Welcome to the Age of Malware. It promises to be a huge downer and, possibly, a great tragedy.
For years, we have regarded personal computers, the internet, smartphones and various digital devices as evidence that America continues to dominate the central new technology of our time.
The reality, of course, is much different. By now, millions of Americans – probably most – must recognize that the internet and its digital sidekicks constitute a double-edged sword. They provide services (photography, maps, email) that now seem indispensable. Yet, the same technologies increasingly pose a fundamental threat to our way of life.
Hardly a day goes by without news reports of the internet being used to undermine our democracy, steal people’s personal information (names, Social Security numbers, credit scores, health data and the like), hijack corporate secrets and attack “critical infrastructure” – the power grid, financial and communications networks, water and transportation systems.
The injection of malware – computer software (“viruses”) that aims to corrupt legitimate data systems – has become an everyday occurrence. Other digital vulnerabilities abound. Just recently, the Pentagon curtailed military personnel from using global positioning devices, because they can help adversaries monitor our troop movements.
It’s difficult for Americans to deal with these questions, because we want to play both sides. We deplore other countries’ (read Russia, China, Iran and North Korea) use of the internet to attack their geopolitical or commercial rivals.
But we are not innocent victims. David Sanger, a reporter for the New York Times and author of “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age,” rates Stuxnet – a joint U.S.-Israeli virus that temporarily destroyed Iran’s nuclear centrifuges – as a highly successful use of the internet for strategic purposes. Similarly, Sanger presents much circumstantial evidence that, via the internet, the U.S. caused North Korean missiles to fail. (Kim Jong Un apparently solved this problem by changing rocket designs.)
Still, Sanger is not overly impressed with U.S. cyberagencies, partly because they couldn’t protect their own data. The National Security Agency – the citadel of the government’s cyberskills – experienced the theft by Edward Snowden and a successful hacking by a group called Shadow Brokers, thought to be Russian. The heist involved NSA’s own cyber “tools” used to gain entry into other countries’ data systems.
The gravest dangers involve hacking “critical infrastructure” – power plants and the like – which could cause widespread public disorder and chaos. At a recent public briefing, the Department of Homeland Security conceded that foreign (presumably Russian) hackers have penetrated some utilities and could have turned off the electricity.
Warfare has changed. By Sanger’s description, there are at least four defining characteristics of the new cyberwarfare.
First, compared to large and expensive armies and navies, a cybercapability is inexpensive. “Cyber weapons are so cheap to develop and so easy to hide that they have proven irresistible” for large and small powers alike, writes Sanger. This implies a proliferation of cybercapabilities, including for non-state actors.
Second, “Unless shooting breaks out, it will always be unclear if we are at peace or war,” he argues. “Governments that cannot stand up to far larger powers with conventional armies will have little incentive to give up the advantages that cyberweapons offer. We are living in a gray zone, one of constant digital conflict.” Cyberwarriors of all varieties will constantly be testing their own capabilities.
Third, the advantage lies mostly with the attacker. There are thousands upon thousands of potential entry points into various data networks. Even if defenders plug most of them, an attacker needs to find only one to launch an attack.
Fourth, although improvements have occurred in resisting cyberattacks, they are insufficient because new networks – autonomous cars, for example – are being created all the time. “We are getting better. But we are getting worse faster,” one expert tells Sanger.
The Age of Malware is upon us. There is no obvious technical fix for our love affair with the internet. We need to recognize that the things we like about the internet are the same things that make us vulnerable to its dangers. There is no clear separation of the good from the bad. We are flirting with national disaster if we don’t curb our internet appetite.
Robert J. Samuelson is a columnist with the Washington Post Writers Group.
Subscribe to the Morning Review newsletter
Get the day’s top headlines delivered to your inbox every morning by subscribing to our newsletter.