This is the first in a series of articles that covers some of the topics that grabbed headlines in 2014 and that are likely to do the same in 2015. We lead off with an overview of cyber security topics.
2014 has included numerous sophisticated hacks of corporate (eBay), financial (JPMorgan) and governmental (White House) institutions, but some still see cyber security and personal privacy as a zero sum game.
The recent hack of Sony Pictures was purportedly perpetrated by North Korean hackers in revenge for slights past and present. Besides knocking out Sony?s computer networks, this hack involved the theft of terabytes full of embarrassing and personal details. In fact, the data leak may end up being more costly for Sony than the network meltdown. Embarrassing comments about petulant stars, sensitive details of movie deals and intimate personal information about Sony employees will take far longer to fix than the computer system.
Shortly before the Sony hack developed, one of the most frightening stories of the year emerged to much less attention. According to ABC News, the Department of Homeland Security has warned that, ?A destructive ?Trojan Horse? malware program has penetrated the software that runs much of the nation?s critical infrastructure and is poised to cause an economic catastrophe.?
Perhaps the most amazing thing about this story is how relatively little attention it got. The potential damage is catastrophic, but, absent the salacious details of the Sony hack, such as gossip about Angelina Jolie, or Tom Hanks? traveling alias, the Trojan Horse story has receded into the archives.
This Trojan Horse virus, called BlackEnergy, allegedly has been planted by Russian hackers as a hedge against the US doing the same to Russia. The virus threatens US economic interests and infrastructure, including such fundamental elements such as the electrical grid. The JPMorgan attack in the middle of the year was allegedly carried out by the Russian group as a proof of concept. The ABC story compares this to the Cold War era?s principle of ?mutually assured destruction.?
The Sony Pictures hack, which is still making headlines, coincides with the final days of the 113th Congress. Officials are trying to increase coordination and information sharing between the government and the private sector. So Congress is grinding out bills, the White House is weighing its options and the Department of Justice has launched a new Cyber Security Unit.
But there are still squabbles. Congress continues to argue about jurisdiction, and privacy advocates worry about more private personal information being shared with the government.
The Electronic Frontier Foundation, commenting on newly-proposed legislation said, ?The newly granted powers are intended to thwart computer security threats against a company’s rights and property. But the definitions are broad and vague.? The privacy watchdog continued, ?Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat.?
Besides increased coordination and information sharing, the solution must involve better technology. Nothing is hack-proof, but better systems are essential. Looking to the future Wired has an intriguing story about tware-clones-genetic-variation-technology/”>a market-based response to the cyber security arms race.