As global tensions continue to climb in the wake of to North Korea’s nuclear activity, many are focused on the physical aspects of a possible global conflict. Unfortunately, what many aren’t focused on are the aspects that are not so physical.
According to a former Marine cyber warrior, we are already involved in a cyber war with Russia, one that escalated during the last election cycle with Obama, McCain, and many others were declaring Russian cyber activity as an act of war. Even before the election cycle, the U.S. Office of Personnel Management suffered a breach that exposed sensitive information belonging to over 21.5 million people. In fact, between April 2015 and April 2016, according to Maryville University, there were “35 major data breaches across government agencies and Federal agencies.”
With so much attention turned toward traditional modes of conflict and the threat of nuclear war, it’s easy for us to forget that our critical infrastructure is just as at risk (if not even more so) by cyberattack than nuclear proliferation.
The Problem is the Internet of Things
At the end of 2016, unknown hackers launched the Dyn DDoS cyberattack, the biggest DDoS attack up until that time. The result was essentially an internet outage that spanned both coasts, and while the cost impact of the attack hasn’t necessarily been calculated, here’s some food for thought: every 30 seconds, more than $1.2 million is generated via ecommerce (and this says nothing of ROI lost for non-ecommerce websites). You could extrapolate that $144 million is generated per hour, and considering that this attack rendered much of the net useless for hours, it’s possible that this attack caused damage in the billions.
The way that this attack was proliferated was through millions of unsecured IoT devices, many of which have security flaws built-in and ready to be exploited. The problem is that in our rush to create a world filled with internet-connected devices–think smartphones, TVs, wearables like FitBits, and internet-connected cameras–we’ve left device security to the wayside, creating an Internet of Things (IoT) that Wired called “wildly insecure and often unpatchable.”
Industries–and Lives–at Stake
Make no mistake–just because lives haven’t been taken as a direct result of cyber warfare doesn’t mean that they’re not at stake. Hospitals were the frequent targets of cyber attacks in 2016, putting patient lives and information at stake. Additionally, cyber attacks that target vulnerabilities in pacemakers, for example, could essentially induce the same symptoms of a heart-attack, albeit on a much more massive scale.
Other “worst-case scenarios” might include the hijacking of drones for use against the military and civilians alike, or even the takedown of power grids that help keep critical infrastructure running a la the “fire-sale” scenario explored in the movie Die Hard 4. The Atlantic posits that a slow but significant form of economic warfare might include stealing proprietary information and/or money from private companies, and causing an economic collapse worse than anything we could imagine being possible (and this is a post-2008 depression analysis).
Perhaps the biggest problem with securing our nation from cyberattacks and cyberwarfare is that the solution includes both industries/government bodies and the individual. Dartmouth College has a new system called “Wanda” that is supposed to help shore up health care security, while a separate, Atlanta-based healthcare startup is using the blockchain to secure their infrastructure. If more large bodies of government and industry were to use the blockchain to secure their respective infrastructures, we’d see a much safer cyber landscape.
As far as the individual goes, the Department of Homeland Security has issued its own set of guidelines for protecting oneself against cyber attacks. These measures include:
- Never click on links in emails, and never open attachments from those you don’t know. This is the most widely used way of phishing information from targets.
- Do not give out personal information over the phone or in an email unless you’re completely sure of who the sender is. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors,
- Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.
- Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.
- Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
- Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
While no system is perfect, following these guidelines should help deter the personal impact of cyber attacks, whether by state or private actors.
Technology Never Quits
While the nuclear threaft should absolutely be on our radar, we shouldn’t forget about the other ways that new technologies pose global threats. Gene editing, for example, has the potential to cure sickle cell disease, mesothelioma cancer, and cystic fibrosis–however, genome editing has been added to the Worldwide Threat Assessment as a weapon of mass destruction (the same part that talks about nuclear capabilities of North Korea). AI sits in this same boat; incredibly powerful with potential beyond measure, but also extremely dangerous if not handled properly.
The point is that gene editing, AI, and the majority of the IoT are not going anywhere anytime soon. In fact, we will probably be using more of all of these technologies as time passes. While these technologies will benefit us beyond our wildest dreams, we must learn to view them for the dangerous potential they possess–before we are forced to view them as such by a cyber-Hiroshima or other world-class event.