Sony, the Internet of Things, and the Evolving Cyber-Threat
by Christopher Bronk
Do recent cyber-attacks -- including North Korea's against Sony and a Stuxnet-style attack against a German steel works -- suggest that the nature of the cyber-threat is escalating? Chris Bronk thinks so. That's because advances in computing and the revenue-driven culture of corporate hierarchies are undermining the implementation of much-needed security measures.
Because of their great frequency and increasing significance, cyber security events continue to rise on the policy and national security agendas of national governments and international organizations. While computer security efforts were once primarily concerned with general threats and non-specific actions such as widely propagated computer viruses or email phishing campaigns designed to indiscriminately harvest access to many computers for relatively benign purposes (such as sending spam email), attacks have grown increasingly sophisticated and precisely targeted.
Efforts to compromise systems are now often tied to economic or political espionage efforts or even covert action designed to produce specific outcomes. Acknowledging these developments, it is important to consider the implications of two recent cyber- attacks: the breach at Sony Entertainment, and another that didn’t make headlines to the same degree, the attack on an industrial plant at a German steel company in December. For organizations that represent viable targets for foreign governments, corporate rivals or activists groups, these attacks highlight the importance of balancing organization-wide incentives to bring in revenue with the growing imperative to improve security.
Sony’s Woes
In December 2013, the hack making news was Target's data breach . Crafty thieves emplaced software on cash register terminals and purloined millions of customer records. Shoppers swiped their magnetic cards and unknowingly gave away credit and debit card data for weeks.
In 2014, the big breach at Christmastime was Sony’s. Materials compromised in the attack included everything from internal documents and email to digital copies of unreleased feature films . The hackers that went after Sony caused such fear that when they threatened physical violence against theaters showing The Interview, a satirical farce involving an assassination plot against North Korean leader Kim Jong Un, most balked at showing the film.
The U.S. government reaction to the Sony breach amounted to calling the matter a crime, launching an investigation, and issuing a vague threat against Kim's regime that some sort of response may be undertaken. U.S. officials openly blamed North Korea for the Sony breach, and even President Obama spoke publicly on the matter, castigating the North Koreans for the act and shaming large theater chains for caving in to the threat of violence.
As with most other major cyber attacks, alternate theories arose regarding the hack. Representatives of the ever-growing cyber intelligence and malicious software analysis industries said the allegations against Kim Jong-Un’s regime were premature. The Sony hack was likely an inside job perpetrated by a disgruntled employee, they argued.
Eventually a strong counter-narrative would emerge from the Snowden archives, published by der Spiegel and additional claims published in The New York Times . The U.S. government’s final, if not-for-attribution, word was that it knew of Pyongyang’s complicity because North Korean systems had been compromised by U.S. cyber intelligence operatives.
New SCADA hacks
While Sony’s woes made good hacker theater, another incident, at a steel plant in Germany, should cause greater concern. In December, representatives of the BSI, the country's cyber defense agency, reported that the control systems computers of a steel works were hacked in a manner that caused an emergency shutdown of a smelter, severely damaging it .
Attacks on Supervisory Control and Data Acquisition (SCADA) systems are especially worrisome because one of the key growth areas in the IT industry is in embedding networked computers into machinery, from production lines to home appliances. This new computing infrastructure, labeled the Internet of Things (IoT), promises new efficiencies and capabilities, but also increases the attack surface open to cyber attack – from laptops and smartphones to home thermostats and offshore oil rigs.
Worryingly, evidence continues to emerge that SCADA system hacks are occurring and that the IoT is riddled with security holes. Beyond the grandfather of these events, the Stuxnet attack against Iran's nuclear enrichment facilities, the German event adds to a growing list of possible or probable SCADA cyber attacks. (So does a recent research case study on hacking traffic lights.) This is a bigger concern than the gossip and anxieties of studio executives.
In the same vein, new evidence has come to light regarding a 2008 pipeline explosion in Turkey , which occurred only 3 days before Russia invaded its neighbor Georgia. For years we assumed this was an act of terrorism. Now there is an alternate thesis involving the manipulation of pumping infrastructure and the pipeline's surveillance system.
The new ‘great game’
At least since Stuxnet, if not before, a geopolitical contest for control of cyberspace has been taking shape. The cyber vector in international conflict is now fully primed, and a variety of actors now employ cyber means to achieve their ends. Over time, they will do so with increasing sophistication. While most of the traditional levers of geopolitical competition remain available to states, ‘cyber’ is one that works.
Cyber attacks can now break physical things, and most organizations are woefully unprepared for that development. The security model of buying hardware to counter specific or individual threats is often inadequate against an increasingly well-educated, creative, and highly-motivated cohort of malicious hackers. Equipped with dynamic and ever-advancing tools, highly skilled cyber defense professionals must face these operators, much as intelligence analysts of great skill and talent toil to stop terrorists with far less in the way of training or preparation. Although education has come to the fore, teaching and learning take time and more capable practitioners are needed urgently.
Moving to the larger geopolitics, there are now many hacking cases in which a strong political motive may be present but definitive evidence linking the attacker to the attack is difficult to find. This was the case with the Shamoon attack against Aramco . Iran is assumed to be the culpable party, but a clear connection between its supreme leader and the hack that took down 35,000 computers in minutes has not come to light. Conversely, numerous Pentagon PowerPoint presentations leaked by Edward Snowden have provided far more definitive evidence about U.S. intelligence activities in cyberspace.
What canor should be done?
Despite the security pitfalls abundantly visible today, computing marches forward. Big data is unlocking advances in health care. Process control optimizes critical infrastructure: pipelines, electricity distribution, and integrated logistics. Digital transactions are the backbone of global investment banking and the lifeblood of small business operators alike. All of these things can be hacked, and the consequences can be serious.
In major corporations, the awareness of senior leadership about the cyber threat is rising. What is not changing quickly enough are organization-wide incentives for actors, especially in upper management, to implement enhanced security measures. Indeed, in far too many cases, the imperative to improve security remains at odds with the imperative to bring in revenue. Too often, corporate culture emphasizes the latter at the expense of the former.
That is the core of the problem for Sony, for our anonymous German steel company, and for any other firm that represents a viable economic target for a foreign power, competitor firm, or hacktivist group with an agenda. Organizational cyber security is a fatalistic culture because, in some ways, it resembles the intelligence or counter-terrorism business. Successful defenses do happen, but they are rarely made public. It is only when something goes wrong, and the heads begin to roll, that the cyber-threat gets the attention it deserves.
Christopher Bronk is the Baker Institute fellow in technology, society and public policy (TSPP) at Rice University. He previously served as a career diplomat with the United States Department of State on assignments both overseas and in Washington, D.C. He holds a Ph.D. from The Maxwell School of Syracuse University and studied international relations at Oxford University.
Available at Amazon.com:
Capital in the Twenty-First Century
A World Restored: Metternich, Castlereagh and the Problems of Peace, 1812-22
World Order: Reflections on the Character of Nations and the Course of History
More WORLD NEWS ...
- The Weakening Foundations of Western Power
- The New Global Marketplace of Political Change
- Diplomacy in the Age of Globalization
- Why the World Is Becoming the Un-Sweden
- Venture Capitalists Rule the World
- Authoritarian Symps
- Celebrating Wars & Destruction
- The Decline of War?
- Transhumanism and War
- How Aggression Went From an Act of War to a Pathology
- Assessing the Nuclear Non-Proliferation Regime
- Healing or Harming? The Provision of Health Care by Peacekeepers
- Learning the Lessons of Ebola
- NGOs: Foreign Agents
- How Climate Change and Resource Scarcity Are Upending World Politics
- Humanity's War on Wildlife
- Women Up in Arms
- Nations and Borders are Always Messy
- Comparing Atrocities
- Religious Violence: What We Get Wrong
- Crying 'Lone Wolf'
- Partnering against Human Trafficking
- 8 Ways to Reduce Global Inequality
- Population Decline and the Great Economic Reversal
- The Intersection of Three Crises
- A New Global Development Bank in Town
- Henry Kissinger: 'Low-Life Scum'
- Reclaiming Privacy in the Golden Age of Surveillance
- Sony, the Internet of Things, and the Evolving Cyber-Threat
- Cyber Jihadists and Their Web
- Targeted Sanctions and the Right to Due Process
- The Dynamics of Global Change
- Is the Concept of Terrorism Still Useful?
- Muslim Cartoonist Draws Lessons from the Charlie Hebdo Massacre
- Refereeing a Race to the Bottom
- How Liberal Democracy Promotes Inequality
- The Dance of Superpowers
- The Big Chill: Tensions in the Arctic
- The Games of Our Lives
- Kissinger on World Order
- The War on Terrorism: The Way Forward
- Nigeria: Rebuilding After Boko Haram
- Peace Talks Stall in South Sudan
- Putting Boko Haram in Context
- Congo: Two Visions for Development
- Skating on Thin Ice, Tunisia Chooses a New President
- South Sudan: Action Needed Now to Prevent Another Year of Devastation
- Poverty: The Petri Dish That Grows Ebola
- Ebola's Racial Disparity
- Africa's Place on World Stage
- Ebola & Economic Inequality
- Women Bearing Brunt of Ebola
- Tunisia's Upcoming Elections
- Militarizing the Ebola Crisis
- What Role for UN in Tackling Ebola?
- Ebola Dwarfed by Malaria & HIV/AIDS
- Africa's Islamic State?
- Cutting Corners in South Sudan
- A Forgotten Crisis at the Heart of Africa
- Sudan: Forced Faith is Not Faith
- Moral Compass Points Toward Retribution in Nigeria
- Nigeria: Extremist Islam Scared of Little Girls
- What We Can Do for the Kidnapped Nigerian Girls
- Nigeria's Stolen Girls and Clueless Leaders
- Is Japan's Prime Minister the Next Putin?
- Cambodia's Remarkable Journey
- India: Anti-Muslim Rhetoric Flares Up
- China Pulls Pollution Documentary
- India: Worshippers in Cremation Ritual
- Japan: World's Oldest Celebrates 117th Birthday
- Japan: Cats Overrun Island
- Mass Wedding in South Korea
- South Korea: Ending International Adoptions
- The New Face of Chinese Repression
- China's Economic Slowdown and the Necessity of Reform
- China's Crazy Plan to Mine the Moon
- The Good Life of the Newly Rich in China
- North Korea's History of Broken Nuclear Promises
- North Korea In Numbers
- Hong Kong: Pragmatism vs Liberalism
- Great Gamble on the Mekong
- Indonesia's Seaward Shift
- The New Nuance in Chinese Diplomacy
- China Now Top Economy
- Nuclear War Threshold Keeps Dropping
- China's Interest in Defeating ISIL
- Japan Is Antagonizing Everyone
- China and The United States: The Dance of Superpowers
- South Korea: The Politics of Patience
- Fishing for Peace in Korea
- Hong Kong is not Tiananmen
- Why China Won't Talk to Hong Kong's Protesters
- Hong Kong: The Future of People Power?
- Can China Pacify Its Minorities?
- Pragmatism Challenges Superpower Status
- A Capitalist in North Korea
- Japan Still Hobbled by Racism and Militarism
- The Tao of North Korea
- Europe & Islam: The Way Forward
- Putin & the Irony of Helsinki
- Russia's Defense Industry
- Turning the European Debt Myth Upside-Down
- Germany Emerges
- The New Drivers of Europe's Geopolitics
- Does Germany Trust Greece?
- The European Union, Nationalism and the Crisis of Europe
- The Intersection of Three Crises
- Population Decline and the Great Economic Reversal
- A New Crackdown in Belarus
- Church and State in Poland
- Greek People 'Need To Suffer More'
- Greece Says Euro Zone Deal Won Time as Cash Bled From Banks
- Ireland's Fine Gael Considering Coalition With Labour, Independents
- 1 Year on, Kiev Bloodbath Remembered
- Updating German Thrift for the Age of Austerity
- Migration, Islam and Security in Europe
- Reconciling the Faultines of Europe's Past
- Can Ukraine Gnaw Its Way out of Trouble?
- Europe Gets up off the Mat to Battle Austerity
- Calls for Appeasement in Ukraine
- France's New Strategy: Two Years On
- How the Left Failed France's Muslims
- Can the Violence in Honduras Be Stopped?
- Ecuador: All You Need Is Love and Oil?
- Argentina's Tangled Web
- Human Rights Violations in Brazil
- Paraguay's Legacy of Violence
- Nicaragua Canal: Critics Line Up
- Why Obama and Congress Should Go Further With Cuba
- U.S. Cuban Relations Reimagined
- Yes, Black America Fears the Police
- New Boston Bombing Video
- Obama's Last National Security Strategy
- What We Lose with a Privatized Postal Service
- Wal-Mart Does Something Right
- Guantanamo Bay's Place in U.S. Strategy
- Obama Corrects a Historic Mistake on Cuba
- Brazil's Presidential Elections
- Brazil's Struggle with Gang-Run Slums
- Ebola: Is Cuba Caring too Much?
- The Mass Shooting in Mexico
- No Happy Ending to the Child Refugee Crisis
- The Decline of American Influence
- More Than a Mexican Problem
- Mexico's Hidden Epidemic
- Venezuela Progresses in Battle Against Contraband
- The Challenges of Panama's President
- Low Point of US - Cuba Policy
- Cuba's Currency Conversion
- Colombia's Challenger Vows Hard Line on Venezuela
- Two-Track War Against ISIL
- The Need for a New Syrian Narrative
- Why ISIS Exists
- Why Are Women Joining the Islamic State?
- When Bibi Came to Town
- The Geopolitics of Speeches
- 10 Reasons I'm Praying for AIPAC's Decline
- Understanding Turkey's Tilt
- Some Good News from the Middle East
- ISIS Unites the World
- An Eritrean in Israel
- Global Warming Triggered Syria War
- Is Turkey Holding Up a Resolution in Syria?
- Does Syria See the U.S. as an Ally?
- Nationalism under Pressure: Islamic State, Iraq and Kurdistan
- Syria's Future and the War against ISIS
- The Syrian Labyrinth
- So, Islamic State, You Want to Rule a Caliphate
- Wanna-Be's Doing Islamic State's Bidding
- Is ISIS Capable of Nuclear Terrorism?
- Khomeini Drew the Line at Nukes
- Israel's Lack of Interest
- Recognizing Palestine
- Gaza: Bipartisan War on Human Rights
- Iraq Long Awash in Carnage
- Turkey's Dealings With ISIL
- In What World Are the Kurds as Dangerous as the Islamic State?
- Iran: Netanyahu UN Speech Baseless
- Without Iran, Coalition to Confront ISIS is Doomed
- Treat ISIS Like an Onion
- Turkey & Israel: There and Back Again
- Kingdom of Slaves
- Yes, Black America Fears the Police
- New Boston Bombing Video
- Obama's Last National Security Strategy
- What We Lose with a Privatized Postal Service
- Wal-Mart Does Something Right
- Guantanamo Bay's Place in U.S. Strategy
- Obama Corrects a Historic Mistake on Cuba
- Why Obama and Congress Should Go Further With Cuba
- U.S. Cuban Relations Reimagined
- China and The United States
- Tensions in the Arctic
- Ebola and Moral Panic
- What West Africa Can Teach the U.S. About Ebola
- Everything Wrong with Obama's War on ISIS
- Maya Angelou was Deeper than a Pithy Quote
- Give Killers Coverage, Not A Soapbox
- Our Culture Behind Wisconsin Girls' Stabbing Case
- Are Hispanics in Danger of Becoming White?
- Obama Outlines the Limits of Foreign Intervention
- Just Don't Call It 'Reparations'
- Small Men with Ugly Thoughts, Expressed Aloud
- It's Time to Show Our Veterans Some Love
- Justice for All, Except Those Too Big to Jail
- On the 9/11 Memorial and Museum
- Policing Thought Crime
- Turmoil and Intimations of Gender Bias at The Gray Lady
More WORLD NEWS ...
Article: Courtesy of The International Relations & Security Network
"Sony, the Internet of Things, and the Evolving Cyber-Threat"
|
|
|
