Advertisement
This is member-exclusive content
icon/ui/info filled
Opinion

Cybercrime is a growing threat to capitalism and national security

Business and government aren’t doing enough to protect critical assets.

Not all crises can be anticipated, but some persistent threats deserve more attention than they get.

Case in point is the cyberattack that crippled the Colonial Pipeline and caused fuel shortages across the eastern seaboard. According to published reports, the pipeline’s owners paid a ransom to DarkSide, a Russia-based criminal organization, to get its operation back on board. In a looking-glass moment, DarkSide issued a statement declaring that its goal is to obtain cash, and it did not have a political objective, as if that makes things better.

Cyberattacks are increasing in magnitude and frequency, raising concerns that executives aren’t focused enough on this threat to their businesses, as well as the cascading impact on the overall economy and national security. In a digitally connected world, the importance of realistic risk assessments, firewalls and ways to protect critical data and services can’t be overstated.

Advertisement

“Business executives have to stop looking at cybersecurity as a technical risk issue,” said Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security, during an interview Sunday on CBS’ Face the Nation. “It truly is a business risk issue, and we are talking about the resilience of the U.S. economy.”

Opinion

Get smart opinions on the topics North Texans care about.

Or with:

What DarkSide did to the pipeline amounts to breaking into your house, stealing your valuables and changing all the locks to keep you out until you relent to its demands.

To pay encourages more threats to other companies. Not to pay risks the loss of millions, if not billions, of dollars from a prolonged shutdown. And it’s not like you will get your valuables back, unscathed and with no questions asked. Data breaches usually end up with sensitive financial information being sold and resold on the dark web, creating other opportunities for cybercrime.

Advertisement

About 85% of our nation’s critical assets, systems and networks are in private hands, and their incapacitation would have a debilitating effect on national and economic security, public health and safety. Private banks control our financial system. Private electricity providers control the grid. Private railroads and airlines move people, goods and services. And the list goes on.

Cyberattacks target the lifeblood of modern capitalism — the seamless digital global networks that encourage convenient commerce with customers and suppliers. When cybercriminals, who may or may not have direct ties to rogue states, leverage the power of computers and internet connectivity to shake down businesses, executives need to elevate cybersecurity on the list of corporate priorities.

The precise number of private companies targeted for ransom is difficult to calculate since companies are reluctant to talk about breaches and will pay up if compromised. Homeland Security Secretary Alejandro Mayorkas speculated that ransomware losses may be more than $300 million so far this year — up 300% from last year. “The threat is real,” Mayorkas said. “The threat is upon us. The risk is to all of us.”

Advertisement

Unfortunately, cyber shakedowns are getting worse and more expensive, and they pose greater threats to national security. According to cybersecurity expert Palo Alto Networks, the average ransom paid to cybercriminals increased from $115,123 in 2019 to $312,493 in 2020, a stunning 171% increase, and the biggest ransom paid doubled from $5 million to $10 million.

In addition to attacks on the private sector, at least 26 government agencies have been hit by ransomware this year, and the world is still sorting out the damage from hackers believed to be directed by the Russian intelligence service, the SVR, to slip malicious code into software for a cyberattack on the computer networks of the federal government and major companies. Even police departments have been hit in attempts to access information that global gangs would pay handsomely to obtain.

President Joe Biden says there is “no evidence” that the Russian government is behind the pipeline attack, which frankly might be wishful thinking. However, the president issued an ambitious executive order to devise new standards for software vendors supplying the federal government. While the order is aimed at hardening cybersecurity defenses for the federal government and its vendors, the presumption is that it could promote tougher security standards for private sector transactions, too.

But here’s the sticking point: The Government Accountability Office says 50 of its 80 cybersecurity recommendations since 2010 have not been implemented.

Cyber blackmail will continue until bad actors and the governments that allow criminals to operate within their borders are punished and the business model that makes cybercrime profitable is disrupted. It seems clear that Russia, North Korea, China and Eastern European countries sponsor or abet cyberattacks to promote their global objectives, which can include obtaining corporate secrets or hard currency to finance trafficking in humans, drugs and weapons and keep corrupt regimes in power. Private companies and governments must harden targets against this criminal underground economy.

Biden’s executive order is a broad policy framework, not a solution. The nation needs more comprehensive coordination between the public and private sectors to protect critical infrastructure and sensitive information. In the interest of global and national security, cybersecurity has to improve to better match the threat.

Otherwise, regardless of whether you’re on the East Coast or any other part of the country, gas lines amid a ransomware-induced shortage or other such crises may become a staple of daily life.

Advertisement

Got an opinion about this issue? Send a letter to the editor, and you just might get published.