Civilian cybercriminals continue launching viruses, worms and other malware that steal identity and financial information that should remain private. Consumers are wise to protect their personal computers (laptops, tablets, and smart phones are computers too) with antivirus software and a firewall. These security tools are not perfect, but along with common sense they will thwart well-known attacks, and preserve some privacy.
Internet-based information backup services (e.g., Carbonite and MyPCBackup) offer low cost space, usually encrypted. These are ideal for limiting data loss associated with your PC’s malfunctions. These services do a better job enforcing security in their cloud than most individuals do for their PC. But they can also fail spectacularly as did Amazon S3, taking down four popular storage services that use Amazon’s cloud. Presumably it was a mechanical or software failure. Occasionally, civilian criminals breach security on financial databases and collect thousands of opportunities to commit fraud. Sometimes they just dump digital graffiti on the webpage of their target, or post embarrassing information about their targets.
State sponsored cyberattacks use similar tactics, but their goals are different and they have much deeper resources (e.g. fake credentials). Theft of trade secrets can help the attacker-nation avoid expensive investments usually needed to develop advanced technologies. Theft of military information can nullify hard-earned advantages or protections. Cyber-intrusions can also grab physical control of machinery (as Stuxnet did to Iran’s centrifuges); or it can allow the attacker to control or hobble the victim’s power grids, dams, pumps, even air traffic control (collectively these are called SCADA systems – supervisory and control networks for infrastructure). Highly effective sovereign hackers are active on behalf of North Korea, Iran, Russia and others, especially China.
These threats can’t be ignored. They demand better security for everything attached to the internet. US government and corporations can repulse these state-sponsored cyber warriors, but that aggressive effort will mean some loss to our privacy. Legislation called Cyber Intelligence Sharing and Protection Act (CISPA) addressed this tradeoff but strong opposition came from the loss of privacy. The White House threatened to veto it and the bill died in the Senate during 2012. The legislation will be reactivated in 2013 but now sentiment has changed in its favor. The White House issued an executive order implementing the steps it can authorize prior to the bill’s passage.
In some respects the choice of emphasis between privacy and security was made for us in the early days following 9/11, when the Patriot Act set out authorities and procedures for probing the activities of Americans. For additional latitude, secret courts are available to authorize intelligence gathering by US agencies. Commercial and police surveillance cameras are omnipresent in US and European cities, and many are networked. Facial, DNA, and print recognition are real. Technologies to monitor Internet and voice traffic are well developed. The main contribution from CISPA is to allow companies to share data on cyber intrusions with US investigative agencies. Companies were ready to do that 6 or more years ago. Consumers would do well to pay close attention to the TV show Person of Interest — it may be where we are headed.
Alan Daley is a retired businessman who lives in Florida and who follows public policy from a consumer’s perspective.