With outbreak of cyberspace war, government must respond swiftly
Twice in the past few months, powerful cyberattacks have wreaked havoc on the world, shutting down tens of thousands of computers, including critical machines in hospitals, a nuclear site and businesses. The attacks were initially thought to be schemes to collect ransom, but their goals — whether money, politics or just chaos — have become increasingly blurred.
One thing seems clear: The weapons for the attack were developed by the National Security Agency and stolen from it.
That’s chilling. After the first attack, Brad Smith, the president of Microsoft, said the theft of the cyberweapons was equivalent to Tomahawk missiles being stolen from the military, and he issued a scathing critique of the government’s stockpiling of computer vulnerabilities. The NSA has not only failed to assist in identifying the vulnerabilities its weapons were designed to exploit but has also not even acknowledged their existence or their theft.
It remains a mystery whether the NSA knows how its weapons were stolen. What is known is that a group called Shadow Brokers started offering them for sale in August and made them public in April. It promised a fresh batch last month, offering them to monthly subscribers.
Former intelligence officials said it was clear the weapons came from an NSA unit formerly known as Tailored Access Operations.
Once publicly available, the weapons can be reconfigured for many purposes and used by anyone with some computer savvy. North Korea was thought to be a culprit in the first wave of attacks, and Russian hackers may have been behind the second.
Other forces may be at work, too. A cybersecurity officer with the IDT Corp. in Newark, N.J., Golan Ben-oni, has made waves with warnings that ransom demands could be a cover for far deeper invasions to steal confidential information.
Secrecy, of course, is the NSA’S stock in trade, and acknowledging authorship of stolen cyberweapons runs counter to everything the spy agency does. A spokesman for the National Security Council at the White House was quoted as saying that the administration “is committed to responsibly balancing national security interests and public safety and security.”
Fixing this deadly serious problem is certain to be complex, but the task is urgent. The NSA clearly needs to do a better job of safeguarding the cyberweapons it is developing and also neutralizing the damage their theft has unleashed.
Microsoft, whose software vulnerabilities were exploited in the attacks, and companies that use its software will have to strengthen their defenses.
Beyond that, the federal government may want to offer grants as incentives to groups doing malware analysis. Once conclusively identified, the culprits behind the attacks must be penalized in some way, such as with sanctions.
While the immediate focus needs to be on concrete responses, it is also worth thinking seriously about more global cooperation, such as the Digital Geneva Convention proposed by Microsoft as a way to prevent cyberwarfare.
The horrible new form of warfare for which the NSA has been developing arms has actually begun.