Recent Cyberattack Exposes US Need to Strengthen Commercial Cybersecurity
By William Tucker
Contributor, In Homeland Security
It was bound to happen again. Several U.S.-based websites and web services came under a large-scale denial of service (DDoS) cyberattack last Friday, disrupting commerce and causing significant financial losses to the companies involved. The DDoS attack used web-connected devices that were left unsecured by end users.
Simple Cyberattacks Have Devastating Effects
Commonly known as the “Internet of Things,” or IoT devices, everything from security cameras to household thermostats can now be connected to the Internet. These products don’t always come with the best cybersecurity.
In fact, the Chinese manufacturer of the webcams used in Friday’s attack recalled the devices. In less severe cyberattack cases, the company offered software patches. According to the manufacturer, there is a flaw in the webcam software that doesn’t force end users to change their usernames and passwords.
Though Friday’s attack wasn’t sophisticated, it really didn’t need to be. The simplest of attacks still caused havoc.
So far, the U.S. has not formally blamed any one person, group or nation for the cyberattack. According to NBC News, a senior U.S. intelligence official said this attack appeared to be a classic case of Internet vandalism.
There are clues as to who was behind this recent attack. The investigation has demonstrated once again that the U.S. is incredibly vulnerable to this particular type of cyberattack.
Another Massive Electrical Blackout Remains a Real Threat
The massive electrical blackout that plunged much of the East Coast into darkness a decade ago is still a real threat to the U.S. The current and previous administrations have not tackled more aggressive measures for securing web-based communications.
Could A Cyberattack Replace Economic Sanctions?
Cyberattack vulnerability allows weaker nations or even non-state actors to harm U.S. economic interests, which was the result, if not the aim, of this most recent attack. Major retailers like Amazon and financial websites such as PayPal were taken offline for most of the day.
If an unfriendly nation expanded its target list or launched an attack during the holiday season, the economic impact to U.S. businesses would be massive. In other words, a cyberattack could be used in lieu of economic sanctions against a target nation.
Levying Sanctions Costs Both Sides Money
Sanctions against a single nation, such as Russia, require some form of international consensus. For example, the cooperation of the European Union and other nations is needed for economic sanctions to work. These sanctions cost businesses that have operations in Russia or that engage in commerce with Russia to experience a significant loss of revenue.
Furthermore, enforcement too costs money. It’s expensive to harm another nation economically. Over the past decade or so, there has been a move in the international community to embrace targeted sanctions against individuals or institutions.
Could Enemies without Economic Resources Cause Cyberattacks?
But what of nations or non-state groups that want to harm the United States or another nation economically, but lack the international clout or allies to pull off an effective sanctions regime? The answer is to do so asymmetrically using cyberattacks.
The effects of sanctions are meant to be felt over time. Cyberattacks require some sort of persistence to remain effective, but the overall loss to the U.S. economy would still be substantial.
It is surprising, even irresponsible, that the U.S., a frequent target of cyberattacks, has not taken stronger measures to address the problem. Washington needs to address cyber infrastructure immediately and businesses need to take a more comprehensive look at their cybersecurity. The next attack is just around the corner and it could certainly be much worse.