Blogs

It is the international community’s responsibility to maintain peace and security in the face of growing cyber threats to a society that is increasingly vulnerable because of its dependence on connected technology, Henne Schuwer, the Netherlands’ ambassador to the United States, said at the Atlantic Council on February 8.

“We have to all band together to make sure that this Internet, this cyberspace… will be a peaceful movement around the world from which we all benefit,” he said.

In light of the Russia’s meddling in the 2016 US presidential elections, and concern looking ahead to upcoming elections in Europe in 2017—in France, Germany, the Netherlands, and possibly Italy—it has become necessary to establish a legal framework for the international community to understand a common set of rules of the road in cyberspace.
In light of the intelligence report unequivocally attributing cyberattacks during the US presidential election to Russia, US President-elect Donald Trump must take stock of the magnitude and implications of the Kremlin’s actions, and react appropriately, according to John E. Herbst, director of the Atlantic Council’s Dinu Patriciu Eurasia Center.

“We are facing Mr. Putin, a world leader who is determined to weaken the American position, especially in Europe, but around the world,” said Herbst, a former US ambassador to Ukraine. “It’s very important the incoming administration recognize the seriousness of the problem and take decisive action to deter Russia aggression.” 
The report leaked from the Central Intelligence Agency (CIA) on December 9 confirmed concerns raised during the election campaign: Russia interfered in the US presidential election, with the intent of bolstering President-elect Donald Trump’s campaign. While Washington continues to debate the deeper implications of the cybersecurity breaches and leaks that marred this election season, intelligence agencies and cybersecurity companies alike are confident that Russian hackers are the culprits. As the United States gears up for congressional investigations into the accusations, several European countries up for presidential and parliamentary elections next year—Germany, France, and the Netherlands—worry they will become the Kremlin’s next target. The shift from stuffing the ballots, as repeatedly seen in  elections in Russia, to manipulating cyberspace and social media has given the Kremlin alarming powers to not only help choose foreign leaders, but also to catalyze the breakdown of Western democracies’ liberal values.

While Russia’s interference in the presidential election shocked many in the United States, influence operations, such as the spread of disinformation, cyber-attacks, and cultivation of agents of influence, are a part of the Kremlin’s “nonconventional” warfare arsenal. The Kremlin has actively interfered to sway elections and policies in countries that it considers as part of Russia’s so-called “near-abroad” — the post-Soviet states that the Kremlin sees as its legitimate sphere of influence. 
Russian cyberattacks on the eve of the US presidential elections clearly benefitted one candidate—Donald Trump. How to respond to this meddling is another matter altogether.

The Central Intelligence Agency (CIA) confirmed in a secret assessment first reported by The Washington Post that Russia was involved in the cybersecurity breach of both the Democratic and Republican National Committee networks.

The release of information connected to the Democratic National Committee (DNC) was “an attempt to influence, not directly the results of our election, but reframe the narrative around them that clearly benefitted one candidate over the other,” said Alina Polyakova, deputy director of the Dinu Patriciu Eurasia Center and senior fellow with the Future Europe Initiative at the Atlantic Council.
In October, Mirai malware used default login credentials to compromise thousands of routers, digital video recorders, Internet cameras, and other Internet-connected devices. Mirai then created a botnet with the hacked hardware and targeted Dyn, a key provider of domain name services. The result wreaked havoc across the Internet, taking down several prominent websites and disrupting services for millions of users. Put another way, Mirai was a digital assassin who fired a sniper’s bullet at an essential Internet node. Speculation on the hack’s origin and purpose ranged from Russian cyber teams conducting pre-election disruption tests to Wikileaks supporters protesting against Ecuadorian authorities.

Notably, Mirai did not affect any Department of Defense (DoD) assigned Internet protocol (IP) addresses. Even more intriguing, this avoidance was by design. An analysis of the botnet’s source code shows the writer excluded DoD IP ranges. The analysis goes on to describe the likely author as “a skilled, yet not particularly experienced, coder who might be a bit over his head.” This assessment might be valid, but I find the humor short-lived.
In the rush to produce cost-effective connected devices, not enough focus has been placed on security measures. The cost of such inattention became evident on October 21 when hackers exploited vulnerabilities in hundreds of thousands of everyday devices, including baby monitors and cameras, to cripple the Internet. This attack was merely a sign of things to come, said a cybersecurity expert at the Atlantic Council.

“This [cyberattack] is essentially in part fueled because the economics are such that we want these technologies, we want them fast to market, we want them inexpensive, so many of these devices have incredibly low margins, [and] have no security [measures],” said Joshua Corman, the director of the Atlantic Council’s Cyber Statecraft Initiative.
In an election season marred by cyberattacks—an activity the White House has blamed on Russia—the security of voting machines is a prominent concern for voters.  Such concerns could undermine voters’ faith in the system as well as the legitimacy of the result of the presidential election, the Atlantic Council’s Daniel Chiu said in Washington on October 19.

“Hackers may not even need to actually compromise voting computers or systems to undermine the people’s trust in the election results,” said Chiu, who is director of the Strategy Initiative in the Atlantic Council’s Brent Scowcroft Center on International Security. “[M]erely a credible claim of doing so could compel voters to cry foul, undermining the legitimacy of the vote, at home in the United States, and abroad,” he added.
As a consequence of our dependence on gadgets that are increasingly interconnected, securing these devices has become a “homeland security issue,” a senior US official said at the Atlantic Council on October 14, while exhorting industry and civil society leaders to address potential cybersecurity vulnerabilities.

The system of interrelating, connected computing devices with the ability to transfer data, known as the Internet of Things (IoT), “is not a trend, it’s a full-blown phenomenon,” said Robert Silvers, assistant secretary for cyber policy at the Department of Homeland Security (DHS).  

The pervasiveness of IoT, from medical devices to driverless vehicles, has led to “a national dependency,” according to Silvers. Our reliance on connected devices means that “IoT security is not a public safety issue; it’s now a homeland security issue,” he added.
Humans and technology are converging in unexpected ways, and more rapidly than ever before.  For instance, Tesla is integrating radar into its cars.  Delta Airlines tracks luggage with microchips. 

Even our home energy controls are becoming smarter.  As humans increasingly inlay technology into daily life, greater interaction necessitates both dialogue and action. 

We must critically examine the question of cyber security through the lens of public safety (a term of art called cyber safety).  We should identify and safeguard the everyday—and often overlooked—intersections of cyber security and human activity, intersections I call “cyber life zones.”
The recently reported vulnerability in insulin pumps, while not in itself a significant threat, underscores the danger posed by hackers who could take control of medical devices, according to Beau Woods, deputy director of the Atlantic Council Cyber Statecraft Initiative.

“The risks of connected medical devices can be anywhere on a spectrum: from almost none to life and death,” said Woods. He added: “Capabilities that can save lives in the hands of a trained physician, can end life if used inexpertly or if their integrity is compromised by an intentional adversary or indiscriminate accident.”

On October 5, Johnson & Johnson issued a warning to patients that the OneTouch Ping insulin pump systems are vulnerable to a cyber hack that could overdose diabetic patients with insulin.


    

RELATED CONTENT