Earlier this month, Las Vegas hosted three different conventions focused on cybersecurity. They were named Black Hat USA, DEF CON, and BSidesLV, collectively referred to as “hacker summer camp.” There were many speakers from the world of cybersecurity and the topics had a distinctly international focus rather than dealing solely with issues facing the United States. But one common theme reportedly emerged from the presentations that were given. The threat of cyberattacks is growing exponentially around the globe, with many bad actors lurking out there and limited resources available to governments and the private sector to defend against them. There was a lot of focus on hackers assumed to be associated with Russia and China, but there are individual rogue actors out there as well. And one country that has been under continual assault from the virtual world is Ukraine. They’ve done an admirable job in dealing with these threats, but that’s not going to last forever. The implications for the world at large, however, may be even darker. (PJ Media)
Among the main issues discussed this year were the growing concerns regarding increasing cyber-attacks from China and Russia.
Ukraine’s Zhora has witnessed his country face over 1,600 Russian-based “major cyber incidents” so far this year. He told Black Hat USA that “This [Russian Hacking Attacks] is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyberspace.”
These attacks to which Zhora refers include Russian-based DDoS attacks targeting many of Ukraine’s government agencies, as well as malware that targets the Industrial Control Systems (ICS) that are critical to energy providers.
We’re not just talking about some geeks without morals looking to empty your bank account, though plenty of that still goes on as well. There have been coordinated attacks on the power grids and communications networks of entire countries. The problem goes far beyond just those aspects of our 21st-century infrastructure. We rely on these technologies for virtually every aspect of life, from law enforcement to the basic delivery of goods and services. But the reality is that we have not invested in the types of people, training, and technology required to keep up with the bad guys.
Manpower in the cybersecurity world is an ongoing issue. Government employment defending the country’s cyberstructure simply isn’t a very lucrative line of work compared to the potential gains one might realize as a hacker. And particularly in the United States, we have not emphasized the recruitment of new, younger talent nearly enough. There appears to be a growing technology gap between the white hats and the black hats, with plenty of adversarial governments being willing to sponsor or at least ignore the black hats as long as they’re going after western nations.
Much the same way that we gave China control of the global supply chain without thinking about the consequences, we’ve created an international system where we are totally dependent on our cyberstructure for our jobs, industry, travel, and everything else. And we have been fighting this battle while not keeping up with those who will be able to shut it all down. Some analysts have already been warning the world that the attacks we see on smaller countries and private corporate entities are serving as practice runs for what could turn out to be a full-scale cyber assault on the United States and our allies.
Returning to the China analogy for a moment, the global supply chain where we noticed the disruption most clearly is mostly physical in nature. When products fail to flow smoothly from their point of origin to their eventual destination, we learned over this spring and summer what happens. Shelves go empty and unrest develops quickly. This time it happened because of events originating in a more natural fashion. But the lesson from all of that was that China could shut down the supply chain intentionally if the CCP really wanted to make it happen and it would have devastating results until we rebuild America’s own manufacturing and production sector.
The good news on that front is that we still know how to grow food and produce products. We also have the historical knowledge of how to build the internal capabilities required to do that. It will take time and significant investment, but we have a greater ability to return largely to self-reliance than many other nations if we choose to do so.
The bad news is that the cyber world is still comparatively new. We really don’t have a blueprint to follow and the technology underlying all of these systems continues to evolve on a constant basis. And that technology, as already mentioned, is embedded into essentially every step of the process. Even if a country like America is able to produce enough food to feed its own people and enough energy to keep the lights on and all of the machinery in good repair, it won’t matter if a sufficiently robust cyber attack takes place.
If the vehicles needed to plant and harvest the crops and bring the cattle to the processing plants won’t start when the farmers turn the keys, the food will not be delivered. The shelves will still be just as empty and food will rot at the source. If we have an ocean of oil, mountains of coal, hundreds of nuclear plants, and wind farms as far as the eye can see, if the grid shuts down, the power won’t reach the facilities that require it. Huge sections of the country rely on water that is imported from elsewhere, as the people in California know all too well right now. What happens when the pumps stop running because their control programs have been compromised? You’re probably getting the full picture at this point.
While it’s clearly true that we have many other problems to address, particularly under the current conditions we’re experiencing, it seems imperative that this issue becomes a top priority for the United States immediately. This isn’t some hypothetical threat lifted from the pages of science fiction or doom porn. It’s a very real threat and we are not the most capable players in this game by a long shot. We need to beef up our national cybersecurity workforce with some of the brightest minds that can be found, whether that be through direct government employment or subsidized NGOs. And we probably don’t have very long to catch up to the bad guys. The world is far too unstable today in many ways, but this is one area where we could be brought to our knees without an adversary firing a single missile or sinking just one ship.