Saturday 19 February 2011

What Would You Do If Nothing Works?

Americans have become a society dependent on our computers and connectivity. Whether it is productivity in the workplace, efficiency in travel, staying in touch or enjoyment in our leisure time, computers, smart phones and networked systems make it possible.
But what if, suddenly, none of those things worked for a while? Chaos?  Pandemonium? Panic?  Right!  That can’t happen, can it?  Maybe!  The possibility of someone, some entity, some group of hackers or some nation state waging “cyber-war” or “cyber-terrorism” grows with each passing day.
In the past decade, hackers have taken down nine of the 14 servers that run the Internet in the USA.  They have penetrated the Pentagon, the Dept. of Defense, the Dept. of Army and who knows what else—and this was 3-4 years ago, in the 2007-2008 time frame.  Now, in 2011, so much of our infrastructure and day-to-day existence is controlled by computers and communicated by networked devices, that a widespread attack would be even more devastating.
The U. S. government has not publicized successful attacks.  It is also woefully unprepared to stop such attacks, and only now has the threat become so great that increased attention and funding is being directed at detection and prevention.  Our banking, transportation, power grid, Global Positioning Systems (on which our military relies heavily), communications, entertainment, and many more systems rely on internetworking—the Internet and many other networks.
Just this week, a Computerworld article reported that 80% of all web browsers in use are vulnerable to attack.  In fact, all of our systems are vulnerable to attack to some degree, including many of our supposedly most secure government systems.  Simply consider the information that WikiLeaks gained access too—and that was allegedly with the help of human intervention, which is often the case with security breaches.
But is it already too late?  I began research for my novel The Chinese Conspiracy almost ten years ago, when I realized that the technology already existed to virtually shut down an entire country?  Impossible?  Not at all.  As far back as 2001-2002 the Code Red and NIMDA worm viruses infected millions of computers worldwide.  The systems were eventually purged of the malicious code—or so we think—but the disruption was huge.  The know-how of hackers and their tools has only grown greater in the passing decade.
China is growing rapidly in the use of computer & communications technology, as evidenced by recent research reports.  It has also been considered a leader in computer hacking and one of the most often mentioned source for malware attacks.  Russia is also noted for its hacking expertise.  Estonia, the former Soviet satellite, was shut down last year. Sources believe Russian government-influenced “crowd sourcing” was used, presumably to show its could still exert control over its former satellite country.
What about retaliation?  When someone shoots at you, you can usually determine where the shot came from and shoot back.  When you are robbed, you track down and apprehend the perpetrator.  This is very difficult in cyber-attacks.  The attackers hide behind layer after layer of intermediate, but not originating, sources.
Take the recent Stuxnet attack on Iran’s nuclear sites and equipment.  Nobody knows where it really originated.  Rumors abound claiming Israel and the U. S. as collaborating on it, but no one really knows.  Therein lies the greatest threat of cyber-attacks.  By the very nature of their origin, they can be virtually untraceable, offering no enemy to find, counter-attack and defeat.
In their 2011 report, world leaders at the World Economic Forum in Davos named cyber security as one of the world’s top five risks.  Four key areas were identified that pose global risks: cyber theft, cyber espionage, cyber war, and cyber terrorism.  In 2010, a former government official responsible for this area, Richard Clarke wrote a shocking, non-fiction book, cyber war in which he details many past and potential attacks.
To shut down everything in a country the size of the U. S. would require a coordinated attack using a combination of elements.  However, considering that the number of computers believed to have been infected by worm viruses and other malware is in the billions, you see the potential for just such a disaster. The world’s top business leaders, politicians, and policy advisers are growing increasingly concerned over cyber security threats, as shown by their Davos conclusions.
What can any one, any company, or any nation do?  First, be careful; be very careful.  Use every bit of technological know-how available.  Keep every firewall, detection and prevention system right up to date.  Do not assume a “glitch” is merely that.  It often isn’t.  Glitches—temporary outages or freezes unexplained by any other reason—might be the first warning sign of a malware invasion.
It was exactly these scenarios that inspired me to write The Chinese Conspiracy. The book is fiction, but is heavily based on fact, using no imaginary technologies.
Attention to cyber threats is growing with each cyber-invasion that makes the headlines.
Can detection and prevention stop cyber attacks?  Honestly, nobody knows.  The other thing nobody knows is the answer to the question: “What happens when nothing works?”
In my novel I only describe one of a nearly infinite possible set of outcomes.  Perhaps we—our government and our corporate enterprises—need to find out before it actually happens.
John Mariotti is an internationally known, award winning business author.  In The Chinese Conspiracy he merges an exciting fictional thriller with a factual reality of America’s risk from Cyber-Attacks.  His last book, The Complexity Crisis was chosen as one of 2008’s Best Business Books and also one of 2008’s Best Books for Small Business.  Mariotti does Keynote speeches, serves on several corporate boards and is a consultant/advisor to companies on strategy and it execution.  He can be reached at or

No comments:

Post a Comment