Sony Pictures CEO Michael Lynton described the recent hack of his company’s network as “the worst cyberattack in U.S. history.” Much of the media was even more hyperbolic, using terms such as “devastating,” “onslaught” and “catastrophic.” For some, it signaled a watershed moment: the era of global cyber warfare.
- Obama: U.S. will respond to North Korea cyberattack
- WATCH: Sony faces $100 million loss as hackers demand 'The Interview' not be released
- Sony releases 'The Interview' on Youtube, other Internet channels
- Cyber-defenders warn: Israel vulnerable to attack
- Behind the ISIS hack of the U.S. army
- Obama seeks enhanced cybersecurity laws to fight hackers
- Amy Pascal steps down as Sony chief two months after hacking scandal
Given that the stakes are so high, it’s worth understanding what’s actually going on. A few weeks ago one or more hackers (the number is unknown) breached Sony’s network-access-control mechanisms and stole a significant amount of data, including millions of emails and corporate documents. Whether or not they left viruses or Trojan horses behind is still unclear.
From a technical perspective it seems to have been a fairly simple and unsophisticated frontal attack on a badly secured network. The documents the hackers stole will certainly embarrass some outsize Sony egos if released (Sony has mobilized an army of lawyers to stem the slow dribble of the documents into the public arena) and Sony will probably suffer some strategic damage from the exposure of classified documents.
Not even worst of the year
But the worst cyberattack in U.S. history it certainly wasn’t. The recent JP Morgan hack, in which millions of investor files were stolen, was far more damaging to a large number of investors, as were the attacks on Target (credit card details) and, arguably, Adobe, all within the course of the past year.
Likewise, such viruses as Code Red, Slammer and Conficker infected millions of computers, both individual and corporate, and likely were far more damaging to society as a whole.
What was new about the Sony case was not the attack itself but the fact that it was leveraged to achieve a very non-cyber aim: the cancellation of a film release. The film, as we all know, is a comedy about North Korea, and the hackers – or possibly people jumping on their bandwagon – threatened to release additional embarrassing information about Sony if the film was released on Christmas, as planned.
The rest is history. The film was initially pulled from the cinemas, then released to selected cinemas and finally made available for download over the Internet. Sony was widely condemned for giving in to terror (after initially cancelling the film’s release) and President Barack Obama threatened to retaliate. Two days later, North Korea’s Internet network went down and has yet to recover fully, apparently.
The only thing unique about the Sony incident was how a hack was followed by a physical terror threat, with the former providing the leverage for the latter. Another unusual, though certainly not unique, aspect of the incident was that it appeared to pit governments – in this case, North Korea and the U.S. – against each other on a cyber battlefield.
Stuxnet in a class by itself
It was not the first time that had happened. If we are looking for cyber incidents on which to pin the labels “worst,” “devastating” and “catastrophic,” then there’s only one candidate – Stuxnet, the network worm that is reported to have destroyed at least one-fifth of Iran’s nuclear centrifuges between 2009 and 2012. Israel and the United States are widely believed to have been behind Stuxnet, though both have been too bashful to take credit.
Stuxnet is the reigning king of hacks; beside it, the Sony hack looks like something concocted by junior school kids in computer class. It was fiendishly clever, taking advantage of several previously unknown vulnerabilities in the Windows operating system to penetrate the proprietary Siemens system that managed the Iranian centrifuges.
If anything points to the future of hacking – in fact, to the future of both terrorism and cyber warfare – it is Stuxnet, which (a) targeted industrial systems and (b) was reportedly an attempt by one state or group of states to sabotage the critical industrial facilities of another.
Industry is the real danger area and the acronym to look out for is SCADA, which stands for “supervisory control and data acquisition” systems. Today all major industries deploy or are planning to deploy SCADA systems, which provide both unsurpassed management tools and the huge amounts of data necessary for effective real-time operations and long-term planning. Power-generation facilities, water treatment plants, gas and oil facilities and large infrastructures such as airports all use SCADA systems.
The key features of a SCADA installation are that it is large, it has multiple sites and its facilities are separated by wide distances. (A system controlling facilities that are not dispersed is known as an Industrial Control System.) SCADA systems use coded signals over networks for communications between remote facilities and the center, and between the facilities themselves.
Not kids anymore
And where there are networks, there are invariably hackers. Increasingly, those hackers are not kids looking for thrills by hacking into the Pentagon, but states or large, sophisticated parastatal groups looking to do serious damage to their adversaries.
In fact, the latest SCADA attack may be going on as these lines are being written. Late last week, South Korea reported a cyberattack on its nuclear plant operator, saying that the IP addresses of the attacker or attackers had been traced back to a city in north-eastern China.
That does not mean that the attackers came from China – the IP addresses could have been routed via China from other locations – but it certainly does mean that nuclear plants, probably the most sensitive facilities of the modern economy, have become the targets of cyberattack.
If, as South Korea maintains, only non-critical data was stolen from the computers that manage the country’s 23 nuclear reactors, and that operations were unaffected, South Korea – and the rest of us – were exceedingly lucky. It could have been a whole lot worse.
The bottom line is that as our lives become increasingly computerized and networked, we are more vulnerable than ever to malicious attack and the consequences of such attacks are potentially catastrophic.
Internet of Things
We have already entered – though we may not be aware of it yet – the era of the Internet of Things. (A silly name for a momentous development.) We have gone from the public networking of computers to the mobile Internet and now arrived at the Internet of Things: a world in which non-computing devices are networked and can communicate with each other or with computing centers.
Today, the Internet of Things is seen mainly in the smart home – in which heating, security cameras, music and WiFi systems etc. can be remotely controlled – and the smart car. Also undergoing massive networking are medical devices. Today doctors can examine scans remotely and diagnose via networked sensors on the body. Even heart pacemakers are becoming networked today, enabling medical staff to receive continual updates of a patient’s condition and send adjustment signals accordingly.
But imagine if that pacemaker network was hacked, resulting in the wrong medical procedure being administered by the doctor. Or if the system administering IVs in an ICU ward was hacked to provide 10 grams of a dangerous substance rather than the 10 milligrams prescribed.
Extrapolate that to the nuclear power grid, the global air transport management system and national water carriers. They are all fast becoming part of the Internet of Things and their disruption could have unthinkable consequences.
Computerization and networking have made our lives easier, healthier and more productive. But they haven’t changed – and will never change – the stupidity, maliciousness and destructiveness within us. That intersection of large-scale networking and human failings is where the true danger lies.