This is the second version of my previously published editorial. I was compelled to update it because of two key developments:
First, on the morning of May 23rd, 2018, Jim Finkle and Pavel Polityuk of Reuters reported that “Cyber firms, Ukraine warn of planned Russian attack” the fourth such cyberattack starting with the 2015 and 2016 power grid attacks, and the 2017 malware attack that after crippling Ukraine, spread to the rest of the world.
Second, Microsoft’s President Brad Smith announced at RSA 2018 the signing of the Cybersecurity Tech Accord involving 34 tech companies. It is an attempt to create a digital “Geneva Convention” to establish behavioral norms in terms of cybersecurity and privacy. We all know how well the Geneva Convention worked, so why not repeat it? Just ask any of the multiple genocide victims between 1929 and today. The Geneva Convention is not NATO, nor The Warsaw Pact. It’s a “let’s get along” pledge with no teeth!
This is the real never-ending story! A story repeatedly reported, but — seemingly — of little consequence: Actions speak louder than words, and we have a plethora of the latter, but none of the former.
Let’s go back to December 13th 2016 when the New York Times published a feature article titled “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.” In it Eric Lipton, David Sanger and Scott Shane did an excellent job in framing, in detail, the recent state-sponsored cyberattack against United States interests.
Russia is not alone in excelling at cyberwarfare. Many nation-states see this as the new “arms race.” They believe, rightly so, that this is a race they can win. North Korea, Iran, and China have demonstrated their capabilities time and again. So, has the United States and Israel. There is little doubt that practically every country is actively participating in the development, management, and deployment of cyberwarfare infrastructure. They all are, and they are building massive defensive and offensive cyberwarfare capabilities. Moreover, they are “in it to win it,” and they think they can.
What has made Russia’s cyberattack particularly egregious is not that it is the first, but that it is a blatant, “in your face,” show of power, ridiculing the last superpower standing. And, of course, it continues unabated. What makes it particularly deadly is that it is coupled with Russia’s deep scholarship in propaganda. I have read recent interviews from officials downplaying and demeaning Russian propaganda as “par for the course,” and “things we’ve seen before from the Russians.” If so, then we have not learned, and that costed us dearly. We have been badly defeated and ridiculed by what we all thought was a vanquished enemy of a cold war gone dead. In my view, news of the enemy’s demise is premature, and the cold war is very far from over.
On April 4th 1949, with the memories of the second world war brutally fresh, an alliance was formed between the United States, Canada, and several European countries. The North Atlantic Treaty Organization (NATO) was formed. Article 1 of the treaty reads: “The Parties undertake, as set forth in the Charter of the United Nations, to settle any international dispute in which they may be involved by peaceful means in such a manner that international peace and security and justice are not endangered, and to refrain in their international relations from the threat or use of force in any manner inconsistent with the purposes of the United Nations.”
Many more treaties followed, and the world’s doomsday clock reflected the threat: 7 minutes to midnight in 1947. 3 minutes in 1949, after the first USSR nuclear test. 17 minutes — the lowest value — in 1991. Now, it is back to 3 minutes to midnight.
The lowest value, 17 minutes to midnight, was reached when the world thought the cold war to be over, and the United States and Russia were engaged in nuclear arms reduction. Since 2015 it is back to 3 minutes as “Unchecked climate change, global nuclear weapons modernizations, and outsized nuclear weapons arsenals pose extraordinary and undeniable threats to the continued existence of humanity,” and world leaders fail to act.
Sadly, this is not their only failure. As catastrophically serious both climate change and nuclear arsenals are, and for that there should be no doubt, a third blight has surfaced: Cyberwar. Most think that hacking or cyberwarfare is a threat, to be sure, but not on the same level as nuclear weapons. Yes, millions of dollars may be lost, political careers ruined, and service interruptions may be inconvenient, but a cyberwar is thought to be confined to the virtual world, not the real one. They are deadly wrong.
Acts of cyberwarfare may have already claimed lives in the Ukraine, when Russian hackers attacked that country’s power grid leaving almost one quarter million residents without power. Lives may have been lost when the centrifuges in Iran’s nuclear enrichment facility were destroyed by Stuxnet, a suspected U.S. / Israeli cyberweapon. And, of course, there are many victims of cyberbullying that took their own lives demonstrating the power of reputational damage, an easily attainable effect of hacking any individual’s life story.
Experts warn of the certainty of real human casualties from cyberwarfare. Consider what would happen if the electrical grid was hacked and the country, or regions, went dark for weeks on end. Ted Koppel did in his “Lights Out” book, and the implications are devastating. Consider the ramifications of hacking medical records and facilities, water purification plants, traffic control, or telecommunications. I am sure that you can come up with your own nightmare scenario that leaves thousands, if not hundreds of thousands dead or injured, and our country in chaos.
I also have no doubt that there are brilliant minds working around the clock in our security services that continuously analyze and respond to these threats, as well as advise our leaders. But, I know from experience, their advice frequently falls on deaf ears. Just as executives don’t want to hear about risk, be it cyber, technology, or otherwise, so, I suspect, are government “executives.” Certainly, recent rhetoric on the value of intelligence briefings demonstrates this, just as the inaction and hesitation of the Obama White House in responding to the Russian attack against our political process.
We need a concentrated effort in this new front for the survival of humanity. We need our leaders to be educated and alert of the danger this poses. We need our people to be sensitized to the danger of cyberattacks, think “duck and cover” for the cyber age. We need our allies to reinvigorate their frameworks for resolving conflicts peacefully to include cyberwarfare. A cyber attack to one country should be considered an attack to us all, with the commensurate and immediate response. And, we need our international organizations to recognize the danger of cyber actor proliferation and take immediate and decisive action.
It’s a start, when nothing less will do. My Cyber Clock is, now, reset to 30 seconds to midnight, and ticking…
On December 13th the New York Times published a feature article titled “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.” In it Eric Lipton, David Sanger and Scott Shane do an excellent job in framing in detail the recent state-sponsored cyber attack against United States interests. But, the story doesn’t end there.
Russia is not alone in excelling at cyber warfare. Many nation-states see this as the new arms race. They believe, rightly so, that this is a race they can win. North Korea, Iran, and China have demonstrated their capabilities time and again. So has the United States and Israel. There is little doubt that practically every country is actively participating in the development, management, and deployment of cyber warfare infrastructure. They all are, and they are building massive defensive and offensive cyber warfare capabilities. Moreover, they are “in it to win it,” and they think they can.
What has made Russia’s cyber attack particularly egregious is not that it is the first, but that it is a blatant, “in your face,” show of power, ridiculing the last superpower standing. What makes it particularly deadly is that it is coupled with Russia’s deep scholarship in propaganda. I have read recent interviews from officials downplaying and demeaning Russian propaganda as “par for the course,” and “things we’ve seen before from the Russians.” If so, then we have not learned, and that costed us dearly. We have been badly defeated and ridiculed by what we all thought was a vanquished enemy of a cold war gone dead. In my view, news of the enemy’s demise are premature, and the cold war is very far from over.
On April 4th 1949, with the memories of the second world war brutally fresh, an alliance was formed between the United States, Canada, and several European countries. The North Atlantic Treaty Organization (NATO) was formed. Article 1 of the treaty reads: “The Parties undertake, as set forth in the Charter of the United Nations, to settle any international dispute in which they may be involved by peaceful means in such a manner that international peace and security and justice are not endangered, and to refrain in their international relations from the threat or use of force in any manner inconsistent with the purposes of the United Nations.”
Many more treaties followed, and the world’s doomsday clock reflected the threat: 7 minutes to midnight in 1947. 3 minutes in 1949, after the first USSR nuclear test. 17 minutes — the lowest value — in 1991. Now, it is back to 3 minutes to midnight.
The lowest value, 17 minutes to midnight, was reached when the world thought the cold war to be over, and the United States and Russia were engaged in nuclear arms reduction. Since 2015 it is back to 3 minutes as “Unchecked climate change, global nuclear weapons modernizations, and outsized nuclear weapons arsenals pose extraordinary and undeniable threats to the continued existence of humanity,” and world leaders fail to act.
Sadly, this is not their only failure. As catastrophically serious both climate change and nuclear arsenals are, and for that there should be no doubt, a third blight has surfaced: Cyber War. Most think that hacking or cyber warfare is a threat, to be sure, but not on the same level as nuclear weapons. Yes, millions of dollars may be lost, political careers ruined, and service interruptions may be inconvenient, but a cyber war is thought to be confined to the virtual world, not the real one. They are deadly wrong.
Acts of cyber warfare may have already claimed lives in the Ukraine, when Russian hackers attacked that country’s power grid leaving almost a quarter million residents without power. Lives may have been lost when the centrifuges in Iran’s nuclear enrichment facility were destroyed by Stuxnet, a suspected U.S. / Israeli cyber weapon. And, of course, there are many victims of cyber-bullying that took their own lives demonstrating the power of reputational damage, an easily attainable effect of hacking any individual’s life story.
Experts warn of the certainty of real human casualties from cyber warfare. Consider what would happen if the electrical grid was hacked and the country, or regions, went dark for weeks on end. Ted Koppel did in his “Lights Out” book, and the implications are devastating. Consider the ramifications of hacking medical records, devices and facilities, water purification plants, traffic control, or telecommunications. I am sure that you can come up with your own nightmare scenario that leaves thousands, if not hundreds of thousands dead or injured, and our country in chaos.
I also have no doubt that there are brilliant minds working around the clock in our security services that continuously analyze and respond to these threats, as well as advise our leaders.
But, I know from experience, their advice frequently falls on deaf ears.
Just as executives don’t want to hear about risk, be it cyber, technology, or otherwise, so, I suspect, are government “executives.” Certainly, recent rhetoric on the value of intelligence briefings demonstrates this, just as the inaction and hesitation of the Obama White House in responding to the Russian attack against our political process, or the flaccid reaction of the fourth estate in the face of fake news sites.
We need a concentrated effort in this new front for the survival of humanity. Confidentiality, Integrity, Availability, and Safety — the four pillars of cybersecurity, are now as fundamental to our lives as freedom of expression, movement, assembly and all the rights we have been taken for granted as inalienable.
We need our leaders to be educated and alert to the danger that cyber warfare poses. We need our people to be better educated in navigating the information highway, and sensitized to the danger of cyber attacks — think “duck and cover” for the cyber age.
Finally, we need to join with our allies and reinvigorate our frameworks for resolving conflicts peacefully to include cyber warfare. A cyber attack to one country should be considered an attack to us all, with the commensurate and immediate response. And, we need all international organizations to recognize the danger of cyber actor and weapons proliferation and take immediate and decisive action.
It’s a start, when nothing less will do. My Cyber Clock has been reset. 45 Seconds to midnight, and ticking…