Last week, I asked Richard Levick, chief executive of the Washington public relations firm Levick, Andres Franzetti, chief strategy officer of Risk Cooperative, a D.C.-based risk, strategy and insurance consultancy, and Brian Finch, a partner of the law firm Pillsbury Winthrop Shaw Pittman, to join me on What’s Working in Washington to discuss cyber threats. It was a very illuminating conversation.
Finch pointed out how easy it is for criminals to launch a ransomware attack. “We are now at the point where ransomware attacks are free,” is how he put it. Thanks to countless software coders sharing their work on the “dark web” a criminal can launch a successful cyber attack without needing to code or pay the developer. I have heard similar things from others in the national security establishment, and not just for ransomware.
This easy availability means that every American business or government entity should assume it will eventually be cyber attacked, if it has not been already. As Levick put it: “100 percent of companies are going to have to deal with this.”
Andres Franzetti agreed: “a lot of folks just don’t get it.” It’s an arms race. And, it’s a race where it’s a lot cheaper to attack than defend.
We rely more and more on software and the Internet, and as their complexity grow, more and more opportunities for mischief and crime are created. Finch provides an apt illustration by comparing the U.S. space shuttle built in the 1970s, which had 400,000 lines of software code, and today’s average automobile, which has more than 100 million lines. By his estimation, “even if you imagine that only five percent of the code in a modern car could be faulty in some way, that would provide 5 million ways a car could be hacked.” Franzetti sees it similarly, adding that “technology itself creates backdoor liabilities.”
So, let’s be real with each other. Cyber threats are everywhere. The integrity of our society’s public and private institutions and our personal privacy are at risk.
What are we to do? The message each of these experts shared was simple: prepare for the inevitable with a clear eye and a plan. Many businesses have taken the advice of these experts and others to heart and are doing exactly that – they are preparing and planning.
However, while many businesses are adapting rapidly to this new world, our government is distracted by a partisan fight over whether the Russian government hacked our last election. This is a big deal, but while it is resolved there are critical issues that can’t wait.
Many individual businesses remain ill equipped to react to coordinated attacks by state-sponsored hackers. Businesses may be unable to bear the expenses suffered from a successful cyber hacking, and could fail. When these criminals are successful our society needs clear legal principles for allocating risk and liabilities among a business’ management and owners.
Most importantly, our government must define clearly the circumstances when a cyber attack by another nation is evaluated as an act of war or national aggression.
These are hard issues that will require thought, consideration and policy responses. It is essential that we move our government’s response to cyber threats from partisanship to leadership as soon as possible.
The threat to our way of life is not fake. It’s real.
Jonathan Aberman is a business owner, entrepreneur and founder of Tandem NSI, a national community that connects innovators to government agencies. He is host of “What’s Working in Washington” on WFED, a program that highlights business and innovation, and he lectures at the University of Maryland’s Robert H. Smith School of Business.