One minute the stock market is working. But suddenly every screen goes dark. No information. No buy or sell orders completed. And maybe by the time hackers reboot the system, all that stopped data changes while it’s offline, rendered unknowably incorrect.
Hackers have done the digital equivalent of damming mighty rivers and parting the deepest seas. Surely, they can make all the traffic lights in a city turn green at the same time. And just as certainly they can turn out the lights—all of them.
Hyper-connectivity is a mixed blessing. Never before has it been easier to transform political enmity on the global stage into a crippling or even deadly local problem.
The nature of the most recent attacks on the United States suggest an advanced persistent threat that is only native to advanced hacking operations. Think: state-sponsored.
The most recent news from the front lines of the cyber war indicates that threat of a “lights-out” scenario is not at all exaggerated. State-sponsored hackers—most likely Russian—have been, and continue to be busy trying to infiltrate nuclear power plants around the United States, among them Kansas-based Wolf Creek Nuclear Operating Corporation.
According to several reports, the goal of these hacks was and remains specifically to disrupt our national power grid. There were reports of multiple attacks on nuclear power generators.
How did it work? Social engineering. The hackers targeted industrial control engineers with phishing (also known as spearphishing) emails. Once again, bad cybersecurity training (combined with distraction and a dash of lapsed judgement) rears its ugly head. The people who oversee systems that maintain the proper functioning of a nuclear generator should really know better than to click on malware-laden links or attachments. After all, if they screw up we’re talking about a non-movie version of “The China Syndrome,” i.e, it could still be dangerous.
Remember the election? John Podesta? That was also accomplished with a phishing attack, or what Podesta believed was a legitimate "password recovery" email from Google.
Maybe you live off the grid or have a huge diesel tank and a good generator, so the lights-out scenario doesn’t alarm you. How about the prospect of losing American sovereignty? We’ve already had some indication regarding the potential influence of state-sponsored hacking on an election in our country, which for the time being anyway is still the world’s most powerful nation.
Circling the Wagons
The hacker problem is intractable, and it’s getting worse. Yet still, there is nothing in existence resembling a universal approach to the global community’s most pressing cybersecurity issues.
Never mind the evolving level of sophistication manifest in the emails are that are getting these engineers and other gatekeepers “got.”
That phishing ploys can work at a level where the stakes are so high should be all the warning we need, but our chronic and pervasive state of cyber-insecurity has not changed despite the most spectacular damage caused by it.
It is time to circle the wagons and figure out a global protocol for cybersecurity.
Yep, Centralizing Matters
The United Nations might be able to help.
Whether you think the United Nations is the best thing since Mahatma Gandhi or an uber-liberal, supranational cabal of anti-American interests that sap our great nation of funds better earmarked for your next vacation, keep reading.
You owe it to yourself, your family—and for that matter our nation—to consider the most recent findings of the UN’s International Telecommunication Union (ITU) when it comes to the state of cybersecurity worldwide.
The ITU’s recently published Global Cybersecurity Index looked at the current defense set-up in 134 countries, specifically with regard to cybersecurity. The index took five factors into account: technical, organizational, legal, cooperation and growth potential.
First is the almost-great news: The United States got the second highest ranking. Singapore did better, but hey, it’s a solid win.
Here’s the rest of the top 10: Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France, Canada and Russia, respectively. Georgia and France tied for No. 8.
It is worthy of notice that this ranking doesn’t correlate to GDP or military prowess. That said, there does appear to be a correlation vis-à-vis geo-political hotspots and cybersecurity.
Regardless, the haphazard collection of countries with the best cybersecurity chops suggests that best practices are within reach regardless a country’s financial resources, population size, or any other variable.
The ITU study found that the lack of a global standard for best cybersecurity practices was problematic, which seems like an understatement. It would take a long time to list all the ways in which the global community is interconnected. The bottom line: We’re as vulnerable as our neighbor. It’s high time we focus more on helping each other get on the same page.
Adam K. Levin is chairman and founder of CyberScout (formerly IDT911) and co-founder of Credit.com, and a former director of the New Jersey Division of Consumer Affairs. He is also the author of "Swiped," which debuted at #1 on the Amazon Bestsellers Hot New Releases List.
The views expressed by contributors are their own and are not the views of The Hill.