Sometimes the topics of cybersecurity and privacy I discuss hit close to home. Each of us on every gifted day of awakening is prone to experience identity theft, online fraud, or otherwise have our personal information compromised. One constant in this cat-and-mouse game, and the thing that is truly beautiful about the internet that provides the game’s field, is that we are all interconnected as our ones and zeroes traverse the world wide web of computers and mobile devices.
It is because of that profoundly connected state that issues arising in the cybersecurity domain, even those seemingly halfway around the globe, can have the tendency to impact us. One lackadaisical user working from home for their insurance company gets distracted and clicks a malicious email link. That causes some malware payload to enter the company’s network. A hundred other companies provide the user’s company with services. Those law firms, HVAC contractors, office supply wholesalers, and all the rest now must be on guard for whatever infected the insurance company. The countless employees in all those firms use their personal mobile phones on the same WiFi network, and might contract the malady.
Now, where have I heard that series of events play out since early in 2020? Not one reader of this, I suspect, was browsing the Wuhan wet market (or wherever, however the thing began its worldwide devastation). Yet, I also suspect that at this point every reader has been personally or maybe indirectly affected.
This is all to illustrate one reason that you shouldn’t automatically skim past a headline about a faraway government, say Ukraine, getting hacked. Whatever massive organization, rich in both capital and technological savvy, that coalesces toward successfully breaking into a nation-state’s computer systems can just as well wreak havoc in our own systems. Again, the mere fact that Ukraine’s governmental systems are part of our global, interconnected networks should cause concern, no matter that Kyiv is 4,200 miles from the nearest U.S. city.
America and Ukraine have had generally positive relations since the Soviet Union’s collapse in 1991. It is a market economy backed by its free, democratic governance structure. We send Ukraine coal, transportation and agricultural products, and seafood. Ukraine exports its iron and steel, chemicals, and other agricultural products to America. We share membership in the U.N., IMF, WTO, and other international organizations.
One additional thing we share, though for differing reasons, perhaps, and to different degrees, for certain, is a level of adversity with Russia. Ukraine is not ready, as of this writing, to accuse Russia of the cyber-attack. All signs point to the Kremlin. They’ve got the resources. They have the technological acumen. They’re clearly intent on disrupting the peaceful democracy that is Ukraine, up to invading its borders in the same fashion as Crimea.
We don’t need to prove up that Russia was behind the cyber-attack to realize its importance. Ukraine’s subjected governmental systems were captured for media purposes, and others, as displaying the clear-cut warning designed by the hackers: “be afraid and expect the worst.” In 2014 Ukraine underwent Russia’s worst when the Russo-Ukrainian war was launched as Putin levied Russia’s military forces against the former Soviet republic. Since then, U.S. and the world has been on alert. Ukraine’s nuclear arsenal and Russia’s mighty defense operations could be a clash of rare proportion.
The conflict outspans the scope of my focus, which homes in on the cyber-attack. It is that arena, cyberwarfare, that should make the distant war worthy of your consideration. No one would reliably contend that Ukraine’s cyber-defense systems are on par with our own in America. The comparison is more akin to our respective, more conventional military forces. Ukraine pales by that comparison. However, the field becomes more level when looking not at battleships and missiles but at ransomware and cyberwarfare tactics. It’s like the digitized embodiment of the pen being the mightier force. A well-outfitted hacker, free from fear of prosecution and actually encouraged and supported by governmental coffers, can cause far greater damages than a similarly budgeted fire-force operation.
Take that truism and couple it to the aforementioned interconnectivity of all systems, and the generally anonymous nature of online “troops,” and a real problem begins to brew. When Russia, or whomever, made it their mission to hack Ukraine’s government computer systems and send the warning to be afraid, you must know that American government systems are simply a few digits of an IP address away from those attacked in Eastern Europe. If the cyber-terrorists got far enough into Ukraine’s environment to plaster fearful verbiage on its screens, they were only a limited set of ones and zeroes away from doing actual damage, potentially. Is there a difference between a stranger breaking into your house, walking around, picking up family photos, but doing no real damage, and one who breaks in and absconds with your valuables? Of course. But, to experience even that sense of violation is so far along the continuum that the property loss becomes a formality.
At the same time, we cannot affect much of the strife ongoing still in the wake of the Soviet Union’s breakup. We are 4,000 or more miles removed. Thankfully, we enjoy the sophistication and fortitude of an American military, American cyber-defenses, and the technologies involved, much of which is the product of American ingenuity. You may enjoy some calm from these protective blankets so long as you are aware of their limitations, or I should say aware of the capabilities of our foes. During the past decade especially we have seen Russia, North Korea, China, and others, big and small, amping up their cyber-forces. We are one of the global actors in this drama, one who shares the stage with all the others.
Wherever it may be that you read about cyber-attacks, realize how close they actually are.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
