4 November 2014

White House hack just the beginning: experts say major cyberattack coming soon


Breach: A computer network used by senior staff at the White House was recently attacked. 

Hackers recently breached an unclassified computer network used by President Barack Obama's senior staff, a White House official said on Wednesday, as experts predict we're around a decade away from an attack that causes "widespread harm to a nation's security".

US officials said the attack did not appear to be aimed at destruction of either data or hardware, or to take over other systems at the White House. That strongly suggests that the hackers' intention was either to probe and map the unclassified White House system or find entry points where they connect to other systems.

That means it would be different from the kind of attack that Iran launched two years against the computer systems of Saudi Aramco and would be more in the style of the kind of attacks that Russia and China have used over the years against US government targets.

Some White House staff members lost their connections to the system "as a result of measures we have taken to defend our networks," the official said.

At the same time, a survey released by the Pew Research Center found that almost two-thirds of technology experts expect a "major" cyber attack somewhere in the world that will cause significant loss of life or property losses in the tens of billions of dollars by 2025

Many of the analysts expect that, as systems become more centralised, disruption of online systems like banking, energy and health care will become a pillar of warfare and terrorism.

It's already beginning to happen, several of the researchers noted. In addition to the cyber-probing of the White House, one recent example is the attack on Apple's iCloud data storage system earlier this month, which some security experts believe was linked to the Chinese government.

Another was the the July attack on JPMorgan. Some in the White House wonder if it was orchestrated by the Putin regime in Russia in retaliation for US support of Ukraine.

As critical infrastructure moves online, cyber attacks could take out financial systems, the power grid and health systems, wreaking as much damage as bombs, the experts said.

There's already been "a Pearl Harbor event," said Jason Pontin, editor of the MIT Technology Review. He cited the 2009 Stuxnet computer worm that disabled Iranian nuclear plant centrifuges. Many in the defense world believe the attack was launched by the United States and Israel.

"Cyberware just plain makes sense. Attacking the power grid or other industrial control systems is asymmetrical and deniable and devilishly effective," said Stewart Baker, a partner at Steptoe & Johnson, a Washington DC law firm.

Futurist Jamais Cascio thinks cyber attacks will become part of military engagements. "Cyber is a force-multiplier," he said. "We'll likely see a major attack that has a cyber component, but less likely to see a major cyber-attack only.

Part of the problem is that security tends to be an add-on. Building resiliency into systems is crucial, said futurist David Brin.

Others aren't so convinced. Those who answered "no" to Pew's question said security fixes are steadily getting better and the "good guys" are still winning the cyber security arms race.

Several of the experts say the logic of the Cold War standoff also applies to cyber warfare — launching an attack is too dangerous because the attacker will be destroyed in turn.

"Mutually-assured destruction works," said Justin Reich, a fellow at Harvard University's Berkman Center for Internet and Society.

While "constant, relatively low-grade probing, piracy and state-sponsored cyber-terrorism" will be the norm, no country will launch an all out assault, he said.

Still, not everyone is convinced Doomsday is upon us. The internet's infrastructure is not as fragile as many claim, they say. The flames of fear are being fanned by those who have something to gain from widespread worry.

"Cyber attacks," said software engineer Mike Caprio, "are a boondoggle invented by military-industrial contractors to bilk governments out of billions of dollars."

New York Times, USA Today

No comments: