So what's it worth to you to prevent world-wide economic collapse, or even a major interruption of essential services, like power or water?
These are not hypothetical questions. Nor will they be caused by the Eurozone disaster, a double-dip recession, the disintegration of institutions deemed "too big to fail," or government spending run amok.
I am talking about cybergeddon -- or the endgame of cyber warfare. A concept well-worn in national security organization conference rooms and the situation rooms of nations around the globe. It is somewhat newer to the front page of The New York Times, which has recently featured several investigative reports regarding Stuxnet and Flame, two potent worms created for international espionage that got loose and went viral.
We all know the hackers are out there. That's not going to change. The question is this, can we change the dynamic, or more to the point, can we hire them -- a whole lot of them? Simply put, how much should nations pay to build a cyber army (both civilian and military) of "white hat" hackers and talented computer security experts with the skills to out-hack or "out-code" the legions of nation state-sponsored or politically-motivated cyber terrorists sworn to destroy our way of life?
Everywhere we turn, there are reports of public and private sector breaches and compromised data. The SEC requires publically traded companies disclose data breaches, and especially when intellectual property is stolen. Even when the forces of good arguably get it right, unintended consequences and leaks jeopardize the results.
Stuxnet is just one example. Written by American and Israeli spy agencies to sabotage Iran's nuclear enrichment facilities, it at least partially succeeded in its mission, The New York Times revealed early this month. Unfortunately, its creators did not account for the possibility that it might escape. It did. In fact, both Stuxnet and Flame escaped. The result is scary: the bad guys have these worms and can use them.
The Stuxnet story became public in 2010 because a programming error enabled it to leap out of its confines and circumnavigate the glove via the Internet.
Two days after the recent Times article, came the report about Flame, another international spy-grade superbug. This one had compromised the Fort Knox of software companies:
"Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs."
There are lessons we can draw from these stories. None of them are particularly comforting.
I have one recurring nightmare: What if an anti-everything organization (let's not pick on anyone unnecessarily) managed to create a network of believable hackers and pay them well, and these hackers, the best in the world, were joined together to shut down part or all of our critical infrastructure? There would be an economic meltdown the likes of which has never been seen.
After almost a decade of increasingly sophisticated and large data breaches, hackers are sitting on a huge amount of information about you and me, literally hundreds of millions of records -- our names, passwords, contacts, account numbers, and everything else needed to destroy a person's professional and financial life. They know where we live, and they can drain bank accounts, turn off the lights and max out our credit cards with the tap of a key. And what's to stop a consortium of like-minded anti-everythings from hitting that key?
Furthermore, some well placed sources have told me that the Department of Homeland Security struggles to recruit talented people who are U.S. citizens and can pass the rigorous background screening required to obtain the appropriate security clearance because historically more bucks and bragging rights are on the side of institutional breaches than in public service (This 2010 study from the Center for Strategic & International Studies elaborates on these struggles). Maybe it's time to pay so much money that loyalty is assured from non-citizen warriors.
Unlike the China, India, Pakistan, and Eastern European nations, who may at some point be aligned against our interests and where the problem is taken very seriously, according to international standardized test scores, the United States is not making the appropriate investment to encourage our kids to get into the hard sciences, math, engineering and critical thinking academic disciplines which are fundamentally essential to fight this digital war.
If we're serious about getting the best and the brightest, we must do what it always takes to get the best of the best: educate them, nurture them and pay them top dollar. One friend told me many years ago that you can't beat Wall Street social irresponsibility; you can only join the club. Right now, our society pays a king's ransom to the wizards of finance and social networking, but nowhere near enough to the real engineers who are so desperately needed. And without the latter, there will be no need for the former.
Wouldn't you agree that appropriately educating, nurturing and hiring the world's best hackers to protect us from those with similar skill sets is at least as important to the world economy as hiring wunderkind lawyers to protect America's corporations?
There is simply no alternative. How long could the world economic system last without the Internet? Without electricity? Lets stop screwing around and seriously invest in top hacking talent now, so we never have to find out.
This article originally appeared on Credit.com.
Follow Adam Levin on Twitter: www.twitter.com/Adam_K_Levin
Nick Turse: The New Obama Doctrine, A Six-Point Plan for Global War
John Tirman and Abbas Maleki: Iran Nuclear Talks: What to Do in Moscow
Chris DeVito: The Other Story About Iran and the Internet
Michael Brenner: Leaks & Winks: America at the Brink
http://www.huffingtonpost.com/2012/04/05/anonymous-china-government-sites_n_1405379.html
It's really not all that hard to find if you are really interested.
Stuxnet would not have been possible if the US government hadn't provided equipment (centrifuges) to work with to develop it.
Hackers aren't going to pass Homeland Security's requirements in enough numbers to do more than act as a rear-guard force.
It's the MARKETPLACE that has left us where we are. A MARKETPLACE that DOESN'T value security enough to do it right. A MARKETPLACE that seeks immediate results over correct results.
Unless the GOVERNMENT steps in and holds corporations responsible for their security flaws - REALLY holds them responsible with imprisonment of management that determines that security is less important than eye-candy and web 2.0 bling, we're all going to be at risk.
This isn't a secret. It's been known for decades. But the MARKETPLACE knows all, right?
We are Legion.
We do not Forgive.
We do not Forget.
Expect us.
As these hacking wars increase and perhaps become major conflicts between the USA, China, and other countries these groups will wield a lot of power and unlike anonymous not draw a lot of attention to themselves, nor prance around like celebrities with silly little cache phrases, "we are legion - do not forgive - do not forget".
Sure it is important to have our own cyber warriors, but it is equally important to have an internet more resistant to attack. For example, the FBI can shut down sites that it doesnt like by removing their registration from high level servers that convert names like microsoft.com into their actual addresses. All without prior judicial review. Another problem that most people dont know about is denial of service attacks where a network of computers hijacked by hackers can shut down access to a legitimate site. Or better defense against spam. We need to be able to defend against all this with loosing the freedom of the current internet.
Solving these problems making the Internet more resistant to attack takes money, but it should be done in the open not in some secret NSA lab. The government doesnt care a whit about freedom, it is only interested in control. This is particularly true of congress which is in the control of Hollywood and other special interests.
For what its worth, I'm a progressive liberal, not a libertarian.
That said, we--humans--once lived without "the internet". We many well go into "withdrawal" without it, but, push come to shove, we can again live without it.
We can also go back to using cash--and many of us might be better served to start doing that now.
However, since you mentioned water....
FYI: We--humans--have NEVER lived w/o water. Barring an unforeseen change in policy, you can be frackin sure that clean drinking water is going to be a rare commodity for future generations.
MAJORITY of cases? Since when? Where do you get these statistics?
I had many friends who were international students in comp sci and the idea that you are insinuating something like this is absolutely horryfing to me.
Those you want to hire would never be able to fit in with the banks, government agencies and spy networks, which was alluded to in David Fincher's "Girl With the Dragon tattoo".
Chaos and big money rules.
The only hacker movie that I've seen which came close to touching on this was a German film called "23." The scene in touched on is dated, as this was pre-internet days. It was Commodore days. But, if you're interested in the culture, and knw the story of the german teams who began working with the KGB, it's worth a watch.