Hurting more than just pixels
This editorial ran in the Washington Post:
One fallacy about cyberattacks is that they hurt pixels, not people. A cyberintrusion might steal emails, empty bank accounts or compromise identity but probably can’t do real damage in the physical world, or so the thinking goes. There are exceptions: The Stuxnet worm that the United States and Israel unleashed against Iran’s nuclear enrichment centrifuges caused physical damage — compelling the machines to spin too fast and break — but that was a sophisticated sabotage operation, not an everyday occurrence.
Now, the danger has moved closer to everyday. The wave of malware that spread across the globe last week, called Petya by some analysts (and NotPetya by others), suddenly locked up computer systems being used to manage oil companies, airline flights, electrical grids, container ships, ports, banks and government ministries. Even the computers monitoring radiation at Chornobyl, scene of the world’s worst nuclear accident, were silenced.
How far away is the moment when a power outage caused by a cyberattack throws a hospital into darkness, causing patients to suffer, or die? Or leads to even more frightful consequences?
There is no magic solution that can stop a threat such as this, one that crosses national boundaries and infects real-world systems. The latest attacks show once again that, for all the wonders of the digital revolution, bad actors are constantly innovating too, looking for ways to disrupt, thieve and destroy.
There is no substitute for vigilance and defence, especially protecting all-important critical infrastructure, hopefully stopping the malware before it manages to turn off more than just pixels.