Missed a Data Summit session? Watch on demand here.
Along with deadly Russian military operations, Ukraine continues to suffer from cyberattacks, which officials say could also spread to US and European targets. So far, private tech companies have played a key role in exposing alleged Russian-backed threats, including Microsoft notifying the White House and Ukrainian officials of new Russian malware just hours before military units entered. Russians in the country. While the sharing of this information by private companies is necessary and indeed should continue, it is the public sector that must take the lead here. This is all the more important as national security and the safety of civilians could be at stake.
In addition to government and military-related targets, the alleged Russian attacks have also targeted banking websites, clearly affecting civilians and causing fear, panic and disruption. In fact, it is cyberterrorism, an emerging phenomenon that will continue to grow as life becomes increasingly digitized and technology – and technological weapons – continue to advance. Cyberterrorism is no less dangerous than traditional physical terrorism and requires just as much government effort and investment to combat it.
It has become clear over the past year that cyberattacks can kill. And many say they already have. For example, in September, an Alabama mother filed a lawsuit blaming the death of her baby girl, born with complications, at the hospital, which she says failed to provide adequate care in due to the failure of some of its computer systems. a ransomware attack. Although this attack was blamed on a criminal gang looking to make money rather than a political or state-backed group, it nonetheless shows that the disruption of networks and data – like Russia’s would have done in Ukraine – can kill. Israel also suffered a blow with a potentially deadly cyber-terrorist attack in 2020 when hackers allegedly backed by Iran tried to dramatically increase chlorine levels in the drinking water supply, which could have poisoned people or cause a failsafe to trip, shut down the system and leave people without water. Cybersecurity systems detected the attack and stopped it; but there’s no guarantee they’ll catch the next attempt.
Cyberterrorism is still in its infancy, with tools still quite basic; in fact, the most common type of cyberattack Ukraine is currently experiencing – known as a distributed denial of service attack in which hackers flood servers to shut down the website – is the same type that Russia has used against Estonia in 2007, which shut down the websites of banks, government departments, newspapers, businesses and other sites that civilians relied on for online services and information.
We cannot assume that these tools will remain the same; they will likely become more advanced in both their abilities and their execution – a frightening prospect indeed. But what is even scarier is that most governments around the world remain unable to stop even these known methods and tools of state-sponsored cyberattacks, let alone zero-day scenarios and future types of attacks. This must change; More advanced and coordinated action by governments is the only way to prevent the threat of cyberterrorism from becoming the equivalent of 9/11.
Increasingly, state-backed cyberterrorists are targeting banks, hospitals, food manufacturers and other businesses that may well be privately owned, but whose public relies heavily on them for essential services. Civilian lives, entire economies and the sense of security present in democracies are all at stake here. Relying on private companies and their cybersecurity efforts as the primary line of defense against more and more severe attacks is no longer sufficient or appropriate.
Governments around the world, but especially Western democracies increasingly threatened by advanced cyber actors like Russia and China, need to step up – and with more than regulations. Even though financial services, critical infrastructure, and other sectors must adhere to cybersecurity regulations, the government must provide funding and training to ease the burden on them. Governments that have invested heavily in cybersecurity services in recent years must also be more willing to put systems in place to share information with the private sector and go on the offensive against cyberterrorists when needed. After all, governments are the only ones allowed to buy offensive cyber attack tools; the private sector is prohibited from buying and using them even when they could potentially be needed to stop attacks and save lives.
In Israel, we are seeing the beginnings of increased state involvement in the fight against cyberterrorism, with the creation of a National Cybersecurity Directorate in 2017. The directorate not only meets regularly with other units of government and military cybersecurity, but also collaborates with a number of private companies. on vulnerability disclosure and engages in threat hunting on behalf of the private sector. As the co-founder of a cybersecurity unit in the Israel Defense Forces and after more than a decade of experience in the private sector, I can say that detecting and mitigating state-sponsored threats require professionals with government and military cybersecurity experience, which most private companies lack.
There should also be more cyber aid to vulnerable countries that lack resources. Perhaps one of the reasons why the attacks on Ukraine have not caused such significant damage, at least so far, is due to the increase in cyber aid announced by NATO. last month. While such assistance can be fragile because countries are careful to protect their knowledge and capabilities, even from allies, it is becoming increasingly essential. It will no doubt begin to step more out of its traditional place behind the scenes and play a more prominent role in diplomacy, especially as cybersecurity is now essential to stability and the protection of civilian lives.
But there is still a long way to go if we are to avoid a scenario in which civilians find themselves without access to money, health care or clean water – or worse, if attempts to seek treatment in hospitals attacked or filling a glass of water from a tap leads to death. Governments are eager to play defense in cyber warfare; they must dictate the terms of how to fight it now. They must go on the offensive.
Reuven Aronashvili is founder and CEO of CYE.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.
If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You might even consider writing your own article!
Learn more about DataDecisionMakers