasive digital controls, one thing is clear: a given company’s ability to provide reliable service will depend more and more on their ability to create and sustain strong, precise cyber defenses. AI-based monitoring and detection offers a promising start.
To learn more about Siemens Energy’s new AI-based monitoring and detection platform, check out their recent white paper on Eos.ii.
Learn more about Siemens Energy cybersecurity at Siemens Energy Cybersecurity.
This content was produced by Siemens Energy. It was not written by MIT Technology Review’s editorial staff.
The US is about to kick-start its controversial covid booster campaign
Disagreements: Booster shots have been controversial. A group of top scientists, including experts at the FDA and WHO, published a review in The Lancet on Monday arguing that booster shots are unnecessary since vaccines are still very effective at preventing severe disease and death. Furthermore, they say, vaccine supplies could save more lives if they’re used for unvaccinated people rather than as boosters for the vaccinated. That’s why the WHO has been pleading with rich countries to stop handing them out until more of the world is vaccinated.
Unequal distribution: The US joins the UK, the UAE, France, Germany, and Israel, which have also launched booster programs. In the UK, for example, a rollout of booster shots to all over-50s is about to begin after officials gave the green light last week. Meanwhile, less than 4% of Africa’s population is fully vaccinated, compared with 70% of adults in the EU. In the US, it’s 55%, a figure that has stubbornly failed to significantly budge in recent weeks. Earlier this week, President Biden announced that the US would buy a further 500 million doses of vaccine to distribute to other parts of the world, bringing its total commitment to more than 1 billion.
Scramble: Millions of Americans are likely to try to get a third shot. A YouGov poll this summer found that three in five vaccinated Americans will get one if it’s available. Given the chaotic nature of the US vaccine rollout, it will be hard to prevent people from gaming the system to get a third shot even if they aren’t technically eligible.