Worldwide attack demands collaboration
Surgeries at some British hospitals were cancelled. Deliveries by FedEx were disrupted. In Spain, gas companies and telecoms were hit. Some car factories in France had to stop production. One-thousand computers in Russia’s interior ministry were infected.
And, experts say, that’s what getting lucky looks like. This weekend’s international cyberattacks could have been so much worse. But for the actions of a young cyber researcher in Britain, who found a ‘kill switch’ in the Wannacry ransomware, this story could be much scarier. How bad? British nuclear submarines use the same version of Windows that was victimized by the attack. Picture what could happen to submarines armed with nuclear weapons if their computer controls were frozen in mid-operation.
This isn’t science fiction. Cyber crime and terrorism are taking on new and frightening dimensions. Hysteria is unneeded and unwise. Extreme concern is not.
Computer giant Microsoft says the attack should serve as a wake-up call. Let’s hope Microsoft is looking in the mirror when it says that, considering that it was a security flaw in a recent Windows release that was exploited. The company issued a patch but many computers had not been updated. The weakness is thought to have been discovered by the American National Security Administration.
And yet, 200,000 people in more than 150 countries were caught flat-footed. That’s not the worst part. One threat has been neutralized, but even the cyber sleuth who discovered the fix has worried aloud that the hackers will simply find a new way to enable the ransomware. Plug another hole, and they’ll come up with another new threat. The finger in the dike approach will not work here. That has experts like academic and writer Zeynep Tufekci suggesting that the world needs a “complete overhaul of how technology companies, governments and institutions operate and handle software.” And it has to happen at the highest levels where resources are available. The responsibility can’t be left for cash- and resource-strapped agencies such as Britain’s National Health System.
At every level, we need a new, proactive and collaborative strategy to deal with this sort of threat. Set aside protecting turf and proprietary concerns.
This is hardly the first such attack, although it may be the most widespread, which means the stakes are higher. We’ve heard all these warnings before, but nothing has come of them. We survive the cyberattack and things pretty much return to normal, which is to say, leaving ourselves vulnerable to another such attack, or something even worse.
Governments and the corporate world must stand together on this. If not, Tufekci and others warn, the consequences, sooner or later, will be “unthinkable.”