Bull Session

Cyber-threats and Government

May 18, 2017          

Episode Summary

On The Digital Life this week we look at cybersecurity in the wake of the WannaCry ransomeware attack that affected hundreds of thousands of computers in 150 countries on Friday and over the weekend. WannaCry is malicious software that’s transmitted via e-mail. It encrypts files, locking users out of their computers and threatening to destroy their data if they don’t pay a ransom to the hackers. Last weekend, the malware spread across Europe and Asia, attacking hospital systems, universities, and companies. NHS, the National Health Service of Britain was particularly affected by the attack, causing emergency rooms to turn away patients, and medical appointments and surgery to be rescheduled. The malware behind WannaCry was stolen from the NSA, which raises the question, what is the role and responsibility of government when it comes to cybersecurity?

Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
Hacking Attack Has Security Experts Scrambling to Contain Fallout
Ransomware’s Aftershocks Feared as U.S. Warns of Complexity

Welcome to Episode 207 of The Digital Life, a show about our insights into the future of design and technology. I’m your host Jon Follett and with me is founder and Dirk Knemeyer.

Greetings, listeners.

For our podcast this week we’re gonna take a look at cyber security in the wake of the WannaCry ransomware attack that affected hundreds of thousands of computers in 150 countries on this Friday and over the weekend. So, for those who might need a little primer on ransomware, which is the particular brand of malware which WannaCry represents, so ransomware essentially, it’s transmitted in this case via email, and when someone clicks on it it encrypts the files on your computer and locks you out from being able to access those files, and then threatens to destroy your data if you don’t pay a ransom, and usually that ransom is administered via BitCoin, so that the hacker can continue to sort of build their business that way.

Over the weekend this ransomware attack spread throughout Europe and also into Asia, and I think it was particularly interesting because it spread across multiple continents, seemingly rapidly compared to some of these attacks that we’ve seen in the past. So, for me, this really puts a point on the fact that our physical worlds and our cyber worlds are inexorably intertwined in many important ways now, many sort of frightening interdependencies.

One of those is represented by the fact that we have electronic health records and of course in Britain their hospital systems were affected by this ransomware attack and folks had to have surgeries rescheduled, medical appointments, etc., were unable to be completed because they didn’t have access to the electronic health records.

So, just on it’s face, Dirk, what are your impressions of this latest cybersecurity problem represented by the WannaCry ransomware?

The part of this story that I found most remarkable was the fact that it is software that was likely created by the U.S. government. So, it’s not some random hacker cooked this up and threw it out there, it’s that the U.S. government created this as a weapon and it was leaked or stolen or otherwise misappropriated, and now used to extract ransoms from ordinary citizens, organizations that are generally benevolent among a broad variety of other actors, so to me that’s the most fascinating part, because we know that the U.S. government, like the government’s of other countries, are engaged in cyber warfare, and part of that is creating cyber weapons and deploying them in ways that we are and aren’t aware of, given the nature of espionage and cyber war in general.

So, it’s interesting, kind of caught with our pants down, similar to Russia being caught with their pants down in terms of their undermining the United States election in 2016. So, it’s one of those things, you know it’s out there, you take for granted it’s out there, but once it’s exposed, it’s kind of embarrassing. It makes you wonder and question what the hell it is we’re all doing.

Yeah, that’s an excellent point, Dirk, and I wanted to pick up on sort of two aspects of that. One is that when you’re talking about cyber warfare, the battleground is diffuse and sort of embedded into civilian life, right? So, when you’re talking about more traditional warfare, or physical warfare, there are certain rules in place, or at least there are international norms that dictate sort of who the combatants are and what is a worthy target for warfare.

Now, not all of those rules and conventions are necessarily applied all the time, and there’s certainly plenty of examples of what we’ll sort of broadly call terrorism where civilian targets are very specifically gone after, but generally speaking, when we consider general warfare, we think of soldiers. We think of tanks, planes. We think of large-scale assaults, perhaps, or maybe Green Berets or what have you.

But conventional warfare has its rule sets, which are completely upended when you’re talking about cyber, for a couple of different reasons. One is that the whole point with cyber war is that you can disrupt an enemy’s general operations, whether it be something to do with their power, or their information technology, or their communications, or what have you.

Additionally, it’s disproportionately … sort of has tremendous leverage, right? So, a small actor can have an outsizes effect on his or her enemy, and then thirdly, the way in which these attacks propagate is unpredictable. So, there are certain types of weapons that have unpredictable outcomes, but for the most part, we know when you drop a bomb somewhere it’s gonna explode and just affect that area.

With a cyber attack of this type you just don’t know what the end game is going to be. You don’t know what’s going to happen with this ransomware. It could be affecting a hospital system in the U.K. and then all of the sudden there is a telecom in Spain that’s having problems, or a university somewhere else. It’s much more — at least for the time being — harder to control, I think.

So, some of that is just the nature of cyber itself, the way these things spread, and then some of that — as I mentioned earlier — we don’t … the rules and norms of this type of warfare have not yet been established.

Rules and norms in warfare is sort of a fallacy, right? Over the course of history of war, yeah, there are times … at different times there are different rules and norms around warfare, but the fact of the matter is, when one side starts to lose, they kind of throw those norms out the window and employ whatever means are necessary to win. The notion of an entire state using methods of war that are targeted at civilians is a fairly modern construct with total war in World War 2.

It happened in isolated cases in history, but since World War 2, largely because of technology, frankly, the limits have kind of been ripped off. Sure, we have Geneva Convention, we have different rules, but if you look in different cultures, from the former Yugoslavia, the horrible genocide that was going on there 25 years ago, things that are happening in the Middle East now, in Africa, in a number of places, those rules are totally thrown out the window.

Genocide is being perpetrated, mass rapes and horrible treatment of the civilian population, so you know, I think rules and norms of warfare have always been a little on the mythical side. It’s all well and good as long as we both think we have a chance to win. Then once one side thinks they’re going down, kind of everything is out the window. But, you know, it’s a modern reality over the last — what’s the timeframe now — so, World War 2, 75 years.

Total war is kind of the way things go. Civilian populations are getting sucked in, technology is a big, big part of that, and this is a new flavor of technology, a new flavor of war. I mean, thank goodness that the consequence, so far, isn’t a whole generation of lads sent off to a trench to be destroyed physically or mentally. The cost of cyber war, specifically on all of us as individuals pales in comparison to the sacrifices of life and sanity that were made in more conventional war.

So, the problem is war. Let’s freakin’ move past it people. Humanity has evolved to a point where war is ridiculous. We should be able to move beyond nationalism, we should be able to move … we have plenty, we have abundance, yet we still have people starving. If we figure these things out from a social perspective, war isn’t necessary. War being necessary is a remnant of our barbarism, of our immaturity that we haven’t been able to shake off yet.

That’s the problem, is war. If there is something happening where I’m trying to gain supremacy over you, and that life and liberty are at stake in the context of that power struggle, it’s going to be an ugly and horrible thing in one flavor or another. We need to not have that happening, which may perhaps sound polyanna-ish, but we are more than capable of it in our current stage of evolution.

It certainly is a radical revolutionary departure — not evolutionary — from how we’re socially operating today, but that’s where the problem is. Until we solve it at that level, we should expect cyber war, other war, genocide, all these horrible freakin’ things happening on this planet.

I think this ties in well to the sort of second part of this subject that I wanted to touch on more, which is really, what is the responsibility of our government in sort of the cyber security and cyber war areas, because as you pointed out earlier, the NSA made this particular vulnerability … or, they didn’t make it available, but it was from their research that was then exposed by a hacker group, so there is an interesting problem there, because in a lot of ways the vulnerability was being stockpiled by the NSA, was being kept hidden for the purposes of using it as an exploit at a later date by our own government.

And in this particular case the genie got out of the bottle and is now being used by another group, for malicious activity. But, ultimately, what are the responsibilities of government to ensure that the cyber realm remains safe for, call it civilian actors. I don’t know what your thoughts are on that piece.

Yeah, I mean, the government is responsible to protect the civilians. What that means, how that translates to cyber warfare, I’m not qualified to say. We’re dealing with things that we obviously don’t have control over, but we’re forced to deal with them because our opponents are mirrors on the world stage. The Russias, the Chinas. They most certainly are.

So, we must participate in that game. We must participate in that battle. In so doing, we’re dealing with combustible, dangerous things. I think they’re a lot less dangerous than our nuclear arsenals, but it’s yet another really toxic, unpredictable thing that we have here that could have unintended consequences that you and I aren’t even qualified to speculate about.

So, we’ll leave it there for today, but I can only imagine … we’ve been seeing these types of attacks only increase over time, and I’m sure, once again we’ll be discussing another one of these fairly soon, I’m sure. Listeners, remember that while you’re listening to the show, you can follow along with the things that we’re mentioning here in real time. Just head over thdigitalife.com. That’s just one L in the “digital life,” and go to the page for this episode. We’ve included links to pretty much everything mentioned by everybody, so it’s a rich information resource to take advantage of while you’re listening, or afterward if you’re trying to remember something that you liked.

You can find The Digital Life on iTunes, SoundCloud, Stitcher, Player FM, and Google Play, and if you want to follow us outside of the show you can follow me on Twitter @jonfollett, and of course the whole show is brought to you by Involution Studios, which you can check out at goinvo.com. Dirk?

You can follow me on Twitter @dknemeyer, and thanks so much for listening.

So, that’s it for episode 207 of The Digital Life. For Dirk Knemeyer, I’m Jon Follett, and we’ll see you next time.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *