Monday, May 10, 2021

Cyberattacks need to be taken seriously

 Technology is both a blessing and a curse. It makes our lives easier in many ways, but it also makes them more complicated in others. One of the complicating factors is that we are vulnerable in ways that we were not during a simpler time.

The reality of cyberattacks is one example of a vulnerability that did not exist a few decades ago. This week, the big news is the ransomware attack on Georgia’s Colonial Pipeline, which Steve Berman described this morning. The attack raises the possibility of gas shortages in the Southeast, which could lead to price spikes and slowed production and delivery of goods.

Photo credit: unsplash.com/Bermix Studio

Share The Racket News

The Colonial Pipeline attack is only the most recent high-profile example of cybercrime. Last year, news broke about a hack at SolarWind, a US government contractor. The hackers not only were able to access classified information across multiple agencies but reportedly were able to insert their own malicious code in an attack that went undetected for months.

Prior to that, there were multiple attacks on US election infrastructure during the 2016 election. Many on the right viewed reports of the cyberattacks as an excuse for why Hillary lost, but even Trump Administration officials acknowledged the seriousness of the attacks, which were traced to Russia, a usual suspect in cybercrime. Targets of the attacks included both state and local election administrations as well as voting machine companies.

Russian cybercriminals are suspected in the Colonial Pipeline attack, but the Russian government has been directly implicated in other attacks. In any case, there is often a thin line between Russian criminals and the Russian government, which is clearly using cyber warfare against both commercial and military adversaries.

In 2007, the former Soviet republic of Estonia became the first country to be the target of a national cyber attack with Russia as the perpetrator. When Russia invaded Ukraine in 2014, cyberattacks were part of Vladimir Putin’s arsenal. The attacks on Ukraine included taking control of electrical grids and shutting them down to cause blackouts.

That’s one of my nightmare scenarios. I used to dread the possibility of an electromagnetic pulse attack that would shut off the electricity for much of the country. The book “One Second After” by William Fortschen chillingly describes the aftermath of such an electricity-killing attack in our world in which almost everything is electric and most of us have only enough food stockpiled to last a few days.

The reality is that today an aggressor would not have to launch a nuclear EMP attack to switch off America’s electricity. It would only require a coordinated attack on the electrical grids that supply us with power. This is a threat that should be taken very seriously, especially since the Russians have a history of testing this sort of warfare.

And some in the government do seem to be taking the threat seriously. US News reported that the US was aiding Ukraine in fending off a new spike in Russian cyberattacks in April 2021. In helping allies to fight off Russian attacks, we can strengthen our own defenses, but this also requires a public-private partnership since our electric companies and other utilities are often privately owned and operated.

I’ll add that the problem is not only a Russian problem. China has also had its fingerprints on cyberattacks against US companies in recent years. Even Iran and North Korea, countries usually associated with rogue nuclear threats, have gotten into the cyber warfare business.

Going forward, as we become more dependent on electricity and the internet, cyberattacks will become even more attractive for our enemies. The investment is much less than for nuclear programs, but the results of a large-scale attack could be almost as devastating to a country. If an attacker thinks they can remain anonymous or shift the blame, the temptation to launch such an attack might be overwhelming.

Cyber attacks are going to be a problem that we must deal with for the foreseeable future. Companies, especially those that are vital for power and food, should be working with the federal government to strengthen their defenses.

And Americans should keep a stockpile of emergency items just in case.

From the Racket

No comments: