Illegal operations – Cybersecurity in the COVID-19 world
29 May, 2021, 6:30 pm
The world is still trying to contain the COVID-19 pandemic that has devastated the world populations and economies to date. To do so, they are using a variety of digital communications and surveillance systems.
Like much of the medical infrastructure, these systems are highly vulnerable to hacking and interference.
That vulnerability should be concerning.
Governments and intelligence agencies have long had an interest in manipulating health information, both in their own countries and abroad.
They might do so to prevent mass panic, avert damage to their economies, or avoid public discontent (if officials made grave mistakes in disaster management, for example).
Outside their borders, nation states might use disinformation to subtly undermine their adversaries or disrupt an alliance between other nations.
A sudden epidemic — when countries struggle to manage not just the outbreak but its social, economic and political fallout — is especially tempting for interference.
In the case of COVID-19, such interference is already well underway.
That fact should not come as a surprise.
Nation states hostile to the West have a long track record of manipulating information about health issues to sow distrust.
The list of bad actors in cyberspace is long, and spans a wide range of motives and capabilities.
At the extreme end there’s cyber war: destructive actions by governments during a war.
When government policymakers think of cyber-attacks, that’s what comes to mind.
Cyber war is conducted by capable and well-funded groups and involves military operations against both military and civilian targets.
Along much the same lines are non-nation state actors who conduct terrorist operations.
Although less capable and well-funded, they are often talked about in the same breath as true cyber war.
Much more common are the domestic and international criminals who run the gamut from lone individuals to organised crime.
They can be very capable and well-funded and will continue to inflict significant economic damage.
Threats from peacetime governments have been seen increasingly in the news.
The US worries about Chinese espionage against Western targets, and we’re also seeing US surveillance of pretty much everyone in the world, including Americans inside the US.
The National Security Agency (NSA) is probably the most capable and well-funded espionage organisation in the world, and we’re still learning about the full extent of its sometimes illegal operations.
Hacktivists are a different threat. Their actions range from internet-age acts of civil disobedience to the inflicting of actual damage.
This is hard to generalise about because the individuals and groups in this category vary so much in skill, funding and motivation.
Hackers falling under the “anonymous” aegis — it really isn’t correct to call them a group — come under this category, as does Wikileaks.
Most of these attackers are outside the organisation, although whistleblowing —the civil disobedience of the information age — generally involves insiders like Edward Snowden.
This list of potential network attackers isn’t exhaustive.
Depending on who you are and what your organisation does, you might be also concerned with espionage cyber-attacks by the media, rival corporations or even the corporations we entrust with our data.
The issue here, and why it affects policy, is that protecting against these various threats can lead to contradictory requirements.
In the US, the NSA’s post-9/11 mission to protect the country from terrorists has transformed it into a domestic surveillance organisation.
The NSA’s need to protect its own information systems from outside attack opened it up to attacks from within.
Do the corporate security products we buy to protect ourselves against cybercrime contain backdoors that allow for government spying?
European countries may condemn the US for spying on its own citizens, but do hey do the same thing?
All these questions are especially difficult because military and security organisations
along with corporations tend to
hype particular threats.
For example, cyber war and cyberterrorism are greatly overblown as threats because they result in massive government programs with huge budgets and power hile cybercrime is largely downplayed.
We need greater transparency, oversight and accountability on both the government and corporate sides before we can move forward.
With the secrecy that surrounds cyberattack and cyberdefence it’s hard to be optimistic.
Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides.
Society uses new technologies to decrease what I call the scope of defection — what attackers can get away with — and attackers use new technologies to increase it.
What’s interesting is the difference between how the two groups incorporate new technologies.
Changes in security systems can be slow.
Society has to implement any new security technology as a group, which implies agreement and coordination and — in some instances — a lengthy bureaucratic procurement process.
Meanwhile, an attacker can just use the new technology.
For example, at the end of the horse-and buggy era, it was easier for a bank robber to use his new motorcar as a getaway vehicle than it was for a town’s police department to decide it needed a police car, get the budget to buy one, choose which one to buy, buy it, and then develop training and policies for it.
And if only one police department did this, the bank robber could just move to another town.
Defectors are more agile and adaptable, making them much better at being early adopters of new technology.
We saw it in law enforcement’s initial inability to deal with Internet crime.
There’s one more problem: defenders are in what military strategist Carl von Clausewitz calls “the position of the interior”.
They have to defend against every possible attack, while the defector only has to find one flaw that allows one way through the defences.
As systems get more complicated due to technology, more attacks become possible. This means defectors have a first-mover advantage; they get to try the new attack first.
Consequently, society is constantly responding: shoe scanners in response to the shoe bomber, harder-to-counterfeit money in response to better counterfeiting technologies, better antivirus software to combat new computer viruses, and so on.
The attacker’s clear advantage increases the scope of defection even further.
Of course, there are exceptions. There are technologies that immediately benefit the defender and are of no use at all to the attacker — for example, fingerprint technology allowed police to identify suspects after they left the crime scene and didn’t provide any corresponding benefit to criminals.
The same thing happened with immobilising technology for cars, alarm systems for houses, and computer authentication technologies. Some technologies benefit both but still give more advantage to the defenders. The radio allowed street policemen to communicate remotely, which increased our level of safety more than the corresponding downside of criminals communicating remotely endangers us.
Still, we tend to be reactive in security, and only implement new measures in response to an increased scope of defection. We’re slow about doing it and even slower about getting it right.
Today, we are ever aware about the more physical threat of COVID-19 in our recent community outbreak in Fiji and yet I must urge temperance and a more disciplined approach.
It requires the patience of all and we will all suffer in many ways but be aware of the bigger picture.
As the wisest man reputedly to have ever lived – King Solomon of Israel, when asked what to say in times of extreme crisis or prosperity once said – “This too shall come to pass…” so hang in there now, God bless you all and stay safe and secure in both physical and digital worlds