The high-profile hacking of Sony Pictures, allegedly by North Korea in a revenge move catalyzed by the fictional portrayal of NK leader Kim Jong-un’s assassination in Sony’s film The Interview, has put cyberespionage on the front page once again. While the nature of this hack, principally resulting in the public exposure of embarrassing emails, may be easily dismissed by many casual observers who see still see hacking as no more than a “sort-of” problem, the potential damage that hacking attacks against large American corporations and government agencies can do is enormous. Nevertheless, one of the daunting challenges that remains for government leaders is to impress upon the American people…as well as members of the political establishment…to finally see the hacking threat for what it truly is, and to take the steps necessary to defend the homeland accordingly.
One of the problems with cyberwarfare and cybercrime is that, at their core, these issues do not resonate with the American public, and even some American politicians, in the same way that more traditionally-formatted threats tend to. It’s not unlike the disparity in perception that plagues many when looking at examples of white collar crime vs. basic “thuggery;” the reality is that a guy jumping out from behind a tree, knocking you down, and stealing your wallet containing $50 is more “relatable” to most of us as a criminal act, and is often pursued more vigorously by law enforcement, than an embezzler who pilfers a fortune from a company, or even from another individual. It’s terribly unfortunate, because the costs of nefarious cyberactivities are very high: in 2012, then-NSA director and head of U.S. Cyber Command, Gen. Keith Alexander, USA, Ret., characterized the theft of intellectual property and loss of industrial information as the greatest example of wealth transfer in history, and pointed out that the total costs of cyberwarfare and cybercrime to the United States, on an annual basis, exceed a third of a trillion dollars.
Hacking’s direct threat to the homeland. Very much at the core of a nation’s strength and survival is its energy infrastructure, and, according to the Department of Homeland Security’s Computer Emergency Readiness Team, there were 79 hacking incidents at U.S. energy companies during fiscal year 2014. Energy companies are the most popular targets of spy malware, and it is surely the case that attacks on the nation’s energy companies are going to at least continue as they’ve been, if not become substantially greater. Although energy companies now maintain significant cybersecurity counter-threat specialists, the overriding vulnerability to the energy industry is the dated technologies and structures that remain in place, and upgrades rarely take place because implementing them means interrupting service. Up to this point, none of the hacking efforts directed at the nation’s energy providers has resulted in power shutdowns, but the continued prioritization of the effort by those seeking to adversely penetrate America’s energy grid suggests that such a disaster may be simply a matter of time. Relatedly, the U.S.’s weather management systems were successfully hacked in October, the result of which was the inability for some key weather reports to be dispatched, as satellite transmission of key data was the direct casualty of the hacking effort. Successful hacks of key U.S. resources, resources that lie at the very heart of America’s stability and security, are an ominous warning sign, and something on which more of the nation’s focus will clearly need to be directed.
Solutions? According to General Alexander, the solutions to America’s current, significant cyber-vulnerability are many and varied, and include a transition to “cloud-based computing;” while Alexander acknowledges that cloud-based computing is hardly a perfect solution, it does allow for nimble movement in a way that current structures do not, thereby allowing readier and more precise threat neutralization. Additionally, the general cites the current, woeful shortfall in the number of trained and deployed “cyberwarriors” as another deficiency that could be easily corrected if resources were simply better aligned with stark needs.
As for the Sony hack, there is some controversy within “cyber circles” as to whether North Korea was really behind the effort at all, or if someone unrelated to North Korea entirely…like a rogue insider at Sony…is the true guilty party. Although President Obama directly accused North Korea of being behind the attack, the lack of any details forthcoming from the administration as to why they’re convinced of NK’s guilt, beyond evidence which is circumstantial in nature, has some experts in the cyber field suspicious. As a matter of fact, even the circumstantial evidence is lacking, as there appears to be no proof that the attackers themselves mentioned the film The Interview as a reason for the attack, and that the idea that this was the reason for it has been entirely media-generated. Regardless, the salient issue here is the matter of America’s vulnerability to cyberattack; even if the Sony hack is ultimately attributed to an “inside job,” the reality is that cyberespionage and cybercrime have been persistent between the U.S. and some of its largest nation-state rivals…Russia and China, to name just two…for years now, and, given the well-known risks to the most sensitive components to America’s very infrastructure posed by cyberthreats, securing the nation’s cyber-sensitive infrastructure should rank far more highly on the list of priorities for both government and business than it has up to this point.
The information contained here is for general information purposes only. The Financial Writer blog and Bob Yetman disclaim responsibility for any liability or loss incurred as a consequence of the use or application, either directly or indirectly, of any information presented herein. Nothing contained in this article, or any other article featured at this blog, should be construed as a solicitation or recommendation to engage in any financial transaction. You should seek the advice of a qualified professional before making any changes to your personal financial profile.