The Department of Homeland Security has declared the United States has 16 “critical infrastructure sectors.” Translated, that means these enterprises are crucial to a safe and orderly society. The sectors include: food and agriculture, water, medical and health care, energy, transportation, telecommunications, law enforcement and, of course, our defense systems.
With increasing regularity foreign-based cybercriminals are attacking these vital systems and temporarily crippling essential services. Why? Sometimes these keyboard terrorists simply want to create mayhem. More often they are mining for government or corporate secrets, and quite often they seek ransom before they unblock a victim’s disabled computer system.
Item: On June 1, we learned JBS, the world’s largest meat producer, suffered a massive ransomware attack and had to cease operations at 13 U.S. processing plants. There was worry consumers might face a beef, pork and poultry shortage. Thankfully, the company had cybersecurity plans in place, and the shutdown was short.
Item: On May 8, the Colonial Pipeline, a major energy supplier that carries 100 million gallons of gasoline daily to customers between Houston and New York, was paralyzed by a cyberattack. Operators were forced to shut down the entire system to stem the damage. Panicked gas buying resulted. A Bitcoin ransom was paid to restore normalcy. In a rare move the FBI was able to claw back some $2 million of the payout.
Item: In December 2020, Solar Winds, a major U.S. technology firm, was reported to have discovered its system had been infiltrated for months by computer criminals who were after sensitive corporate and government intelligence. The hackers were able to spy on private companies like Microsoft and top officials within the U.S. government including the Treasury Department and, yes, even Homeland Security.
Item: Last October, in the worst days of the pandemic, hospitals across the U.S. suddenly found their computer data scrambled and held hostage to multi-million-dollar ransom demands. The suspects behind the cyberattacks were also thought to have perpetrated similar sabotage upon several local governments and schools.
In all these cases it is suspected that Russian citizens, many connected to President Vladamir Putin’s foreign intelligence service SVR, were behind the crimes.
Russian cyber-agents aren’t the only threat. Reuters reported in February that Chinese hackers were suspected of breaking into the Department of Agriculture’s payroll system, potentially exposing personal information on thousands of government workers. Cyberterrorists in North Korea and Iran are also suspected of sabotaging U.S. concerns.
This type of espionage has been going on for years. The Pentagon, the White House, the New York Stock Exchange have all suffered attacks. If space allowed I could go on and on listing all the debilitating cyber assaults and near catastrophes on our most important institutions.
It’s time for important questions to be answered. Are we doing enough to combat this scourge? Are our water supplies and electric grids safe? Imagine life without your bottled water, phone, computer, ATM or summer air conditioner! Since much of this cybercrime is believed to be sponsored by foreign governments, must U.S. companies listed on Homeland Security’s critical infrastructure roster pay for all anti-cybercrime systems or should the federal government step up and offer assistance?
Surely experts in Washington are trying to combat the problem with the brightest minds they can find. A public reassurance about that would be nice.
But what about a little tit-for-tat here? How about a stern announcement from the White House that says, in effect, when a country allows computer criminals on its soil to attack us, we will retaliate in kind. Shut down one of our food processing plants, and we will shut down two of yours; extinguish one of our electric grids, and we will turn off three of yours. I’m thinking Putin or China’s President Xi Jinping might then take steps to curb their local cyberterrorists since they are sure to know exactly who and where they are.
It feels as though the United States is a sitting duck in this age of cyberwarfare. It’s time to get our ducks in a row and remember Teddy Roosevelt’s motto to “speak softly and carry a big stick.” Today, the time to speak softly is long gone. If there was ever a time to carry a big stick, it is now.