Sep 12, 11:00 AM |
By Peter Schechter
From election hacking to ransomware to the Equifax breach, cyber-attacks seem omnipresent. How can governments and consumers confront the constantly evolving threat?
Cyber crises are everywhere you turn now – from Russia’s interference in the 2016 U.S. presidential elections to ransomware and company-wide data breaches. As technology and bad actors keep shifting, governments around the world are struggling to keep up.
Dr. Mark Kuhr joins Altamar to talk the challenges for cybersecurity – and why the solution doesn’t have to be Big Brother. He is the CTO and co-founder of Synack, an industry-leading crowdsourced security platform that leverages trusted ethical hackers to detect security issues before criminals can exploit them. Ethical hackers? Sounds crazy, but Mark is dead serious. He has also advised the National Security Agency (NSA) and the Defense Information Systems Agency (DISA) and conducted research for the Department of Defense.
Kuhr thinks the reality is even grimmer than people realize. “We’re definitely at risk,” he says. “Cybercrime is predicted to grow annually every year for the foreseeable future. It’s now predicted to cost the world trillions of dollars by 2021… if you’re a consumer, you have to assume that your data has been compromised at this point.”
It’s not just the cost that worries Kuhr – the magnitude of the crisis is also troubling: “It’s really a scale problem. How many devices that you use every day are connected to the Internet? As more devices get connected to the Internet, the number of vulnerable services and vulnerable applications will increase.”
According to Kuhr: “There’s been a general lack of attention to privacy and security of major systems that the public relies upon – and that’s where the government can step in and put mandatory controls in place.” But as stories of governments abusing high-tech surveillance come to light, the fear is that the cure will be worse than the problem. Nevertheless, Kuhr argues: “In the West you’re not going to see pervasive spying and surveillance… You are going to see more folks in the government trying to push alerts out to the private sector through public-private partnership and try to prevent adversaries from exploiting these vulnerabilities in advance and causing these problems.”
One possible solution is a government agency or industry group to vet consumer products with, for example, a seal of approval. As Kuhr explains: “You buy a device from Amazon and there is nothing guaranteeing that it has been tested for security vulnerabilities… This is a great place where the government can lead and start to insist on some basic cyber hygiene for consumer electronics and other online services.”
Cyber threats have had major repercussions in the geopolitical landscape too, with a new arena for state altercation emerging. “In terms of a broad cyber conflict with either Russia or China, it could go negative pretty quickly if you think about the number of connected systems we have related to water systems, dams and power systems… If we ever get into an escalated cyber war with a determined adversary, they are going to have the capabilities to cause physical, real-world effects from a cyber intrusion,” says Kuhr.
Meanwhile, international guidelines for governments to operate in the cyber world have yet to be established: “You’re seeing some people start to talk about whether there should be a Geneva Convention approach to cyber security and cyber activity of governments. Is espionage allowed? Are cyber-attacks allowed? Are they equivalent to kinetic strikes – is it the same as dropping a bomb on a nation if you shut their power grid off? These are all issues that are still being fleshed out and we don’t have a good international solution for it yet,” says Kuhr.
While cybersecurity conflicts are often discussed in the context of major world powers, the developing world has a stake in the evolving landscape too. Ironically, while many developed countries are burdened with outdated technology that leaves them open to attack, Kuhr believes that emerging nations may have a leg up by starting fresh: “My hope for the developing world is that they get to buy new and get to start off with a clean slate with less technical debt than some of the other developed nations.”
With our personal data at risk and new frontiers of cyberwarfare emerging, understanding the complex world of cybersecurity is more important than ever. Listen to our conversation about this new reality with Dr. Mark Kuhr – available for download here.
Peter Schechter works in both politics and policy. He served as the Atlantic Council’s senior vice president for strategic initiatives and previously co-founded a premier strategic communications company, working as a political campaign advisor in more than 20 countries. Muni Jensen is a former Colombian diplomat, columnist, and television political commentator.