The United States may have escaped most digital damage from this month’s unleashing of a global “ransomware” virus, though cyber-experts fear more attacks. One possible explanation is that the malicious software (“malware”) harms older versions of Microsoft’s Windows operating system, which most Americans have replaced. Perhaps many users in other countries haven’t. Whatever the explanation, this is not the end of Internet threats.
The unmistakable lesson of recent years is that the Internet is a double-edged sword. Despite enormous benefits — instant access to huge quantities of information, the proliferation of new forms of businesses, communications and entertainment — it also encourages crime, global conflict and economic disruption. The drift seems ominous.
The Russians, it is widely agreed, hacked into the computers of the Democratic National Committee, raising fears that the U.S. presidential election was compromised. In Dallas, hackers turned on the city’s emergency sirens for more than an hour. Cyberthieves stole $81 million from Bangladesh’s central bank, though some of the money has apparently been recovered.
We are dangerously dependent on Internet-based systems. All these incidents threatened the social fabric of the victimized societies. If the Russians hacked the Democrats, who might be next? Could whoever triggered Dallas’s sirens turn off the traffic lights or the local power grid? How safe are electronic financial transfers?
Ransomware validates these fears. What was stunning is how quickly the recent outbreak spread. One estimate had it quickly migrating to 150 countries and affecting 200,000 computers. Despite the rapid response — the discovery of a so-called “kill switch” in the malware that deactivated the virus — the basic message remains: Much health care, transportation and ordinary business might close if deprived of Internet access, whether by hostile governments (North Korea?) or cybercriminals.
This makes the Internet a weapon that can be used against us — or by us. In a presentation to the Senate Intelligence Committee, Daniel Coats, the director of national intelligence, put it this way: “Our adversaries are becoming more adept at using cyberspace to threaten our interests and advance their own, and despite improving cyber defenses, nearly all information, communication networks and systems will be at risk for years.”
The trouble is that we are aiding and abetting our adversaries. We are addicted to the Internet and refuse to recognize how our addiction subtracts from our security. The more we connect our devices and instruments to the Internet, the more we create paths for others to use against us, either by shutting down websites or by controlling what they do. Put differently, we are — incredibly — inviting trouble. Our commercial interests and our national security diverge.
The latest example of this tension is the “Internet of things” or the “smart home.” It involves connecting various devices and gadgets (thermostats, lights, cameras, locks, ovens) to the Internet so they can be operated or monitored remotely. This would be a major Internet expansion and moneymaker.
One consulting firm, Ovum, forecasts that from 2016 to 2021, the number of smart homes worldwide will rise from 90 million to 463 million, with the largest concentrations in the United States and China. Ovum anticipates that each smart home will have nearly nine separate devices attached to the Internet and that the global total will hit 4 billion by 2021.
All this increases the vulnerability of Americans and others to cyberattacks. To be sure, the “Internet of things” will be fitted with security protections. But as we’ve seen, mistakes and gaps occur. Or hackers circumvent security firewalls. The growth of the “Internet of things” creates more avenues and opportunities for hostile nations or rogue hackers to penetrate various cyberdefenses.
The Coats presentation makes this explicit: “In the future, state and nonstate actors will likely use [‘Internet of things’] devices to support intelligence operations . . . or attack targeted computer networks.”
Just how we can or should regulate the tension between our commercial interests and our strategic security isn’t clear. But we can’t even start a conversation if we don’t admit that the tension is real and is getting worse all the time.
Instead of candor, we compartmentalize. We lavish praise on our cybercapitalists — Mark Zuckerberg, Jeff Bezos and others — for their accomplishments while conveniently forgetting that the same technologies also make us less safe. (Disclosure: Bezos owns The Post.) If there are deficiencies with cybersecurity, we consider them separately. We embrace the “Internet of things” without admitting that it’s also the “Internet of hazards.”
The technologies to promote the Internet and protect it are one and the same. We need to consider our addiction in all its aspects, even the disagreeable. But we are in denial.
Read more from Robert Samuelson’s archive.