Reimagining Cyber 9/11?

The internet for all its possibilities is also highly vulnerable to external threats. During the first session of Synergia Conclave – Security 360, experts PC Haldar and Ajay Goel spoke about the need to protect governments and large organizations from deadly cyber-attacks.

The three-day event was held from 17th to 19th November, 2017 and the first session was titled – Cyber 9/11.

Background

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The origins of the internet can be traced back to the 1960s. The United States Federal Government commissioned research the linking computer systems. By 1990s, the iteration of modern internet came into existence with the linking of commercial networks and enterprises. Today, services and technologies which is part of the internet have been incorporated virtually into every aspect of day to day life.

One of the most potent cyberattacks took place in May 2017 that paralyzed hundreds of thousands of systems across the world. The WannaCry ransomware crypto worm, targeted computers that were running on Microsoft Windows operating system. It encrypted data in the systems and demanded ransom payments in Bitcoins. In one day, it infected over 230,000 computers and the attack spread over 150 countries. Many institutions across the world like UK’s National Health Service (NHS), FedEx, Deutsche Bahn and Spain’s Telefonica were hit. Governments and organizations have proven themselves to be highly vulnerable to cyber-attacks. America's financial institutions like Equifax & Target were hacked in 2017. There have also been reports that North Korea was able to successfully hack and obtain war plans for the Korean Peninsula from South Korean database.

In the recent years, Presidential elections in large democracies like the USA and France fell victim to varying forms of cyber-attacks.

Analysis

P.C. Haldar, Former Director of Intelligence Bureau, Government of India and Ajay Goel, Former Managing Director for Symantec Corporation & Country Director of Sun Microsystems were the panellists for the session  – Cyber 9/11.

Ajay Goel’s address, reminded the audience that in the beginning, the internet was primarily for sharing information, and it was as businesses started to use it that these issue of security started to come in. A reactive approach, he said is necessary, and he then went on to share the newer approaches that were being developed in digital security. “If you can’t see the resource, you can’t hack it” – which is one approach that is being explored. The second is that today end to end data encrypted processes are coming out which greatly enhances security. He also reminded that the quantum computer being a part of our digital reality is only a few years away, and that would change the entire scenario. “Malware will be waiting for decrypting any information. We should have the data encrypted and also think of Quantum Computer, which has huge processing power,” said Ajay Goel, former Managing Director for Symantec Corporation, who was part of the panel for Cyber 9/11.

P.C. Haldar spoke about the fact that it was the absence of technology hygiene – or a failure to follow the prescribed processes and protocol when using the digital media that laid open many vulnerabilities. He noted that there have been continued and sustained cyber-attacks carried out by state and non-state actors with varying agendas and the government has to begin anticipating new types of crimes in order to address it. “The cyber catastrophe is going to be caused by what we are not doing,” he said.  This kind of vulnerability impacts institutions like finance and government too – and would directly impact air traffic & hospitals. And the dangers increase as we consider that there are very determined state and non-state actors involved on a global level. In such a situation, internet governance needs to be heard or listened to a little more.  And if international consensus cannot be reached in how we deal with the issue of governance and security, then we should fall back on regional understanding and agreements or arrangements. He expressed concern over the shortage of cybersecurity personnel in India, and advised that having government led initiatives to rectify this, is an urgent need.

Assessment

Our assessment is that no government or organization will ever be entirely safe from cyber threats. The prospect of "Cyber 9/11" grows likelier every day . The wannacry ranswom ware attack in August affected multitudes of computers disrupting health care providers, insurance companies, telecommunication, power stations, shipping companies, nuclear installations across the globe.  We believe that its likely a matter of time before a major cyber attack hits  civilian infrastructure, but the nature of that digital violation and the means to respond remains uncerain, as many of the most sensitive systems operate under private sector control.