Our president uses an unsecured cell phone. Still.
Enough said.
https://www.nytimes.com/2017/01/25/technology/donald-trump-phone-social-...
6
Hate to tell you all, but there isn't going to be a nuclear exchange with Russia, China and for sure not North Korea. You are all going to just have to deal with this annoying hacking. I know some people have been hit pretty hard, but you all lived to fight another day.
3
Too late.....
3
I couldn't agree more! We in the USA are behaving like the ostrich with its head in the sand when it comes to cyber warfare (defense and offense).
The biggest ostrich of all has an elaborate comb over and says he believes Putin's denials aka LIES. Of course trump is very familiar with LIES (having told more than 3,200 in the past 17 months.
Instead of wasting billions on unnecessary military spending and seeking billions in funds for a useless wall the USA needs to be investing billions in hardening our grids, internet, ELECTIONs, etc. and attacking harshly against threats from bad acting states and individuals... whatever it takes.
We've been way too timid in the past and present. Time for change.
Personally I'd start with exposing Vladimir Putin's extensive corrupt wealth and that of his enablers and if some trumpian money laundering comes out in the 'wash' that's a terrific bonus.
5
My father before he passed away said that computers would lead to the ruination of our nation. I believed it then and more so now. We are just sitting ducks who may not even be able to retaliate at all in a nuclear attack.
2
This is really the doomsday scenario if climate change does not take us down first. For many years, nuclear weapons have not been the most serious threat to the U.S. and to every other country in the world. This article begins to explain why. In fact, one of the reasons North Korea is willing to talk with the U.S. about nuclear disarmament is because it has one the most lethally effective cyber warfare capabilities in the world. Also, please keep in mind this silly New York Times title is tremendously misleading. The U.S. is absolutely not a Bambi in the woods. The United States is capable of doing to others anything they may be capable of doing to us. A macabre irony given the Bible's moral teaching - do on to others as you would have them do onto you.
1
Insanity: Open interfaces with infrastructure servers. Screens at power plants, grids, medical centers, banks, etc. should be dumb terminals with no capacity for email or web access for servers with partitions insulated from any other accounts. I found it insane during my career at a tertiary medical center that staff accessed the EMR with desktop computers that also supported their email and web access. Such is neither rocket science nor prohibitively expensive, but just a change in attitude.
4
I'm 71. It seems to me that the world, through nations, groups, corporations, and individuals are all at war with and against each other. Lives and liberties are all being killed. My car knows more about me than I do. My t.v. is watching me. Time to back into the closet and listen to the radio, ir it can receive reception.
4
The question every member of congress should be compelled to answer is, And why is this OK? It should be obvious to anyone who can pass the mirror under the nose test that this president's one goal is to destroy the country. Perhaps the president's willingness to do this is the only reason Putin and Russia have not had to launch a cyber attack; the president is doing just fine on his low tech own.
If Mr. Trump really wants to protect us (he does not), he would not bang on about building a wall, he would put every penny he had at his disposal to build a cyber-wall. That he has not and will not is all you need to know. That the republicans in congress have enabled him is treasonous.
3
I have had a (unreasonable, I know, but what is reasonable these days?) fear that the Trump-Putin bro fest is all about a cyber scheme to loot unaccountable billions from U.S. (and other?) accounts directly into their own coffers. Two pathologically greedy and amoral men plan the biggest heist in history and have the political power to cover it up. Please tell me I'm nuts.
4
Important sectors like power, transportation, water, police, fire, etc. shouldn't even be on the internet. they should be closed systems apart from the public activities that are on the internet. All bank branches should be required to back up daily data on every account managed by the branch and the backup should NOT be connected to the internet. same for all financial folks like stock brokers.
Why on earth everything has to be continuously connected to the interest is beyond me?
7
First strike is key because it can shut down everything instantly based on the time by NTIS in Boulder. Without power and Internet, response from the US is impossible. And, anybody can do it. All it takes is intelligence, ingenuity, and a small budget. We better have Trojans in everybody else's systems that would notify us if they are discovered and can be triggered remotely. Multiple layers would be best, with some intended to be discovered as decoys. We should also figure that the Trojans we've discovered are probably decoys.
3
The United States Armed Forces has some of the best hackers in the world, if not the best. Whenever Mr. Kristoff gives the order for war, they’re ready.
1
If they're so great, why did they not catch the Russian hacking? Not their job? Trump didn't want it to be caught because it was helping him?
Bigger question: why are they not being used in full force right now to prevent another election sabotage this year? Because Trump has Russia on his side, and he'll use anything, even treason, to hold power and stay out of prison. Simple.
We certainly don't hear about American cyber defense over the clatter of continuous Trump tweets, lies, kidnaps, foul ups and uncountable moral and ethical violations. Yes I am very mad, and deservedly so. We have no President, just a corrupt narcissistic sociopath running a reality show for his own benefit along with a bunch of corrupt stooges doing the same.
6
Yes, we are at risk of a cyber attack. But I don't see where Nick offers a solution. This may be like nuclear weapons -- impossible to defend against so each country (or group) builds its capability so there is mutually assured destruction. The problem with that approach is that it may not be a country that is mounting the cyber attack. Or it may be a country like N Korea that has little to lose in an exchange of cyber attacks on infrastructure.
And let's be clear: The Russians didn't hack the 2016 presidential election. They hacked the DNC. Or maybe they didn't. We probably don't know for certain as the origins of a cyber attack are difficult to ascertain. It's not that easy to figure out who created a cyber attack. The code for these attacks is in machine language (1's and 0's) and there is no requirement that a hacker identify who they are working for. That is the greatest risk in cyber warfare. If a group or country knows if they are identified they will pay a huge price for attacking us, they will do everything they can to ensure that they aren't detected --- or attempt to make it look like the cyber attack originated elsewhere. Let's say you are China and want to hurt the US and Russia at the same time. You attack the US, make it look like Russia did it, we attack Russia. China wins.
2
Far more effective than conventional and nuclear weapons. First, cheaper to develop and use. Results are far more crippling to the targeted country, the population and infrastructure and resources are left mostly intact but subjugated; likely the attack weaponry can be turned off as easily as it was turned on if they have the certs and encryption keys.
Probably the greatest benefit to the attackers is the lowered risk of counterattack. It's not unlike a drone operator siting in a room with a monitor and joy stick in Nevada. Psychology, a citizenry under cyber attack is more complacent than one under a nation state military attack they can rally against.
Maybe I am wrong: if they lose their Facebook and Instagram accounts, certainly they will want to rise up. But we should feel safe. We have a real estate developer and reality show host at the helm, and his cabinet is equally qualified to deal with this kind of technology. After all, we have tariffs!
5
Yes, Russia and China are making chumps out of us when it comes to cyber warfare, and our president's response is to built more destroyers and aircraft carriers. Our Internet infrastructure is so vulnerable to hackers that we make it easy for foreign countries to affect the integrity of our elections.
5
Perhaps this very real threat will be dealt with in much the same way as global warming and its effects: nothing much at all until some domestic catastrophe takes place.
8
There wont be any catastrophes and that is exactly the problem. It will just be slow unrelenting change that no one really senses until its too late. You know like the frog in the boiler.
Many comments appear to misunderstand the nature of the cyber security threat. What Russia is engaged in is known as Information Warfare. It is constantly ongoing, insidious, and effective. It manifests on Twitter and Facebook in the form of thousands of posts by agents of the Russian state, posing as Americans. It manifests in the money being funneled from Russian oligarchs to the NRA. Sowing confusion, gaslighting, pushing those obviously vulnerable cultural buttons to manipulate readers who do not know better. They use our lack of regulation against us (it is difficult to see how such IW could work in the age of the FCC's Fairness Doctrine). They use our populace's complacency against us.
6
Have you seen the examples of the stuff they posted? If we fell for that in sufficient numbers to influence the election, we are far more gone than we can ever recover from. Kinda makes me want to look askance at everyone I cross paths with.
1
The 2018 election will be stolen.
It will be hacked by the Republicans with Russian propaganda help.
There is nothing we can do about it.
What will you do if the 2018 isn't a blue wave for some strange reason?
2
Trump still hasn't done anything to address this problem.
Instead he's appeasing the very leaders who have carried out attacks on us and our allies.
The primary responsibility of the president is to protect the American people. Trump should be removed from office for failing to protect and defend the United States. He's a traitor.
13
Where are the liberal hackers and why aren’t they doing the same to Putin as he is doing to us? We shouldn’t rely on the government where it may be taken as an act of war. What we really need is an anti-Russian, anti-Chinese Wikileaks to fight fire with fire. And for what it’s worth, WikiLeaks and thereby Julian Assange are nothing but Russian tools. C,mon liberal hackers, help us fight back by releasing Trumps tax returns and Putin’s bank records...
6
Add cyberwar to the list of worries. But what about more immediate threats?
Most Americans don't save or look too far ahead as a rule. At least that's what research shows. It's a false optimism, more delusion. The government won't help or even have the means to help as they did in 2008-09. The trade war with China ignores they hold huge amounts of our treasuries. A theocracy-oligarchy (or oligarchy sold to the masses using the cultural values of a theocracy) is not going to save anyone but themselves. And they really don't care.
I want intelligent, fact based, pragmatic governance, and we're careening in the opposite direction. The virus of Trump-like rulers (interconnected criminal oligarchs) goes beyond our borders, but some nations will be slower to collapse. I think we all should have a plan b, but easier said than done.
4
Perhaps, it was wise for Hillary to have her own server. Has anyone ever shown that anything was hacked off her computer? Way after the fact she probably did delete a lot of material. But it doesn't seem to have been hacked.
How much time did the Repubs hammer on this with zero effect?
And, if I am not mistaken, it was suggested to her by Colin Powell and Condoleezza Rice.
6
It is trump and his ilk that are treating more than 6/10 of Americans like Bambi while feeding us to the Putins of the world.
"Russian hackers infiltrated State Department" hence likely making Hillary's e-mail server better protected than State's servers.
"American officials debated whether to punish Vladimir Putin ... by making some of his money disappear." Seems like a no-brainer to me. What's he going to do that he isn't already doing? Can we do the same to trump?
Putin is not afraid of us, in particular their hacking of our POTUS election because they know our one-party-system benefits from Russian hacking and will continue to DEFEND THE RUSSIANS and their puppet in our White House. Had the Republicans lost due to Russian activities, they would have been up in nuclear-arms and would have certainly done something - like invade an unrelated country the way "w" Bush did in Iraq.
Our government should allow tech companies to build highly secure systems that are not susceptible intrusion by the NSA and hence hackers around the world too.
The upcoming Putin-trump meeting is likely to coordinate their further undermining of our country and democracy - as has been done so successfully so far.
5
This is one of the areas in which the presidency of the buffoon-in-chief sets us waaaaayyyyy back. Cyber attacks by governments run by far more intelligent leaders will dominate others. Those countries lead by puppets or dictators or egomaniacal despots (or all three, such as the US), will be very vulnerable to cyber attack.
If we don't have a substantive change in November, we will continue to fall further from global leadership than we have already under the current buffoon. It never ceases to amaze me how stupid our moronic president is when it comes to knowing his own limitations. He thinks he's an intellectual equal (or, heavens, superior!) to Putin. Only the majority of this country and the planet know what an idiotic liability our leader is.
5
I have spent my career as a software technology consultant and I can tell you that the real problem is simply lack of focus. Companies and the government spend only the bare minimum on cyber security, primarily because people do not understand it. So what's a big problem? Look at the Experian data breach... oh well, 120 million people exposed, the stock took a little beating, let's move on. The problem is that with cyber attacks, there is rarely any real harm done... Bangladesh lost $81M, so what? If North Korea would have invaded Bangladesh with 20 highly trained special forces do conduct a bank heist, it would have been an international incident. The best we can do is shore up our cyber defenses and not leave the doors open, but when to cross from cyber warfare into real warfare is a question nobody really has an answer for.
3
But it isn’t a fully either/or proposition. Target hardening, users who take passwords seriously and the ability to quickly respond (fix exploited vulnerabilities) to attempts would go a long way to address these issues
You list a lot of problems but no solutions.
What can be done to avoid a serious cyber attack?
1
The urgent and immediate temporary solution is, to decentralize critical places, like government buildings, banks, farmacias, gas stations, etc, by installing alternative power sorces (solar cells) with storage units, and have the options to disconnect from the centralized power network. This is complicated but doable.
It is worth noting, that when Puerto Rico was devastated by the hurricane, one hospital was able to function because they had a solar cell power source.
2
America needs to reinstate the DRAFT, for one singular major reason. To get those brilliant, chaotic, genius American hackers, ehmmm, I mean programmers for apps, games and startups - to save America from CyberWar.
It is a known fact that the creative genius needed for this starts even earlier than 18, and peaks around 27.
For our National Security, we need less Angry Birds, and more American Angry Hackers to our Defense.
2
There is wisdom gained by experience the young cannot fathom.
2
@Steve - That's why they need to be in the military, so that they are in a situation where those with that wisdom can guide and hone
their skills.
2
@mikecody
The pay might be good to do that kind of work for the military or the DOD, but the jobs themselves are awful. Most people wouldn't want to work in that kind of environment. I wouldn't because I've seen it.
There is a reason why Google is so nice to work at. DC is still stuck in the 1950s.
I think we're no smarter than the gypsy moths wiping out the oaks in New England.
Some years ago, Ted Koppel wrote a book called "Lights Out" that described what might happen in such a scenario. It's pretty terrifying reading. There are many white-hat hackers out there who are trying to forestall such an attack, but the whole thing is incredibly murky. And it doesn't help that Trump and his Republican enablers feel so snuggly with Putin.
2
Mr. Kristof seems perplexed that Trump has done little to fend off Russian hacking. My mother knows the answer, saying it often to us as kids: "Don't bite the hand that feeds you."
Trump 2016... From Russia with Love!
7
Trump probably believes that continued Russian cyber-aid in his elections is to his benefit. He is likely correct.
4
This sounds like it was taken directly out of the pages of “The President is Missing”.
Is that plagiarism?
1
No Nicholas, from a self-avowed computer security expert: we don’t have nightmares like the ones you list, any more than a privacy expert might worry an FBI agent is listening to her phone conversations, any more than a neighborhood expert might worry that, after complaining to a neighbor about blowing leaves on his lawn, the neighbor might plant a bomb in his car.
Competent computer security experts prepare a defense for clients proportional to the threats they face. And defending against two most dangerous threats is a decidedly mundane process: 1) Construct pseudo-random unique passwords for one’s online accounts, and 2) Never open an unexpected email attachment.
Most commonly, hackers scour the internet searching for online email or customer accounts of Bambis who have overlooked these two fundamental precautions. Astoundingly, in 2018, the woods is full of them.
7
Trump isn't interested in doing anything because he personally benefited from Russian interference in 2016, and hopes they will continue helping him stay in office. Until something is done about him, nothing will be done about the rest.
3
I noticed that cyber warfare spending made up less than one percent of the military budget passed by Congress. Spending hundreds of billions of dollars on ships and planes is great for politically connected military contractors.
Meanwhile, we essentially ignore the hot cyber war we face. In fact, I recall our president proposing that we bring in Russian cyber security experts to help secure our voting systems.
4
An advanced airplane or ship is needed to defend against other like threats, and is expensive to produce. To defend against cyber threats, one needs a good computer and, more importantly, a good programmer. These cost much less, so of course the budget to obtain them is less.
The fact is that cybersecurity is just as expensive as physical security. Private companies and government agencies don't want to pay the price for hardening their networks. Security also reduces convenience, which no one wants to give up. The only way to fix this problem is with legislation mandating security and assigning real penalties to those who don't comply. The cost of failing security needs to be made higher.
1
At the place I work, the security software is so intrusive that it slows the network to a crawl. Some of the common websites have so many scripts and other bits of active code that the security software has to analyze and probably hashmark every one of them. NYT isn't too bad, but places like MSN and Yahoo are ridiculous. My brand new, supposedly super fast computer slows to a crawl and does a fan blast if I go to Yahoo.com.
And why is this happening? What is the point of all those active scripts and other active snippets of code? Advertising. Industrial-strength security software on an industrial-strength computer is slowed to a crawl so that an advertiser can present images that move around, instead of just displaying a picture with text linked to a website.
I don't work at a power company, or any place that controls critical infrastructure. If a hacker shut down my company, it would be expensive and inconvenient, but no one but us would be inconvenienced . But I suspect that the computers that control the power grid are connected to the same web interface as the ones the employees use for email and web browsing. And the security software on those computers must be working overtime to analyze every script, gif, and other bit of active code on common websites. I'll bet the hackers know that if they could embed a worm on yahoo.com, they could infect all kinds of interesting networks.
3
This site is flagged as insecure because it has unencrypted content.
" But I suspect that the computers that control the power grid are connected to the same web interface as the ones the employees use for email and web browsing."
You would be dead wrong.
2
@jaco:
So if an employee at PG&E wants to read his personal email, he uses a different computer. Good, I was hoping someone would answer that.
I suppose you work with one of those sites, and that's how you know.
The most pressing matter vis-a-vis hacking is protecting our democratic elections. Mr. Trump has done nothing to address ongoing and future Russian interference in our elections. He has done nothing to punish Russia for their interference in the last presidential election. And he appears to be hoping that Russia will interfere again on his behalf. Our own intelligence agencies have told us in no uncertain terms that the Kremlin interfered in the last presidential election in order to help the Trump campaign. Nevertheless, Trump continues to lie. He lie when he denied that it happened. He lied when he said he has been tough on Russia. He lied when he said the Russians assisted the Clinton campaign. He lied when he said the Russian interference was President Obama's fault.
7
Smaller or micro-grids for distribution of our power, internet and other resources. Not the monolithic monopolies that we currently have. Similar to local food, we need local providers of energy, etc. Solar and wind in our towns, yards and regionally close by is prudent. Getting off of the nation wide grid as a whole.
3
Rent-collectors decide what technologies will be available to us.
We need more homegrown highly educated computer scientists and mathematicians. We exacerbate our weeekness and vulnerability by educating and employing, let’s be frank, our enemies.
1
The US Congress is a collection of technological ignoramuses.
4
It will happen with complete republican complicity. Did you see that meeting republicans had in Russia last week where they were looking for better relations and never brought up the election?
They are all in to destroy the US to hide their collusion and expand their greed
6
The worst outcome of a Russian cyber attack has already happened...a collaborator has been installed as president.
7
There are eayasy enough solutions to this very real problem for an unselfish and clear thinking Administration, Congress and military (we are 0 for 3). E.g., first, bring home all of the troops and hardware from Afghanistan, the Middle East and Africa. Second, cut our military in Europe and Korea by half. Third, reduce overall troop numbers by 25 percent and reduce the budget for "hardware" ,i.e., planes, ships, bombs, and other archaic weapons etc by 75 percent. Fourth, divert 50 percent of the money saved into cyber defense projects and another 25 percent of the savings into related civilian related projects such as computer science scholarships, research grants and coding camps and training for HS and college students. Take the remaining savings and provide housing assistance and infrastructure through low cost green home building, better public transportation etc. Otherwise, go back in time 18 years and consider the dystopian premise of the forgotten TV show "Dark Angel".
4
The attacks need response. For a cyber attack like the one described against the Ukraine power plants, destroying the top three plants in Russia would be an effective and apt response. Act of war? Most certainly, because as long as we think of cyber war as an alternate kind, we are we will always be on the defense.
2
The Russians did not hack the 2016 election. Buying ads in Facebook is not hacking. The Russians tried to influence our election as we do the elections in other countries and have done since long before the internet. Conflating this with hacking is naive. Sort of Bambi in the woods naive.
10
The Senate intelligence committee report on Russian interference in 2016 elections says the Russians accessed the voter rolls of a few states and could have but apparently did not (yet) manipulate voter data:
“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure...these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”
With this week’s closed door sessions between party of Trump Senators and Putin operatives in Moscow, and the Trump-Putin lovefest set for mid-July, only Bambis can be confident 2018 and 2020 elections will be unaffected by this conduct.
Not to worry, Trump and Sessions are looking out for us. They’re focused on a real threat, keeping Central American children caged up at the border.
7
Time for a Reset Button with Mexico. That'll fix things.
Scary prospects await us...while we remain complacent with the status quo. If Trump is allowed to meet with Putin without supervision, some of us will remain suspicious of a pact allowing Putin's Russia a continuing free hand in cyber-attacks on America's land. Can't we see that Trump and Putin are allies, that Trump trusts what Putin says more than his own intelligence service? Could Trump be a potential 'fifth columnist' ? What are we to think of a president who calls the free press the 'enemy of the people'? Can't we see the perils here...until it's too late for remedy?
2
Long live analog (& paper).
2
Trump's Muslim travel ban distracts from genuine threats to our national security and is driven by prejudice and fear — neither of which make for good policy nor keep us safer at night as he so often purports it will do.
There is no need to add Russia to that "menacing" and dangerous group of countries on the list. They don't need to travel to our shores. Their very real sophisticated cyberwarfare apparatus is already in full operation here and collaborated from Moscow. Meanwhile, we don't have any understanding of how the Trump administration or the intelligence agencies are responding to these very real security and immediate threats apart from random and ineffective sanctions.
There is always the extremely, implausible and unrealistic detente for cyberwar at the upcoming summit between Trump and Putin--sort of like the highly touted "denuclearization" success of Trump saving us from nuclear war with North Korea after his 30 minute meeting with Kim Young!
2
There is an extremely - almost cost-free solution to the problem.
Easy, because it would take each government or corporate unit less than a month to implement, almost cost-free, because it uses staff these entities already have, or have contracts with.
The solution: GET OFF THE INTERNET!
No crucial controls should run on the open 'net should ever run on the Wide Open Web that handles 'What's in My Freezer'.
To secure the any system, all you have to do is break the big connections and create a dozen intranets, separate heavily-encrypted Virtual Private Networks (VPNs) to and from computers isolated (through encryption and format) though they ride the same fiber optic cables as the 'Web, phone calls, cable TV, etc., but cannot be cross-connected.
And you separate each function - Homeowner Service Calls does NOT have to be reachable on the same computers as international power-switching centers, or Facebook!
But some can be entered from any "smart phone" in the world.
Separate VPNs, sending information that can never run as programs would kill the major flaw in most systems.
Why, with hard work, can a malicious user with a cell phone reach high-security controls?
The boss wanted life easy and impressive looking by running it through a single World Wide Web (note name) site.
Assuming electricity, it lets the boss tweet a Significant Other from the same screen that controls all US-Canada generator connections.
No lines of type, just click a mouse.
That means no security either.
2
Gas could be pumped, albeit paid with cash (or gas company credit cards separate from pump), electricity and phones worked, trains ran, planes flew, banks knew how much money you and they had all before the internet. There needs to be a redundancy, back-up fail safe that allows important functions to disconnect and run independent of the internet.
Before the widespread use of the internet all these relied on simple technology and then internal networks. Maybe it is time to disconnect vital services from the internet and go back to the internal networks that would be harder to hack into. And where interaction with the customer is desired, say to allow for personal banking, that an interface be set up such that no hack of the personal banking system could reach into the banking system itself.
Here's a preview of the conversation when trump and Putin meet:
trump: did you interfere with our election?
Putin: no.
trump: promise not to do it again?
Putin: promise.
trump: deal?
Putin: deal!
Well that's OK, then. It's good to know that trump and Putin are keeping us safe.
2
For centuries, the U.S. has enjoyed military security because we live on a continent surrounded by 2 oceans and friendly neighbors. We fought in 2 world wars on other people's turf.
In the era of cyber warfare, that military advantage is gone. The world is flat. In fact we might be more vulnerable because of our extensive reliance on an interconnected world.
If we need a 6 major branch of the military, it's not the Space Cadets. We need a cyber command.
5
I never could understand why our country would put so many essential-to-life programs under a system that is completely vulnerable to enemy cyber-attack. This is a system that we do not have complete control over nor do have ongoing research to control it because of our current corrupt leadership's allegiance to foreign powers.
1
Don't worry. I'm sure Amazon will still be able to deliver food, water, books, etc with free shipping!
4
The Russian, Putin, puppet occupying the WH has no concerned about cyberwarfare!
What about the long-time Russian business partner in Chappaqua? Trump never got paid $145 million for helping Russia out but Hillary did.
If that was not enough it is possible for a magnetic storm on the sun to do severe damaage to all out internet connected computers. One happened in 1859. It was named the carrington flare and the only damage it could do in those days was to brong down the telegraph.
see:
https://en.wikipedia.org/wiki/Solar_storm_of_1859
2
“We need to establish a cost to cyberattacks and help establish norms for cyber — “
That’s it? That’s your whole solution?
Thanks for the heads up. We’ll get our best people on it right away! You and Thumper run along now.
2
Maybe more like fish in a barrel than Bambi in the woods, and the bad guys are fishing with dynamite. We are collectively wearing one of those "I'm with stupid" tee-shirts. We got hacked, trolled and phished, then elected him.
4
We are the knight in shining armor looking down at a hole in our breast plate from the first bullet fired in battle. Our response is confusion and uncertainty, fueled by fear. The tools of war have changed, and we are still polishing our old armor.
We can harden our defenses, but that just causes an escalation in the weapons and tactics of our enemies. We can respond in kind, but that adds even more fuel to the path of escalation.
Sometimes, you have to sit down with your opponent and explain in clear and unambiguous terms the consequences of cyber warfare—including the physical kind.
The situation calls for persistent, sustained policy and action.
Yeah, right, like we are going to see that from His Orangeness.
5
How does anyone still think that we are the white knight? Travel off of our island, and you will soon discover that most people consider the US to be the biggest threat in the world.
Obama knew the Russians had hacked the DNC and was moving into influence peddling, and did nothing. Why? The DNC and Obama were co-conspirators.
3
Obama went to Mitch McConnell and Paul Ryan with the info. He wanted to inform the public in a bipartisan show of unity. The Republican leaders refused.
In hindsight, based on their subsequent behavior, they both probably knew and approved. More marionettes selling us out!
2
The most important thought in this piece is admitting the media were used. Yep, NYT, you were used to fixate on HRC's emails and not the policies of the candidates. This myth of "objective" reporting turns you into stenographers, recording the loudest voices.
10
We're still dropping bombs while our enemies are dropping code on us.
2
I fear that that I don't know what I don't know
1
That’s ok. Guns will protect us.
1
Another book from several years back, "One Second After", by William Fortschen is a companion read to "The Perfect Weapon" for a fictional but very disturbingly believable portrait of societal breakdown in the aftermath of this type of warfare.
In Fortschen's book, EMP (electromagnetic pulse) from high altitude nuclear detonations is the weapon used; the electric grid is destroyed, cars not at least 30 years old are stopped in their tracks, not a bullet fired, not a drop of blood spilled...initially...but what about later? Hospitals are overwhelmed. Medications? Good luck with that. Currency? If you have a 10-year supply of ammunition and hundred guns, you are rich and still looking to add to your stores. Before long, one bullet will buy more than a mattress full of Ben Franklins.
We have sold our safety and security for the convenience of computer-enabled/caused instant gratification.
Pogo was right.
3
"Credit cards are now just worthless bits of plastic, and A.T.M.s are nothing but hunks of metal... Banks have lost records of depositors’ accounts."
Aside from physical property - by no means secure in anarchic state - most wealth exists as some form of data held in an institutional or government account. But then poof! Everything is erased, gone. Even millionaires - gone.
No wealth. No civilization. Or as Hobbs puts it:
"No arts; no letters; no society; and which is worst of all, continual fear, and danger of violent death: and the life of man, solitary, poor, nasty, brutish and short."
Such a nightmare scenario.
History has not been kind to the complacent and the foolish.
2
I guess we're all gonna live like Bambi in the Woods soon enough....forest fire and the shooting of your mother included!
Wake up, Bambi! Wake up!!!
(Maybe I really should buy a little land on the shore of Lake Superior.)
3
Let's ask Jared Kushner about that super secure back-channel communication the trump team and Russia discussed setting up.
Maybe some lessons on hack-proofing to share?
Let's ask him under oath.
2
No problem. We have 11 aircraft carriers. No one else has more than one.
3
I have a new name for the Republican Party. Let's call it the Banana Usurping Republican Party... or BURP for short.
And the rallying cry could be VOMIT - for Vote Out Meanies Including Trump.
1
Truly alarming.
1
How about a citizen militia of computer experts. If Trump won't do anything to protect us lets do an end around run. We have the foremost computer experts in this very country. We invented most of the technology out there. Lets help defend and attack any that would disrupt us.
2
We don't have to worry about an all-out cyber war because big wars rarely happen anymore. We're not getting in a land war with Russia or China. Why would anyone start the cyber equivalent? Cyber espionage on the other hand is a real and present danger. Look at the 2016 election. Cyber attacks are small and targeted. They occur regularly.
For the sake of argument though, let's say a cyber apocalypse really does occur. Is the emergency really any different than any other emergency? Not really. The primary difference is the emergency is geographically dispersed. Unlike a hurricane for instance, the National Guard will have to respond to Los Angeles at the same time as New York at the same time as Chicago and so on. Expect a long wait.
However, I'll take a cyber attack over other natural disasters. You don't have to be a doomsday prepper to survive quite awhile without electronics. I happen to know where there's a natural spring within walking distance. Ta-dah! The only other thing I need is food and fuel for cooking. That spare propane tank is useful. I needed an excuse to clear out my pantry anyway.
You also underestimate the power of community. People generally help each other in times of crisis. Watch New York in a snow storm. There's plenty of altruism to go around.
You should probably read John Kunstler's "The Long Emergency" instead. Think about climate change while you're reading it. You can recover from cyber war. Massive environmental disruptions though? Not so much
2
And knowing that they need the Russians to help them "win" the 2018 elections, Trump and the Republicans refuse to accept the reality of this threat and doing something about it.
5
With Trump in charge of protecting us from future Russian cyber interference, I'm afraid we're more like Bambi's mom.
7
Congratulations and gratitude to David Sanger for producing such an important and insightful piece of work.
3
It sounds as if we should "go back to the future"
1
The first barrier to American cyber security is the destruction of Donald trump. With top quality hority in the us under the control of Vladimir looting there isn’t much hope.
5
It's not just that, as you put it, "Trump administration has done little to prepare to fight off new hacking" it's that tRump was/is a beneficiary of the hacking.
5
The unfounded and oft-repeated claim that the Russians hacked the DNC is another Democrat blame shifting exercise to embellish their fake Trump Russia collusion nonsense fairy tale.
First, Wikileaks has stated adamantly that the DNC emails didn’t not come from the Russians. Wikileaks is perhaps one of the few organizations publishing that has never been found to have published false information. Unlike the MSM.
Second, you have the Pakistani IT dream team that was unbelievably given Carte Blanche access not only to the DNC servers, but the accounts of dozens of Congress members.
Third, the DNC severs were indeed hacked as reported to them by the FBI and they basically didn’t seem to care. Nobody has any idea who the hackers were.
The DNC was hacked by so many, inside and outside, it is irresponsible to blame Russians simply because it fits the fake story you are trying to peddle.
3
On the other hand, you believe everything emanating from Trump's mouth, right?
Where is the redundancy? There is little "paper back up" of documents demanded by consumers and often required by law in most court cases. Physical redundancy should be delivered by mail every day, but the Post Office has been attacked by Republicans again and again. Why? Physical mail is an essential function of democracy. The United States Post Office was founded on July 26, 1775, a year before the Constitution. Benjamin Franklin was the first Post Master. It is that important for democracy. Republicans have been relentless in their attacks but for decades, not years. Why? Example: the Postal Accountability and Enhancement Act of 2006 (PAEA), a conservative Republican "long con" made draconian financial changes without a serious whimper from the media long before Trump. Who benefited? While Republicans keep an incredibly dumb media distracted with salacious non news, lies and tweets, media leaves PAEA authors and other "gut the Post Office" representatives alone. Media allows Trump to follow through on additional cuts to service. Media must tell this story because Dems aren't brave enough to take on this fight (or almost any fight). The public needs to know who is behind this all so that we can demand change. Enemies benefit when communication is down, even if it is just a birthday card from Grandma. The attacks on the USPS IS "Bambi in the Woods", just v 1.0. Cyber attacks are v 2.0. It is happening.
4
"Countries like Russia and China have implanted malicious software in the American electrical grid, nuclear power plants and water systems "???
When? Why? How?
Outrageous claims like this require abundant evidence and the author has advanced none.
4
You must have missed it. It was all over the news for about a day - and under the sheets ever since.
2
Major news media were far too busy squeeing over Stormy Daniels and her "revelations" over a 13 year-old one-night-stand with Trump in 2005.
News at 11!
It reminds me of the cartoon Bambi vs. Godzilla 1969 by Marv Newland. Many of you may be too young to have seen it but it's on You tube.
3
Given our abandonment of all consideration of the Geneva Convention with the abortion that is Gitmo, why would any of our "allies" trust us on any future such endeavors? I know I wouldn't unless the U.S. agreed to inspections - guess when that'll happen?
2
what is missing in this (legitimately) frightening picture is the reverse story (the US spying on a multitude of allies, including Merkel's cell phone for instance, or Israel on almost anybody (including the US...)) ; but obviously, this is for the greater good...
What you seem mot to know is that the German Bundesnachrichtendienst (BND) was also caught spying on the U.S.; but obviously, this is for the greater good.
1
Nothing is going to change because Americans are so complacent. For a country that was founded by a revolutionary was, we have become wusses. If there is no bloodbath in the voting booth, we are lost.
4
Wrong! The U.S. is possibly the most war-mongering country around. I'm just saying the case could be made. So it's not belligerence Americans lack, its smarts. After all we are over-run with Republicans and hundreds of millions voted for the likes of DJT. Americans have been dumber than door nails for decades - constantly endorsing a tax cuts for the wealthy in the land of dog eat dog, shoot from the hip, capitalism. You don't need great intellect to get richer in unfettered capitalism - you need money. Money makes money (definition of capitalism). Them that have shall receive.
1
All the more reason to have a backup power system for your home. A power grid down means no heat or air conditioning, no refrigeration, no lights, no laundry, no cooking, etc. Even modern natural gas appliances require electricity to operate.
For about the same cost as a central AC system you can buy a while house backup power system that can be powered by natural gas or LP gas. It works automatically and also serves if the power grid goes down due to bad weather.
1
Aside from the tremendous difference in scale of disruption/destruction potential, this topic similarly hints to what the anxiety of taking a commercial passenger flight in the first decade of operation may have been like. They had alternatives, but they kept jumping aboard just the same.
1
Governments cannot and will not regulate cyber crime until a new generation of lawmakers who understand computer systems grow up and take office. Our current generation of computer users and lawmakers do not begin to understand the system and therefore ignore the necessity of any of the solutions posited in this book and article. In fact, they probably would be quite incapable, even if they tried. Unless something terrible occurs which forces us to take action, it will be a long time before we see these solutions.
5
As I conclude this article, I can’t help but remember the reaction from Mitch Mcconnell when President Obama wanted to make a joint statement to the nation of how Russia was disrupting our election process.
How can we win when half the country wants us to lose?
10
The Republican party will not spend any "preventative" money except to shield wealthy people from taxes and/or to add to their fortunes. Examples: healthcare, the environment, infrastructure. NOT A DIME until it's too late. Then things like the Great Recession happen and .. wow, who could've foreseen that? Thousands of people did and it was ignored.
9
“...Trump has also dithered.”
Trump has not dithered. Trump has mostly denied Russian hacking of our elections. And has accepted Putin’s denial of hacking. As have the members of the Republican Comrade Caucus currently visiting their special friends in Moscow. And Trump would dearly love to lift sanctions.
Trump gets a promise from N. Korea about denuclearization but nothing about hacking. Trump advocates lifting sanctions on a Chinese telecom company with hacking capabilities.
Trump is not dithering. He must believe that the best defense s to ally with the hackers. Because that is what he is doing.
18
Good point.
I’m getting tired of the adjectives the media uses to ‘soften’ the damage that Cheeto Benito is causing.
Call a spade a spade.
1
Hacker, n, @1960, one who can do something fantastic with a computer, and has an intense interest in the workings of same.
NO criminal intent beyond wanting to see if (most often) he can cut the length of a program in half, or build a machine that runs faster for half the cost.
Sometimes likes showing off by, for instance, pushing buttons on the (almost vanished) pay phone, routing a call around the world three times to connect to the pay phone two feet away.
MAY be employed by criminals, lured by challenge and cash; military, by challenge and patriotism, to attack sites or build programs to do same.
In the old days, had a different set of values, based on understanding (how is it 'theft' to use a computer standing idle on the other side of the nation, or make a 300,000 mile phone call over unused lines?)
Generally hobbyist, not someone with a bend to make money or go anywhere near working for a government.
Not a person specifically trained in attacks via-computer.
The cyber- prefix dates from the early 80's - when "cyberpunks" - term coined by writers Bruce Sterling and William Gibson - developed a style of street-smart speculative fiction replacing the genera's "New Wave" of the early 60's as punk rock briefly reigned supreme over psychedelic rock, folk rock and 'rap' overcame 'soul' as the name for music performed by most dark-skinned artists.
Russian-Republicans 2018
Political & Computer Hacking For A Brighter Whiter Tomorrow
Grand Old Putinistas
Nice GOPeople
Why not just move to Russia, Republican voters, where you can enjoy naked authoritarianism in all its corrupt, oligarchic glory ?
43
We hacked ourselves. The electoral college that put the deplorable in the WH was a "hack". Obama's inability to even have his SCOTUS pick looked at, was a "hack". I'm not worried about the Russians or Chinese and what they might "hack"...I'm worried about the guys with US Flag pins on their suits, in DC. Besides we've been overthrowing/"hacking" other governments for seventy years. What goes around, comes around.
12
Maybe. The self blame however, smacks of the kind of equivalentcy arguments that Republicans love to deploy, and with too much success.
1
With all due respect, why does Russia need hackers, when they have the president and by association congress and soon, the supreme court?
19
"The Russian hack of the U.S. elections in 2016 should have us on our toes for 2018, but the Trump administration has done little to prepare to fight off new hacking."
Cyber World War III took place in 2016. The United States lost.
Putin put his stooge Trump in the Oval Office and controls the White House with the full support of a traitorous Republican Congress. These people want Russian hackers to continue to help them stay in power with a minority of the vote.
29
As the 2018 elections are scheduled to be hacked as necessary, by and for Putin’s plan we Bambi our heads in the sand. This position doesn’t usually end well Bambi or any other group denial methodologies.
4
A group of Republican Senators recently visit Russia and talk about their own version of a “reset?” A President barks that maybe a 400 lb guy on a bed somewhere (in the US) caused hacks that interfered with the election? A President who refuses to believe Russia influence operations steered the electorate in his favor? Fact or fiction?
The present and former heads of our intelligence agencies know of
what they speak regarding what has occurred—an attack on our country. We must take notice and vote these scoundrels out.
7
It may be too late to vote the bums out. By this point they are running the asylum. The Republicans cannot "reset" relations with Russia--i.e., they won't take any harder a line than Trump has against Russian hacking. They are far too deeply involved in the Republican-Russian conspiracy against the United States in 2016. Too many Republicans took Russian money channeled through the NRA.
The president doesn't naively "refuse to believe" in the 2016 Russian hacking. He was the candidate. He intentionally conspired with the Russians. He simply refuses to admit it.
3
What's a dummy to do? Bank account wiped out? That'll get people out in the streets fast, maybe in a good way, maybe not.
5
I'd my bank account hacked and depleted. I tell people if it hasn't already happened to you, worry because it will.
2
"Food and water soon run out in the cities. And that’s just the first week"
Well, as an electrical engineer, I'd say much sooner than a week. In a city suddenly lost electricity, water stops immediately, within a few seconds. Subways will stop and trap thousands of riders, and elevator doors will shut tight traping more.
Without drinking water and a city full of unflushed toilets, panic and riots start within hours, not weeks!
The good news? Donald cant tweet !
22
We have known for decades how to make our networks and computers safe. It is not difficult. We voluntarily allow executable code to be installed on our computers from a network that provides, by design, anonymity and obfuscation.
An analogy: Imagine you bought an appliance and were told you had to leave your door unlocked so that the manufacturer could come in and keep upgrading it. That is what we tolerate from the software industry.
The problems are not technical. They are social, administrative and legal and no-one is willing to fix them.
15
There is a reason why the doomsday scenario has not happened yet. Somehow, there has been significant communication between the “players” in this potential warfare mode that certain attempts at mischief may be met with a very undesirable response from us, most likely similar to MAD or mutually assured destruction. Frankly, as long as our nuclear submarines remain invulnerable from cyberwarfare, I will continue to sleep well, even though at 86 my window on this earth is closing more rapidly than I would like.
3
The objective of cyber war attack is to disrupt and destroy a country's infrastructure. The more interconnected and centrally controlled infrastructure a country has, the more vulnerable that country is to cyber warfare. Our internet based (or at least internet connected) control systems are vulnerable because they can be accessed from any location in the world with internet access.
We could make our critical infrastructure more secure by making it hard-wired (or hard fibered). The number and location of connections to the hard system would be limited. The cost would be much greater. Centralized control would be harder to achieve. Each access point would have to be isolated from interconnected systems such as the internet.
Our vulnerability is caused by our demand for cheap control systems and our refusal to take our communications security needs seriously.
10
When the Internet first emerged, we called it the information superhighway. Now it is a heavily monitored toll road with few rest areas or scenic overlooks remaining. As if that were not bad enough, as Mr. Kristof ably demonstrates, it is now increasingly populated with evil and elusive highwaymen who prey upon us all. Perhaps the time has come to opt for the road less traveled.
12
If America were not susceptible to cyberattacks, can you imagine the wanton havoc and destruction it would, without the slightest concern, create in the rest of the world - especially in poor countries? 19 poor countries attacked by the American military since WWII - and still counting.
4
Congress doesn't have time for such issues, they're much too busy with truly existential issues like which bathroom people are allowed to use or how to keep women from buying birth controls.
We know it's coming. We'll do nothing to stop it. We're toast.
20
The whole Republican program is idolatry of a nonexistent being. It is all fake at every level.
2
I think about it daily. Don't forget planes falling out of the sky; water purification kaput; freight trains stopped on tracks; hospital records jumbled so nobody knows how to treat patients. Someone should hire me for my dark imagination.
6
Putin assures the president that he isn't attacking America via cyber warfare.
So, in its wisdom, the GOP has decided that the real risk to America s the (diminishing) "invasion" of people desperate to bake in the hot sun and pick our food.
20
“Banks have lost records of depositors’ accounts.”
Perhaps this is Putin’s leverage over trump?
6
It's all bad but the one cyber attack I am most concerned about is that upon our old, decrepit nuclear power plants. Hard to survive a nearby or radioactive meltdown, especially if you are living downwind.
4
In 1859 we had a massive solar storm in the Carrington Event. Maybe a decade ago the Harvard Business Review (Journal?) had an article written by a small called ‘expert’ in business strategy.
His lead example of bad strategy was burying cables 8’ or more below the ground for protection against EMF such as a nuclear event.
He argued, apparently successfully, that if such were to occur you would have no customers left, so it was nonsense to waste money digging deep. He recommended 3’. As I have watched some of the cables and in Seattle now being dug ~3’ deep, I shudder if N Korea were to, on a sunny day, blow a good nuke at about 100 miles up, there goes our cables and connections. One nuke high up and gone.
Similarly, if that recent solar storm had been just a bit, sparks shooting out of wires and more, . . . ?
So why have industrial and factory internal connections and controls connected at all with the internet? Why have military connected to anything but it’s own? Should not banks have their internal software totally separate from external? Why should a phish happen externally? Internal infiltration is bad enough. But external is a bad joke. And let us look at solar events.
Every computer and router and connected utensil should arrive with its own separate, unique password. To change it you should have to have no words, at least 8 numbers, four letters, and two symbols in your new password. A mnemonic should be automatically generated for you from what you enter.
6
Our TVs are watching us in this infantile nation of sheep to be sheared.
3
yahoo lost personal information of millions,she(ex CEO)got $235 millions!
why no responsibility comes with such astronomical paycheck?
similar scenarios abound,look at facebook,equifax,etc.
no one is held responsible
8
After the Cambridge Analytica/ Facebook scandal and still no one is in jail.
2
There's just one word that is behind all this, and whose absence would end a lot of this, and no one seems to dare say out of some lingering irrational fear, as if it would cause some bespectacled West Coast rich guy to jump from under their bed and re-enact their worst time at a horror movie.
Kristof managed to not say it at all, in all these paragraphs. That took effort! Wisdom or courage, not so much.
So say it with me now, instead.
Windows.
(There, no disheveled Bill Gates came to seek our blood and OS license fees, aye?)
2
Earth is not under attack by Them. Pretending to explain who is right or wrong is a living, for a few. Most starve in our own special way. I text these missives to tell myself that we pretend there is enough greed for all. Never was, never shall be. Earth is under attack by Us.
6
You might be right, but the fact is that we have to live under a - should I capitalize it - FOOL and his court. Until his ship sinks, there is not too much one can do: listing the damages the Fool might inflict to our world might be interesting to some of us.
3
Multi systems failure leaves a country with zero defense, no functioning economy and probable total law and order breakdown. Election tampering put incompetence in power eliminating prevention or capable response to systemic threat. Behaviorally, the GOP is Putin's handmaiden with Trump its puppet-in-chief beholden to the Russian oligarchs for money laundering real estate deals. With no electricity, no potable water and no gas we are a medieval society.
6
I believe the fourth Die Hard was a story exactly about this scenario except an individual did it. Nevertheless the consequences were horrifying. The entire power gird, banking system, traffic lights, everything was taken over and either misused or shutdown.
What are we thinking?
Not dealing with the warning that was delivered by the 2016 election. I am coming to believe that Trump, his administration and many Republicans are so compromised by Foreign (Russian) money/blackmail that they purposely do nothing to protect us from our enemies both external and internal. Do I know of evidence no but the repeated findings of Russian connections is hard to dismiss. I worry that nothing will be done to prevent the hijacking of the 2018 midterms by Russia. Just read the piece about Poland's President dismissing the Supreme Court using a new retirement age limit as cover so he can stack the court. Autocrats seem to be rising around the world and the result will only be bad.
3
Clearly, we need an analog backup system to which we can switch if required in case of emergencies like these when all else fails. As much decentralized as possible.
It worked before, only since the 1990s have we become vulnerable.
In addition, we need a secure network that is completely detached from the internet and can only be accessed within the confines of the country through a limited number of nodes. That could still be infiltrated, but only via the old fashioned way, which is easier to defend against. That system should also be divided into subnodes that can operate autonomously, so never the entire country would be out of commission.
It can be done, but it costs money.
5
Place a use fee on those making money on the internet to pay for necessary upgrades.
Apple is sitting on billions of dollars in off shore accounts; Microsoft has tons of cash too; and Facebook and Google are both amassing tons of cash.
All these companies spend millions on monitoring for hackers; with secure infrastructure perhaps they wouldn't have to spend so much.
2
Chuck,
if it were only that easy! It will not work that way. There are too many permutations that induce weaknesses into any software.
As long as all computers are essentially connected through the web, the danger will persist. The only way is to physically isolate critical systems from the internet and as a second fallback safeguard use analog backups.
Everything else is futile.
1
Before I'd let journalists scare me about cyberwarfare, I'd like
to see reforms in the way they report incidents that directly
affect the public. As a retired programmer, it annoys me to read
an account of some incident and end up not having learned anything
substantive about how it happened. I have to go to a geek website
like Ars Technica for details. Invariably, I learn that the "hack"
was a phishing attack, that is, conning somebody to gain access
to their account, usually by getting them to surrender their
password in one way or another. If reporters could pass along more
complete information about these kinds of incidents, I'd be more
willing to pay attention to them when they warn us about
purported dangers to the infrastructure posed in the more exotic
realm of industrial and military sabotage involving the
exploitation of obscure software vulnerabilities.
2
I’m assuming that as a retired programmer one certainly has been exposed to the multiple vulnerabilities of Windows-based systems including small, Android devices, desktops and large enterprise networks. And yet somehow it’s “journalists” fault and another example of blaming Fake News and ignoring America’s exposure to Russian hijinks.
Every system should have an analog back up, period. Second, create a cyber defense policy position and share it with the world. Anyone violating its prohibitions will be subject to sanctions plus damages. This will drive home the importance of respecting norms governing cyberspace. Third, confiscate Trump's non-secure, personal smart phone and send it to the FBI for review. Fourth, break protocol and have the FBI Director reveal he is conducting an investigation of the Trump personal smart phone communications found on Stormy Daniel's phone a few weeks prior to the next presidential election.
5
You urge cyber-defense. That would be a quantum cryptographic code that hasn't been invented yet, although many are working on it every day.
Alternatively let's keep the diplomatic channels open to head off trouble. If, like nuclear war it would mushroom to involve many more than the original target, we must confer with our "enemies" for the good of us all.
2
I think it is high time that operating systems of all kinds - for distributed network control such as power grids and dam systems, for laptops and personal devices, for any device that can connect to the internet - need to be regulated like many other things that can wreak havoc if not regulated.
We regulate pharmaceuticals because counterfeiting can kill. We regulate automobiles and airplanes because ill-functioning ones can kill. Now apparently non-regulated OS’s can kill.
I can already hear the collective scream that would come from the libertarian-leaning computer tech community. I feel your pain - I was one of you when I was working. But it is time for OS’s to pass an extremely rigorous set of tests, and yes, to make their source code public. And to require building in a security check that any device must only run its particular copy of an OS - any changes to the OS through hacking would violate a checksum of some sort and sound an alarm.
I know I’m oversimplifying here and my suggestions could possibly be found to be naive given the immense complexity of OS’s today. But regulation in some way seems the only solution to prevent defective systems in the public and corporate sphere from turning on us big time.
6
This idea has merit. There's one OS that has chosen simplicity and high control over updates: Chrome OS.
My thought? Provide an OS like Chrome that has better offline capabilities. More local storage. And stop deleting the oldest files when local storage fills up, which I have heard happens with Chrome.
Oh, and please do the same for routers!
Routers are, apparently, easy to hack and hard to protect.
5
I've been saying this for a long time: our most daunting security threats - global warming and cyber security - go virtually ignored. Meanwhile, Trump and his lemmings try to quell their fears by attacking immigration, which does nothing to make us safer. The fact that he has not taken Russia's election attack seriously should have every voter deeply worried.
Americans really need to start considering how vulnerable our worship of convenience makes us. Technology is not only eroding our best human features, it also makes us most vulnerable to our enemies.
26
The most important part in this essay is that we don’t want to fetter ourselves as as we also use cyber attacks! One reader has wisely opined, you live by tge sword and die by the sword.
The technological race indeed has heated up too fast. Nobody is going to hold supremacy for long, some body else will overtake.
Republicans don’t want to address this as they were benefitted, but wait, they will be paid back in the same coin and will the Democrats say anything?
We are in a mutually destructive path among various nations. Meanwhile with the ever growing population in the non westernized world, the pressure is mounting on the global economic and political system. Nowhere there is any wise statesman to lead us. Prospect is bleak on a global basis!
2
The news fails us because it doesn’t sell. Our education system fails us because it is not something easily testable or teachable. Our economics fail us because they bought of politicians who no longer think for themselves. Cyber insecurity and Bambi are just the tip of the iceberg.
2
"American officials debated whether to punish Vladimir Putin for his hacks by exposing his links to oligarchs, or even by making some of his money disappear. But Barack Obama balked . . . ."
That sums Obama up nicely.
Mitch McConnell said he would regard it as partisan politics if Obama revealed that Russia was manipulating our presidential election in 2016, and "Obama balked."
As a fighter, Obama was a great talker. The next Democratic presidential candidate better know how to fight and know what to fight for. No more "hope" and "change" for me.
7
I'm all for hope and change, backed by a warrior mentality. See Elizabeth Warren and Bernie Sanders and Alexandria Ocasio-Cortez.
I have been saying this for years. People looked at me as if I had three heads. When the power goes off (think cyberattack) NOTHING will work. All the fools (the capitalists who run things) are smitten with putting it on computers or phones and they're only thinking about the money they can get (greed is what it's called). And who do you think is going to put new batteries in the satellites? Elon Musk or Jeff Bezos or Bill and Melinda Gates or any of the billionaires of Silly Valley? Sure, the satellites have solar power but they will go out despite "military grade" components. It's very cold up there and it's a vacuum. We'll be on Mars or the Moon instead so it won't matter, will it?
3
How could anyone read this stuff and continue to use a smart phone banking app?
I don't even allow automatic debiting of my account. The gas company that debits your account each month is also an access point directly into your account. That is, the hack can go through the gas company into your bank account.
6
Yet another Doomsday scenario to worry about--and coming on the heels of happy 4th of July family picnics. What ever happened to building cellars that could withstand a nuclear attack? Better were the stories about imminent Martian invasions. Not that cyber hackers aren't a threat, but this whole column is an example of how we human beings love to make ourselves anxious and miserable over things we can't control in the least simply because, unlike happy cats, dogs and cows on the hill, we have imaginations and love to use them. I happen to think that without some good ideas for how our society can fight cyber hackers than the kicker, "Let's stop playing Bambi in the woods," it would have been better if Mr. Kristof had kept this column in his desk.
3
There’s a good reason Trump is uninterested in stopping Russian cyber attacks: the Russians helped get him elected in 2016 and he knows he may need them in 2020. I don’t understand why no one else is talking about this.
12
Perhaps his aides might explain to the President that a cyber-attack would make it impossible for him to use Twitter.
1
Apparently there is a current NYTimes article about the glories of "block chain" for business productivity increases. This comes less than two weeks after news that many millions of dollars worth of a cybercurrency had been siphoned of by hackers who are, as yet, still anonymous.
Now if I understand cybercurrency at all, block chain is supposed to make them impregnable. If hackers can steal cybercurrencies based on block chains, what chance does the rest of the less "secure" world have against theft, chaos, and weaponized hackers?
Nothing in the digital world is safe; documents can be edited to say something that they did not say two seconds ago; photographs and videos can be edited to no longer reflect what was initially captured. The digital world is quicksand, and quicksand is not a stable foundation for living in the real world.
14
Look at what has already happened with Facebook in the name of making more money. There is so much greed in the cyber industry and little heed paid to what it is doing to the average person. Many people have had credit card numbers stolen, an election has been stolen and god knows how much other nefarious behavior is going on. The culture of cyber is such that the pepatrators see themselves as some of kind of cowboys. We need more protection.
1
We won't make much traction on this issue if we don't hold officials and executives accountable for security breaches (e.g. Equifax, US Office of Personnel Management, etc.). Due to gross negligence, we've in essence handed to the Chinese and Russians millions upon millions American's most sensitive personal information. Couple that with Facebook's numerous data leaks and face recognition software and the Chinese or any relatively sophisticated state actor can create a pretty comprehensive portrait of personal, financial, and employment connections.
That being said, state actors worry me less than a small highly financed technical team that is sponsored by those that have significantly shorted the financial markets. These self-fulfilling market bets happen all the time fueled by internet message boards, investment brokers looking to unload losers, and false information. This would be its logical conclusion.
Word to the wise, better have a few thousand in cash stashed under the mattress.
3
Bambi doesn't spend $700 billion on defense and another $40 billion on "homeland security" -- 3/4's of $1 trillion at the federal level to protect us from our enemies. Despite spending more than any nation on earth, we'll still be a cyber sail-Bambi when a digital Godzilla like North Korea or Russia stomps on us.
Apologies for a dated reference but how does that even compute?
Where in the world are our world-beating, billionaire-producing tech titans who report quarterly profits that exceed the GDP of almost all countries? They monetized the web, monopolized our data, gambol and frolic like The Sun King's favorite courtesans at Versailles, but feel no obligation to safeguard digital pipelines from the agents of hostile foreign nations? There'll be no Next Big Thing if the nation goes dark and is unplugged and paralyzed by Putin's or Kim"s hackers. Or any disgruntled and unaffiliated sociopath with hacking capability can use a cyber attack as a poor man's neutron bomb except people are spared while essential infrastructure is wiped out.
Trump demands a new military branch -- the Space Force -- to protect us from extraterrestrial threats but is oblivious to the potential devastation of an all-out cyber attack as detailed by Kristof.
Of course this is all moot because the most potent weapon our enemies have is already in place, installed in the Oval Office.
That's the Trump doomsday machine you hear clicking, not
the hunt and peck of tiny fingers tweeting.
7
We need an elite and most secret cadre of hackers, cyberwarriors, code writers, criminal and otherwise, and their like working with and for CIA, NSA, and Cyber Command, and developing the capacity to turn the networks of Russia, China, NK, and whoever else wishes to do us harm into pre-1980 debris and damage their economies beyond their worst nightmares. This capacity build should fall to some of the wiser leaders of the intelligence groups; it goes without saying that our little president must be well insulated from their existence. If such a group does not exist, someone at the top needs to get in gear. Mutually assured destruction of cyber assets could also be the new MAD that once consisted of ICBMs, bomber aircraft, and submarines.
1
Two points: 1. paper ballots. 2. Trump has dithered because he is on Putin's payroll. The more he can degrade this country, his debt to Putin and Russian oligarchs drops. Moreover, if we advance our cyber security, it will only become blatenly clear to "the base" that Putin got trump elected.
4
Every voter must resolve to vote ONLY on a paper ballot! Electronic voting machines were a lucrative “solution” to the stolen 2000 election of George Bush. Of course, the flaw wasn’t the paper punchcard ballots, it was the corrupt Republican SCOTUS’s illegal partisan political decision to stop the counting of ballots in Florida! Millions of our tax dollars we’re wasted on the black box scheme by which Republican entrepreneurs got rich on a system known to be easily hacked and elections rigged with ease! We who understand we must make a sea change in D.C. and governors’ mansions in November to salvage our country must be doubly vigilant in monitoring this upcoming election!
1
Mr. Kristof clearly states the problem:
"In the world of cyberspace, we’re still too complacent: Let’s stop playing Bambi!"
And the solution:
"We need to establish a cost to cyberattacks and help establish norms for cyber — a Geneva Convention for hacking."
However, Mr. Kristof immediately negates that with:
"The problem is that the U.S. also uses cyberwarfare (to destroy Iranian centrifuges and, apparently, North Korean missiles), and we don’t want to constrain ourselves."
So what is left is the problem. Deterrence does not work. So what do you suggest Mr. Kristof? What does Mr. Sanger suggest?
2
I don't know why the U.S. is "Bambi caught in the headlight." We invented the Internet, have as many experts as any other country on the planet, the top four, five technology companies and all sorts of Internet security companies, and we have the CIA and other covert agencies who could quite possibly, once identified, make these bad players take a permanent nap.
We have deposed elected leaders in other countries on behalf of oil and banana companies but we can't gather our will to protect our own country? Then on top of that we spend $700 billion a year on our military.
If we cannot protect ourself in the face of an ignorant President and "the Internet is a series of tubes" mentality in Congress we don't deserve the Internet.
5
Am I the only one who’s actually read Felix Salten’s book? Bambi feared the hunters early in his life, but he learned to consistently elude them. His father even killed one of the hunters.
Hopefully, we really are like Bambi, and the evil hackers will be foiled!
It's a great book by the way. Far better than the Disney candy.
3
Trump eliminated the cyber security chief role 2 months ahead of his upcoming meeting with Putin.
As a nation under Trump, we need to understand that there's urgent threats - and then there's URGENT THREATS.
5
This is how the Western World ends: "DEL"
America has slowly been dying because Americans have been complacent, irresponsible. Voter turnout in America is below 60 percent in presidential elections, below 40 percent in midterm elections. Americans take America for granted.
Some of the low voter turnout is the intentional voter suppression, district gerrymandering and propaganda by the Republican Party. Republicans don't want non-Republicans to vote. Their definition of a democratic republic is a nation where only Republicans vote, only Republicans choose the laws, policies, courts, even churches, for all citizens.
Because Republicans work against a healthy democracy and an engaged citizenry, many Americans have concluded that it doesn't matter which party is in power. A 'so what' attitude, which reflects a belief that the struggle for life goes on and one person can't make a difference.
With that 'so what' attitude, Republicans have convinced Americans they are happy with a government of the rich, by the rich, for the rich. And with that 'so what' attitude Republicans have stuck America's collective head in the sand about cyber-warfare.
We don't need Russian, North Korean or Chinese hackers to press "DEL," the Republican Party has been pressing "BACK SPACE" for decades.
6
Yeah but do our votes really count or matter?
1
And Trump wants a "space force". Which could in all probability be hacked as easily as the DNC and Sony Pictures.
7
Given the extent to which Trump is antiintellectual and a Putin wannabe, what chance do we stand against those who would threaten our way of life via cyberattacks? Complacency and the false belief that our greatest threat comes from the lack of a wall makes us sitting targets, with our only recourse essentially being a game of chicken with Russia or China. That the cyberattacks likely have impacted past election outcomes and will do so again in the future, and the fact that Trump likely assumes Putin will use all his power to make certain the GOP wins in November, we need to start the most massive and highly vocal demands that paper ballots be used in November's election.
3
Read Ted Koppel,s excellent book “ Lights Out”. Ted interviews various experts on what would happen if the power grid went down for over two weeks. A timely and sobering read.
7
Interesting column.
It begs the question, yet again. Are we really better off with the internet?
3
Born 1947
YES!!
Every industry and company needs a backup plan for manual overrides and what to do other than sit there at a computer throwing your hands up in the air and feeling helpless. Laziness on the part of government and private industries will leave the 'backdoor' open in every piece of software making it vulnerable for taking down.
Our first 'Russian' president is meeting with Putin and I am sure Putin's take on how American foreign policy should work for him as well as his strategizing to turn our U.S. elections into chaos will be discussed. The enemy within is our own 'American' president.
Paper ballots are needed in November as we are all still vulnerable throughout the states, antiquated voting mechanisms or not.
Nightmare article but it rings true especially with all the facts presented and attacks to date on the U.S. and by the U.S. in cyberspace, our final frontier.
4
We've known this for years and years and years.
People in charge either want it (read Rs) or have a serious case of It Couldn't Happen to Me or just don't want to spend the money.
Either way, we will foot the bill in many different ways, some extremely dangerous, if not fatal.
4
Unless we counter any and all cyberattacks in kind or better, we’ll be forced to respond with military attacks on equivalent infrastructure targets. Deterrents are necessary to prevent cyber war or cyber election interference.
Paper ballots for all!
But vote!
7
Does any of our critical infrastructure have off line back up? It should. A main breaker switch, disconnecting from the internet, coupled with a virgin computer system that can reboot from scratch would go a long way to preventing the scenario of cities without food in the grocery or electricity in the power lines.
It’s easy to imagine what would happen if the food delivery pipeline were interrupted for even one day.
4
The government sometimes doesn’t see a national security issue until it kicks them in the face and they lose a few teeth. Here’s one. Years ago when a telephone was just that, and an extended power outage occured, the telephone still functioned, because it provided its own power.
Today, we have systems that last only eight hours on backup batteries, if all power is lost.
It seems like a national security issue, but the government and big business don’t see it that way.
They don’t see Americans stranded en masse. First responders at a loss.
C’est la guerre.
5
Meanwhile Mitch McConnell (R) was on TV a few months ago proposing a huge increase in our military budget (billions) to buy new helmets and more bullets for troops. Yes this is all about politics at the end of the day. Sad.
16
Thank you for this excellent article. When the grid went out in NYC, and the traffic lights with them, it was pure and utter chaos. It takes very little for the conventions of culture to crumble, and for citizens to turn against one another in a scramble to survive. A Geneva Convention for Cybersecurity is a start but it isn't enough. As we know, the countries who most want to see the US destroyed don't play by the rules anyhow.
10
This is all beyond Trump's limited intellect to grasp and, of course, he doesn't want to even consider the prospect of the Russians working the cyber world to help him get elected. So cyber anything is not on his agenda, unless it means killing the net neutrality rules so the GOP's big corporate PAC and campaign donors will be happy. (Of course, Trump has no idea what net neutrality even means.)
And cyber defense is an area where government has to take the lead, with its own systems and by writing laws or regulations governing common security on crucial private networks. But we are in an era where the GOP hates all laws and regulations unless they are cutting taxes, granting more gun rights or defunding Planned Parenthood.
No one should hold their breath waiting for the likes of Devin Nunes, Jim Jordan, Kevin McCarthy and Mitch McConnell to focus on a real threat to our nation when it might take time away from their work to destroy the FBI and DOJ. It is ironic that they are searching for conspiracies in our government when there are plenty of real ones, including the cyber threats Mr. Kristof mentions, being perpetrated by our real enemies.
19
There's no reason to have confidence in our government's will or ability to handle hacking: past, present or future. Outsource this threat to national security to a third-party with vision and expertise. Or, alternatively, hire some of the bright kids commonly found in most high schools.
For several years we've read columns like this and if anything remedial has been done by our government security agencies, neither Mr. Kristof nor the public is aware of it.
Yes, count me in that group willing to lay some blame on the media, particularly TV news-so-called mainstream networks-who allowed themselves to be used by hackers and thus, unwittingly, paved the way for this monster to occupy the Oval Office. Likely, a repeat is being planned and we are unprepared to anticipate it or repel it.
3
For me, this is another case of mutually assured destruction. I think all major states would have the ability to unleash as much devastation on each other as required.
3
The problem is there is something in the American character that doesn't act until a disaster has happened. Locking the barn door after the horse is gone is what we do. We just don't seem to be able to take the steps to prevent a problem. Or a disaster from happening.
11
This is a particularly important warning.There, indeed should be a Convention on Cyber Space.It is so backward to think that our enemies are going to strike with grenades or pipe bombs.Cyber Space is so wide open and unprotected and offers catastrophic consequences.Why is there no overwhelming concern? I am cautious because I am old and do not trust sending out information.I have every record in paper form- it means a lot of filing and sorting but it lets me sleep,at night.This is not the solution- everyone should get their priorities straight and insist that Congress address this urgent issue.
4
I’ve been astounded to see almost zero coverage in the media, and zero response by our “elected” representatives, to the news months ago that our power and nuclear grids were hacked and that the hackers can literally turn them off. This is huge, people. If this scenario plays out we will tear ourselves apart, while the hackers watch us go down from a distance.
14
So why aren't our computers more secure? For one, the federal government has been weakening algorithms in such common packages as OpenPGP and so on. In short, our government is working against reasonable computer security.
For another, there is no downside for lax computer security. Credit bureau gets hacked? No problem, no penalties, no one goes to jail. This should change.
And you have to admit; it was a bad idea for the US Government hand over our crypto weapons to every hacker on the planet. Oops sorry, they were hacked, and it's not their fault.
13
“the hackers enlisted the American news media to magnify the damage; we in the media were used, and we should reflect on that.”
Unfortunately, the media was used to help get Trump elected and every day the media is being manipulated to help Trump and the GOP’s long term agenda: to instill fear to the point of despair so that we welcome the administration’s help in quelling the fear.
It is past the point of reflection and the media should instead act like investigative journalists again.
14
One more thing. We created the planes that were used by our enemies on 9/11. We also created nuclear weapons (Manhattan Project). We have been threatened by the Soviet Union, China and now Russia, to say nothing about North Korea with nuclear weapons. Nuclear weapons have not been used since August of 1945, but it seems everyone wants them. What would you have us do? Americans are the most creative people in history. The fact that these creations are used against us by our enemies is inevitable. We have to keep doing what we do to stay ahead of our enemies and hope for the best.
4
The fact that someone can do something doesn't mean they will. But you're right. The USA is much more vulnerable to cyber- war fare than the rest of the world. We created the means by which we could be attacked by hostile entities. I am absolutely positive that our ability to attack hostile entities in return is greater than their ability to attack us. The problem is that it wouldn't have the same relative effect simply because they have much less to loose from a counter cyber attack. It's called asymmetric warfare. We just have to live with that.
2
Classic case of live by the sword, die by it. But, with those currently empowered to address this threat also being its beneficiaries, well, Houston, we have a problem.
4
That's right. You live by the sward. How do you know we have a problem? As far as I can tell our intelligence agencies are still swinging the sward. So don't panic. Do you know how many people get up in the morning and drag themselves to work so you are safe? Me either, but I along with you have been kept safe by them. I don't know about you, but I appreciate it.
1
This is,by the way, one of the things that makes blockchain so interesting--not the currency bits, but a solution to the Bulgarian generals problem.
1
"It's time we hold our leaders accountable...", the thread running through all our country's ills.
I'm stunned at the lack of understanding of this simple fact by all of us.
Widespread agnosticism is running and ruining the greatest country in the world.
Only we can reverse the course.
The more the media pits extreme left versus extreme right to our collective delight, the further we get from ourselves.
We have to hold accountable politicians, corporate leaders, media.
We need a credible third party, small dollar hard caps on campaign donations, removal of all money from lobbying and term limits.
Instead of presidents afraid of China (Obama) or presidents looking to benefit financially from them (trump), we need leadership negotiating FOR America and willing to deal with them appropriately.
Ask yourself why the roads in America are so third world while Russia so obviously attacked us with impunity.
And, our response to these things is what exactly?
33
This article reminds of the duck and cover drills we endured in my high school. Cyber attacks are a headache but not Armegeddon. Technical safeguards are known and can be reinforced by private actors, without declaring a national emergency and moral panic. There are state and non-state actors involved. The US has offensive as well as defensive measures, as do other countries. With any kind of weapon, the tensions and reciprocal risks can be reduced through verifiable agreements to improve confidence. Meanwhile, the internet's broader functions in information sharing and learning should not be poisoned by this zero sum reasoning. Internet is a global public good that countries should endeavor to protect and foster. We should resist its militarization.
6
The problem with relying on "private actors" is that they have no real incentives to invest in cybersecurity. Do hacked corporations suffer severe consequences? How about their executives? Equifax exposed detailed information on over a hundred million households. Why are they still in business?
Until corporations face massive penalties, and possible jail time for executives, the private sector will continue to underinvest in cyber defenses.
91
Any true government "of, by, and for the people" would have fined the incompetent, wretched, crooked beauracrats at Equfiax the amount of revenues they made during the entire period in which they allowed these hacks to take place. There is no excuse! The tools to prevent these kinds of intrustions are available, Equifax simply did not want to make the financial and operational investment necessary to insure network security.
53
"Internet is a global public good... to protect." I agree, it is just too bad that America in 2018 is not a respectable global citizen that the rest of the world can trust to cooperate, thanks to our current leadership.
7
I think the prospect of Russian electoral hacking this November is realistic: There are various reports that UNDETECTABLE hacking into our voting machines and changing votes are well within the realm of possibility.
Efforts to get out a high voter turnout, hold national protest rallies, work tirelessly to report the truth (thank you, New York Times)--what difference does all this make if our votes don't end up counting?
Should we insist all voting machines have confirming paper print-outs? Is it too late to protect ourselves against voting machine manipulation?
Why is so little being done to ASSURE the public that their votes TRULY count? How about some country-wide, million-people marches for THAT?
23
Why is so little being done? Because flipping elections is working and has been working since the 2004 U.S. election and likely beforehand. I'm convinced the only reason Obama was able to win the Presidency twice was because there was a sufficient outpouring of support and votes cast in numbers that could not be ignored. With the Trump election lots of misdeeds by the GOP to block voters and disenfranchise millions were effective--with additional hacking assistance from the Russians. As of yet, no effective strategy has been put in place to keep this from happening again.
45
The Russians have to get in line to hack US elections and the line is quite long. The enduring tradition of American electoral shenanigans remain a feature rather than an aberration of how we do electoral politics. No one materially affected by who wins what office, sees any need to reform the system. The ballot box has always been the last and least best method to effect real political change.
1
CBK,
I’m all for million-people marches. That’s what it’s going to take to turn this around because the elites have made it clear that they’re fine with the status quo.
A paper printout of your vote won’t work because all that it tells you is how you voted. BUT it doesn’t tell you how your vote was tabulated.
While voting machines can be hacked the greater danger comes from insiders. It is important to point out that no evidence has been put forth that Russia “meddled” in our elections.
1
It’s not that the government and corporations don’t know about the threat or that there is no way to protect against it. The truth is they don’t care. They really, really don’t. Corporations figure they won’t lose anything and the government wants permeable systems so they can hack them.
Bambi was innocent. Our leaders are not. Our “leaders” are too busy making sure women can’t make choices or seniors can’t get health care or the poor can’t get food or humans can’t marry who they want. They don’t care about anything else. If they did our country would not look and sound like the third world.
It’s time we started holding our leaders both governmental and corporate accountable.
I’m all for paper ballots as suggested below. There are no protections with digital voting.
83
Don’t forget their number one priority—tax cuts for the wealthy!
3
It has been suggested that we rally a national movement to go a step further than paper ballots: every voter request and mail an absentee ballot.
23
Absentee ballots won’t change the system that is in place. For example, Oregon’s mail-in ballots are counted by machine. And the chain of custody is a problem with mail-in ballots among other things.
NYT: Error and Fraud at Issue as Absentee Voting Rises https://tinyurl.com/ydbr84qa
2
Clearly, voting machines should be off the net and not even computerized. We need to go back to the mechanical counting machines, which come with the big red handle! Or even paper. The integrity of voting should not be trumped [pun not intended] by the seductive lure of the convenience of electronic voting.
97
Tjhe only way to get businesses to spend the money necessary for cyber security is to threaten an attack that will cost them more. We should make such attacks a major source of government revenue by having a government agency hold private or government data for ransom as long as it is possible to do so. Only when lax data security has real costs will it be fixed. It is too dangerous to leave it to our enemies to do this, so we must instead do it to ourselves first.
4
Blame our short sighted business leaders and our always on sale politicians for letting all forms of infrastructure vulnerable to both attack or just plain collapse on its own. Despite their best efforts we currently still have a semi-functioning Democracy, but give them another decade or so and Mike Judge's Idiocracy will be covered in History classes.
16
It is clear that neither Congressional Republicans nor the Executive Branch have any intention of interfering with Russian meddling in our elections because it benefits them.
Russia gave the GOP the presidency, including two SCOTUS appointments and very possibly, a Senate majority. The GOP and their rich, richer, richest backers couldn't be happier with our budding American autocracy and would love a repeat of 2016.
It's all about absolute power with the Banana Republican Party - the top 5% control wealth accumulation, the lowering of labor costs and shredding the social safety net while the far right evangelical wing suppress women's health care choices, gender and marriage equality and which neighbors it's okay to love.
There will be no help from the Republican Party. In fact, House Republicans are still working 24/7 to cover up any Russian collusion by Trump, his family, the RNC, the Trump Campaign and others through gaslighting, fake Fox News and outright lies.
Where are the Democrats? They could be killing two birds with one stone by combining the Mueller investigation with a new SCOTUS pick:
Until the Mueller investigation determines whether or not Trump and his campaign colluded with Russia, the new seat remains vacant. For almost one year SCOTUS worked just fine with eight Supremes. It would be a serious failure of Mitch McConnell and the Republican Senate majority if they allowed a possible criminal to choose his own judge.
That's a fight Dems could win.
59
Sounds good. But why are the Republicans so intent on covering for Trump? The Russians also hacked into the RNC and into key Republican senators' email accounts and some GOP state organizations. We don't know the full scope yet Rep. Devin Nunes, Trey Gowdy and others have gone to great lengths to throw shade on the special investigation and take the Justice Department and FBI to task. Their behavior doesn't make sense. If starts to add up if you consider that Russia may hold compromising information on them and other key Republicans and GOP operation. Putin, the world's richest man, can buy a lot of influence.
6
It was NOT a Republican Secretary of State who was paid $145 million by various Russians for delivering on the Uranium One sale and actual shipping of North American uranium to Russia.
In 2012, South Carolina Dept of Revenue was hacked and 4 million personal records and 700,000 busness records were stolen.
The state of security in the Dept of Revenue at the time was lax and negligent. They had been warned. However, it was representative of what most businesses and employee training is like today. Most employees couldn't identify a phishing attack if it had bells and whistles announcing its presence.
It cost the South Carolina 12 million dollars in credit monitoring for those hacked.
What is valuable is to see what was done in the state afterwards and continues. The following URL paints a very readable picture for those wondering about good first steps, that even today, most businesses claim are too expensive.
https://www.greenvilleonline.com/story/news/crime/2016/08/12/four-years-...
Most security training these days tries to balance security cost versus the cost of what was lost or stolen. Problem is, what price do you put on the world's leading democracy - the democracy that secures the place for democracy for all humans on this planet?
49
It gets worse: a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information.
The RNC Files: Inside the Largest US Voter Data Leak
https://www.upguard.com/breaches/the-rnc-files
Should be noted that Cambridge Analytica (also used by Brad Parscale/Trump Org) bragged it had 500 data points on 230 million Americans.
12
The theft or loss of data and other computer records happens more that we'll ever know.
1
I get ransom email spam all the time but just delete them. How do government agencies figure out which attacks are real and which are bogus?
5
Spam and malware via email are trivial issues in the world of online security. We've been fighting these problems since soon after the Internet was commercialized. Well over 90 percent of all email traffic is spam. If you only get a few spams a day, your email provider has likely blocked another dozen or two such messages that you never saw.
Spam is an inconvenience but not a threat of the sort described here.
America has been displaying its vast superior military hardware at every captive audience for a long time. The real effect of this display has been to exposed our weakness, we believe we are invincible. Mass delusion among politicians and military leaders have placed us at the brink, and now we have President who wants a shiny military parade. An excellent book but unfortunately it will be found under “novels”.
16
Excellent points: almost $800 billion now for DoD's annual budget yet America's smarter rivals see our "huge" cybersecurity vulnerability is an easier target to penetrate and far less expensive.
The new Netflix series 'Secret City' - season 1, episode 4 - provides an eerily chilling fictional plot dramatizing some of the possibilities.
4
There's been a push lately for moving to a "cashless" society, where all transactions are electronic. As Puerto Rico discovered, electronic payment systems are only as stable as the underlying power and communications systems.
I hope Mr. Kristof's article engenders some second thoughts as to the wisdom of computerization with no back-up system or disaster recovery planning. All this hype for self-driving cars, for example - jam the GPS satellites, and they stop working.
Remember, the Internet was not designed with security in mind - that came later, when people started getting attacked. Cliff Stoll's 1989 book The Cuckoo's Egg details some early security loopholes - and some of the problems he discussed are still with us today. If we're going to computerize everything, we need to start designing systems with security as a prime consideration, rather than an afterthought.
69
“Bambi” seems to refer to individuals. What you described has been studied, is well-known as realistic, and has been analyzed by our Congress, (back before Trump.) Congress encouraged all those businesses providing the utility services on which we depend to “harden” their security.
What did those businesses do? Next to nothing. Most effort went into telling Congress why they couldn’t. The reason – it was too expensive, in other words, would cut into payout to shareholders. Or, in summary, nothing happened because all the industry players had someone in Congress they could payoff.
This is a typical physical security problem. Someone leaves the barn door open. The cows disappear. A great hue and cry goes up. Barn doors are highly secured, employees are trained, background checked, given badges. Cows are permanently marked, counted frequently; guarded 24/7. If anyone asks, “Why didn’t you do this before,” the answer is because it cost too much.
Not long afterward the rancher starts complaining to regulatory agencies about the cost. Pliable regulators are elected; safeguards dropped. The cows are stolen again. Oops, what happened to that security?
We had Air Marshals and airport security checks on the books even at the time of 9/11 because of airplane hijackings in the 1970s. 9/11 didn’t have to happen but the airlines cried a river to Congress because security cut into their greed. We got 9/11.
Israel doesn’t have this problem. Do public utility security like Israel.
92
Your points are well taken. Related to utilities at least, FERC is responding to improve security protocols.
4
Two of the last five rigged Russian-Republican Presidential elections delivered a destructive Moron-in-Chief to the Oval Office.
It's long past time for securing and auditing America's failed voting process and for funding free and fair elections in the American 3rd world.
Time for international election observers to watch and report Russian-Republican vote-rigging that would make the Kremlin proud again.
“Those who vote decide nothing. Those who count the vote decide everything.”
--- Joseph Stalin (...and Grand Old Power)
239
Is there a hacker-in-chief in the oval office?
I never cease to be amazed at the gullibility of Mr Trump's base.
The cheese tariff wars are a good illustration.
Canada is the second largest market for American cheese...$400 million a year.
Mexico is first at $1.3 billion.
Mr Trump rants and tweets against Canada's 270% tariff on American cheese.
Recently, two Texans (MBA and PEng) kept banging on about Canada's 270% tariff on American cheese.
I tried to explain that if there was a 270% tariff
on American cheese, Canadians wouldn't be buying ANY American cheese, because it would cost too much.
They didn't get it !
Why is it so easy for Mr Trump to bamboozle his base?
PS
Mexico recently put a 25% tariff on American cheese. Will the hacker-in chief tweet that to Wisconsin dairy farmers?
1
We need to say clearly and loudly "We're taking it back, all of it!
Vote November 6, 2018 to begin!
1
I assume you're referring to 2008 and 2012?
2
So long as Vlad the Enabler holds on to that pee-tape (or whatever else he has on Trump) there's zero chance that our feckless leader is even going to consider launching a cyber-attack on Russia. I suspect that if he were to get wind of Putin planning another hack job come November he'd plead for him to back off the red states and target only the blue. Actually The Donald sort of reminds me of the U.S. president in "Fail Safe" who, having failed to head off an erroneous attack on Moscow, drops a nuke on NYC as an act of contrition. Of course, in this instance he'd have to give fair warning to his kids to leave the Big Apple before the Big Orange can call in the strike.
43
stu freeman:What evidence, besides the 3 Intel agencies propaganda, have you seen of any Russian government meddling cause I haven't seen any. They say everybody Russian is connected to their government now every US company can also be said connected to the US government right?. Now haven't you read what Snowden disclosed on the NSA? and haven't you read how foreign hackers stole NSA cyber tools to use against US and others?. If you care for the real truth then ask our government for direct evidence against the Russian government.
2
We sometimes worry what would happen in a non-state actor got hold of nuclear weapons. They are surely working on cyber-warfare, and they are much more likely to use it in the most destructive ways, without worrying too much about the consequences. We urgently need to beef up our defenses, not just by promising punishment.
24
They stole NSA cyber tools to use against us now think for yourself what we do to other governments. Like the NSA hacked Bibi's and Merkel's private phone. We don't just meddle we overthrow governments like in Iraq, Afghanistan and now in Iran and Venezuela.
Mr. Kristof, after Donald Trump reads (or is told about) this column; after the Republican State on Capitol Hill have been warned about this, they will respond, "well, we cut taxes on the rich and corporations. What else do you want?"
Far-sighted citizens have worried for years about the broken infrastructure that is the United States of America. One simply cannot point to any new advance in either airport security; the convenience of high-speed rail service; the electrical grid that connects us; the tunnels that bore into hills or under bays and channels to get millions of people to work; to the water that is dammed up in reservoirs; to...
No; Republicans will argue that the Second Amendment is our most precious right. They will defend violent deaths that come alive daily in our streets and schools or at night in our places of recreation. They will scream like toddlers about the mounting national debt which they themselves created and then, purple-faced, blame Democrats for the deficit.
They will not Bogart the dilatory president to got off his umm, hands, and speak to the urgency of securing America's borders from within. He's more worried about a caravan of women and children from three Central American states than he is about infrastructure repair that is now our greatest, increasingly urgent national security priority.
Speaking of the midterms, what has this docile government done to firewall Russia's probing and polluting of our voting apparatus?
Nothing at all.
199
@ Soxared Boston - Yes, here we have an article about cyberinfrastructure with nothing but bad news, as you note at the end there is no interest at all in American physical infrastructure.
I was in New England + Albany for 27 days recently and wherever I went I could see that at all levels of government there is a total absence of the concept of maintenance of systems and all too often, not even a system to maintain - think taking a train from Boston to Albany.
The presence or absence of that concept seems to distinguish my American cities from my Swedish. Here in Linköping every road including E4 displays an almost perfect surface, all utility lines are underground, the system that feeds hot water from high tech solid-waste incinerators to all buildings is maintained systematically.
I filed an infrastructure comment yesterday at http://www.nytimes.com/2018/07/03/opinion/community-revitalization-lanca... - exercise in futility since the Times does not provide articles about infrastructure. Take Greyhound from Boston to Albany and you will see what I meant to convey.
Got a reminder of childhood use of trains when my 3d world bus took us by Fenway Park, my father took us often by train from Providence to South Station and Fenway. That was in the 1940s and that seems to be where USA infrastructure still is, at best.
No nostalgia for that USA at all.
Larry L.
Only-NeverInSweden.blogspot.com
Citizen US SE
21
Dismal list--but leaves out gutting health care, civil rights, education, and environmental protections; insulting allies and slapping on them punitive tariffs; weakening alliances that have been in place for 70 years; leaving the Climate Change accord; privatizing education and prison with air traffic control and the USPS also targeted; and ensuring that treasury tax shortfalls will require draconian cuts--Medicare, Medicaid, and SS in their sights. (It's too late at night to list everything!)
4
@Larry Lundgren, Sweden: Thanks for your comment. All I can say in reply is that all the streetcar tracks are rusted; the trolley lines still snap with sparks; the tunnel roofs (Ashmont to Harvard line) look like they’re slowly crumbling under the weight of the Atlantic Ocean’s shorelines under which much of this line runs. I haven’t even mentioned the Charles River bridge, that final leap from downtown Boston into Cambridge; the long-standing structure isn’t as secure as it was once. But, hey, the rich got a tax drop they didn’t need, “corporations are people, my friend””—billionaire Mitt Romney; money is speech; “one-term president,”— don’t get me started.
Mr. Kristof,
No need for fireworks on Independence Day, after reading about Bambi lost in the woods. Our gun target center is working overtime and we have recently had an emergency drill session in our town in case we lose our country.
Before we had Trump, now tweeting how beautiful is 'My Country', there was a rumor a few years ago, that North Korea was having trouble with its internet, causing its leader to look with concern at his laptop, the Military, standing behind him, in a state of anxiety.
More tabloid news: The Statue of Liberty has just received an unexpected visit, and most likely it is one of those 'Liberals'; but Liberals are human too, and occasionally go mad like the Republican Party.
Let us hope this is not the last celebration of Independence Day, and sending you all good wishes on July 4th.
13
Kristof’s nightmares are NOT exercises in Chicken Little excess: they’re matters of grave concern on which I’m sure our own cyber people are working 24x7 to mitigate. However, they miss a politically-incorrect yet very real context that should be considered.
Almost all of the world’s countries capable of harming us in the ways he describes, and that includes our allies, largely operate and enjoy whatever prosperity they have fully cognizant (if unwilling to admit) that the engines at the heart of their sustainability are the U.S. economy and military capacities. Those that are not nevertheless are quite aware that the FIRST thing we will harden against their incursions is our nuclear response capabilities, and WHO is sitting in the Oval Office with the “football”.
Serious disruption of the prosperous West generally would signal grave economic dislocations for everyone else; and grave disruption of us, a bell once struck, even once, that cannot be UNstruck, would signal catastrophic disruption of the entire world. Independent hackers with carelessly predatory designs on us could risk greater danger from Russia than from us.
These are serious matters. But keep in mind that the reason WHY “The Hitchhiker’s Guide to the Galaxy” outsells the Encyclopedia Galactica is that the former offers on its cover the words “Don’t Panic”.
9
That's an excellent point, Richard, which is precisely why I worry more about Trump's tariffs than I do about Putin's propensity for cyber-mischief. No one can hurt us more than a U.S. president who'd allow his own ignorance as combined with his own pet peeves to run our economy off the rails.
11
Your optimistic assessment may hold weight, however, if a rogue nation is in position to exact benefits via threats to America's cybersecurity--what's to stop them from getting something valuable...like billions in aid, weapons, fighter jets, sophisticated weapons, etc. Oh, I forgot that's already happened (without the cybersecurity angle). Exhibit A: jet and weapons sales to Saudi Arabia, which is now waging war on one of the poorest country's in the world, Yemen.
6
@Richard: Sorry to break it to you but my physician just informed me I'm in excellent health. Plus, I somehow grew an inch over the past year.
The Internet, and all we do on it, is an abstraction. Losing money, losing privacy, losing our own government, these too are only abstractions. These attacks, not just advanced persistent threat attacks but also daily personal information losses, ATM skimmers, and social engineering/phishing attacks, don’t seem to phase most people. And they won’t until people, Americans, start actually dying.
I have colleagues who work in IT security and their biggest fear is a ransomware attack that shuts down hospitals. (Incidentally, some hospitals and even police departments have started to pay the ransom, which is pretty amazing if you think about it.) As long as the attackers keep their attacks in the realm of privacy and money, they’ll get away with (figurative) murder for a long, long time.
14
The City of Atlanta is still recovering from a ransomware attack that shut down most online city services. The city lost it's computerized systems to receive utility payments, and the court system has relied on paper for months. Things are SLOWLY coming back on line, but millions of dollars have been lost in productivity and payments to security firms in the attempt to recover.
28
It is insane how cities like Atlanta have moved to shift everything online & would jeopardize taxpayers this way. Millions of dollars lost?! One would expect the response would have been to shift back to a paper system for good, and that taxpayers would demand it. The world worked perfectly fine before the internet took over everything.
I'm glad to see increasing discussion of our societal fragility. Our leaders simply aren't up to date on the perils we face from characters entered on a keyboard.
Many of us understand the peril of cyberwar in our particular little niche of professional expertise. Now imagine that expanded to everything that supports our civilization, our ability to eat, drink, bring food to market - everything that keeps us alive.
The Internet makes it possible to bring everything down in hours. No nukes needed. This means that North Korea and Russia are equally dangerous to whomever they decide to attack.
16
If I were king I'd declare a moratorium on any cyber innovation, that didn't address vulnerabilities like this, until we were secure.
I understand the excitement over discovery and invention, but we haven't had a moment in many years to actually stop and consider if the impact of different technologies, improves our lives. Being thoughtful about this seems like common sense, and if our elections are insecure or if our civilization could be reduced to virtual chaos because we were too thrilled with new toys, that would be, um, regrettable.
9/11 taught us they we were vulnerable in ways most of us had never considered. We stay vulnerable to all kinds of violence, in unimaginable forms, including those listed in this column. Scrutinizing air travel carefully, is a small thing in the world of the possible.
And, given all the danger, the destructive power in the hands of so many, maybe our foreign policy and diplomacy should be based in politeness, decency and justice. Maybe we should try not to routinely antagonize the the governments of the world, or mock stateless peoples struggling to survive, three times a day, just for fun?
In all these awful scenarios, it would be good to have many friends who think nothing of leaping to our aid, as once, our country, took pride, in doing for others when they needed it.
21
There is something creepy about the mad rush with which society pushed, over a brief few years, to transfer all aspects of life--economic, social, scientific, etc onto digital technology, dismantling the previous infrastructures that often worked just as well or better, with less vulnerability. No one thought to question or discuss, our government thought only about how to accelerate the process. We're learned to behave as though the technology itself is the point. And at every stage the technological utopia dangled before us gets sillier. Self-driving cars? Talking refrigerators? Why? Centralizing all activity in one connected bureaucratic network makes a few people a lot of money, and all of us more vulnerable.
129
I agree. The unacknowledged but real religion of our times is machine worship. Mechanisms great and small are the idols of our devotion. The cyclist expects the pedestrian, the photographer the mere onlooker, to step out of their way—and neither regards such expectations as arrogant. The more powerful the machine and the more awed we are by its mysterious working, the more abjectly we bow down before it, “lost in wonder, love and praise.”
4
The mad rush is hyping a new way to make money in order to make it profitable.
1
A sad new world ... One could think of science-fiction means of disabling or even exploding the hackers machines by remote control, but how long would it be before they acquire the same technology?
Perhaps a force, similar to U.N.C.L.E., should be established , to seek out and neutralize the individual hackers, wherever and whoever they are.
10
The US and its major competitors for global power have not engaged in an exchange of nuclear explosions because the other side would retaliate in kind -- Pyrrhic victory. Perhaps this too shall be our only real protection against all out cyber-war.
6
No, there is an important difference. MAD does not work in cyber warfare. First attacker wins. The victim cannot retaliate in kind when all systems are down.
5
I am probably showing my ignorance here, but why can't we take some things (e.g. traffic lights) off the internet? The internet is insecure. Anything that needs to be secure should if possible, be taken off the internet. We had traffic lights before the internet.
210
This is a good question. My guess is that somebody is profiting by putting (and keeping) things like traffic lights on the internet. They and the politicians who work for them will fight any effort to take them off (just like the companies that make voting machines and software).
38
If the electrical grid is taken down, it wouldn't matter if the traffic lights were connected to the internet or not. They run on electricity.
16
Peckish, I believe the point of the original poster (EB) is take the electrical grid off the internet also then. We had electricity before the internet.
1
“As Sanger writes, ‘Deterrence is not working in the cyber realm.’ Why wouldn’t Putin interfere in our 2018 midterms since we’re both vulnerable and not serious about responding?”
Jimmy Carter and James Baker stated in their report for the nonpartisan Commission on Federal Election Reform in 2005 that “the greatest threats to secure voting are insiders with direct access to lthe machines.” They wrote “There is no reason to trust insiders in the election industry any more than in other industries.’”
American democracy has been under attack since we moved to computerized voting in 2002, long before any mention of Russia. Our vote counting process has been outsourced to a handful of private rightwing companies that count our votes in secret using "proprietary software." Is it a coincidence that statistical and pattern evidence from exit polls indicates that vote counts are being shifted to the right?
We need to follow the example of other democracies by going back to counting ballots by hand.
German Court Rules E-Voting Unconstitutional https://tinyurl.com/za778ju
Fearful of Hacking, Dutch Will Count Ballots by Hand https://tinyurl.com/gmyfnaw
Norwegian Votes to Be Counted Manually in Fear of Election Hacking https://tinyurl.com/y7gcwbwl
“Security and trust are vital to the conduct of elections. We shall not be naïve, nor allow for any uncertainty around the security of Norwegian elections. The voters will rest assured that the election results are accurate.”
337
There used to be concern about the vulnerabilities with computerized voting, but it became taboo to talk about it.
- NYT: Computer Voting Is Open to Easy Fraud, Experts Say
- Washington Post: [Md. Governor] Ehrlich Wants Paper Ballots for Nov. Vote
- WSJ: Reversing Course on Electronic Voting
- NPR: The Approaching 2006 E-Voting 'Train Wreck’
Mark Crispin Miller: Can US Elections Really Be Stolen? Yes https://tinyurl.com/y96scqlt
“The [vote-counting] system is computerized and privatized. Private companies tell us what the vote is. And we have no way to check it. We have no way to tell if it's honest. That’s the real danger here."
Josh Mitteldorf: Intro to Election Theft in America (part 1 of 4)
https://tinyurl.com/yanc473c
“Are votes in American elections being counted fairly and accurately? In an open democracy worthy of the name this should not be a question for forensic science, but in 21st century America that's just what it is. The U.S. is unique in the developed world in counting votes with proprietary software, not open to inspection even by local officials whose responsibility it is to administer elections.
“There is stiff resistance to looking at the ballots with human eyes. So we are left looking at statistics and anecdotes, trying to determine whether vote counts are honest and reliable. The evidence does not inspire confidence. But whatever you think of the evidence, there is no justification for a system without the possibility of public verification.”
121
Indeed. America's voting system insecurities have been known for years. At the 2017 Defcon, hackers competing in the Vote Hacking Village showed that "secure" voting machines can be broken in minutes. Many of the machines arrived with their voter records intact, sold by county voting authorities who hadn't wiped them first. (See link below). Hacking via a mobile app and getting remote access is fairly easy. "In one case study, the company found a poll worker in Virginia had hacked the machine so she could play Minesweeper on it."
The simple truth is electronic voting machines can also be reprogrammed to steal votes (and increasingly leave no trace.)
http://thehill.com/policy/cybersecurity/344488-hackers-break-into-voting...
Also see comments:
https://boingboing.net/2017/07/30/voter-hacking-village.html
10
This is exactly why when people say 'VOTE!' or 'Get in the voting booth', I wonder if they know that possibly our votes aren't being counted? It's futile.
3
“Suddenly, the electricity goes out at the office. Cellphone networks and the internet have also gone black.
The roads are jammed because traffic lights aren’t working. Credit cards are now just worthless bits of plastic, and A.T.M.s are nothing but hunks of metal. Gas stations can’t pump gas. Banks have lost records of depositors’ accounts. Dam floodgates mysteriously open. Water and sewage treatment plants stop working.
People can’t reach loved ones. Phone systems are down, so 911 is useless. Looters roam the streets. Food and water soon run out in the cities".
Mr. Kristof, these scenes of domestic carnage describe exactly the devastation of Puerto Rico after Hurricane Maria. This destructive force of nature is as deadly as any terrorist cyber attack. American citizens are still defenseless and an indifferent government goes about its business. How would Americans on the mainland react to their lives being turned upside down and inside out? Your opening paragraph consists of what-ifs for stateside citizens but is an everyday nightmare for Puerto Ricans.
The Russians will again interfere in the campaigning prior to the midterms. They have nothing to fear because the president has their backs and they know it.
The president falsely accused Muslims of cheering in the streets during the 9/11 terrorist attacks but he cheered lustily when Russia's cyber meddling gave him the presidency on a silver platter. He doesn't care about cyber attacks. Power is all that matters to him.
297
Right. Anyone trust that Trump is really going to mention to Putin that he should knock off the interference? Or that we'll hear anything deeper than that his pal Vlad feels innocent? Funny how some people get passes from Trump and others won't get a fair shake.
As for the apocalyptic scenes from PR, you can be sure that Trump would never have accepted such scenes in TX or FL, and certainly wouldn't have blamed them for their predicament. With him, it's about identity with victims, not about the crisis itself.
25
Power is all that matters to the Republican Party. I’m also pretty sure that congressional (house and senate) Democrats care more about getting re-elected than about issues or constituents, even though the Democratic Party as a whole seems pretty content to keep losing elections.
1
"They have nothing to fear because the president has their backs and they know it."
They were interfering in the 2016 election (and well before then) when Obama was President. Did they know that he "had their back"? He sure didn't do a thing about it.
Still, I have to hand it to the Russians. The two candidates spent well in excess of two BILLION dollars spent trying to influence voters. The Russians must be pretty smart. Drop a couple of million on fecebook ads and a few other things and they swung the election. Right.
Stop looking outside. Accept the fact that 63 million of your fellow Americans were so fed up that they turned to Donald Trump. Our system is broken.
In 1994 the internet was a bold and exciting frontier. It promised to provide untold methods to advance knowledge and communication-- to foster learning and collaboration, to bring the world together as one. Today, those open fields and pastures have been fenced off and carved up to serve the purposes of a few large and largely unaccountable corporations.
Bad as this is, the threat posed by malicious state actors eclipses the expanding threats of surveillance capitalism. As John Podesta learned, most people have no clue of the dimensions of the threat that a rogue email can pose to the country and, indeed, the world.
The solution I have adopted is a hard one. (And, as this post testifies, only a partial one.) But in the last few months I have scaled back my own usage of the internet. I have started paying for things in cash and writing physical letters to people. I no longer carry a mobile phone when I go out.
We need to recognize that in too many ways the internet was, for all of its hopes and dreams, a sort of Trojan horse which, having been welcomed into our world, now threatens to destroy what generations of patriots fought and died to create.
84
Cyberwarfare is asymmetric warfare. You only need one exploit as an attacker to succeed, but as the target you must withstand all. David can bring down Goliath.
That's the case as long as we build systems the way we do. With what I call "M&M security". Hard shell on the outside; soft, gooey center. That's an engineering choice based on the cost, and the poor performance, historically, of computer hardware. It's no longer expensive or slow. Now the number one CS engineering challenge is security, but we can't adapt.
Don't blame IT. They know it's a real problem. Blame Finance: they won't pay for it.
169
Plus the whining about inconvenience is never ending.
1
Also involved is the IT industry itself, where the priority is to make the big bucks by getting it out there first and marketing it well, rather than making sure it is safe and not subject to abuse.
Since Facebook has abused us and our privacy, we should abuse Facebook's owners, its stockholders, by making the value of their stock shrink. This just might change the way investors evaluate IT risk.
1
One dynamic not mentioned here is that Republicans benefited from the cyber vulnerability in 2016 and many would like to see more of the same. That as much as anything else is responsible for the foot-dragging on cyber-defense.
196
Nick, I've been telling the Husband this for years. But, being the Uber Nerd Engineer, he thinks I'm just paranoid. I personally can't do much about institutional or government Computers. But, I can do something about my use. I've NEVER been on Facebook, never will. I use only my iPad and iPhone, completely serviced and checked for " bugs " often, by the aforementioned Nerd. This entire topic certainly should be a part of our political discourse, before an electronic and contagious 9/11.
Thank you.
102
Nah. Here we have more of the Chicken Little Effect in action. It is prevalent all across the political spectrum. Be afraid says the USGovernment. Be very afraid. The [Demons du jour] are coming to get you, and only We can protect you. Meanwhile gently sliding its hand a little deeper into our pockets.
So the people are running around shrieking Help Help The Sky Is Falling and the USGovernment gets carte blanche for whatever infamies it favors at the moment. Well I'm not afraid of the Demons and I'm not afraid of the infernal USGovernment. I say the only thing we have to fear is fear itself.
1
When Roosevelt used that phrase he wasn't advocating head in the sand and denial. Like the very real threats we faced then these are unwise to ignore. I'm sorry if the examples provided are not sufficient to your taste or that you won't be convinced until after "the sky is falling" but I have an equally pertinent saying for you, "An ounce of prevention is worth a pound of cure"
The DNC was hacked because some fool received an email claiming his account had been hacked and directed him to a bogus site to 'reset' his account by entering his email address and password - not some fictional worm created by mutant genius hackers - the same sort of attack that anyone could do with an ability to google.
You can't cyberproof against stupid.
67
Yes. But how did the hackers get said fool's email and sufficient information to mount a successful spear phish?
1
A significant proportion of successful hacks are of this kind. So we have no choice but to also protect ourselves from this kind of attack. Which can be done.
SteveRR wrote:
"The DNC was hacked because some fool received an email claiming his account had been hacked and directed him to a bogus site to 'reset' his account by entering his email address and password - not some fictional worm created by mutant genius hackers - the same sort of attack that anyone could do with an ability to google.
You can't cyberproof against stupid."
1
We should be widely implementing training against "social engineering" and phishing. My company requires annual training about the Foreign Corrupt Practices Act (we're not to recognize and not accept bribes). Why not similar training, on a national scale, against the human vulnerabilities in our systems?
1
I'm sorry, I simply don't understand this nonsense. If we don't have "black hats" going after the bank accounts of Oligarchs, we need to immediately hire them (on commission). If we can launch a cyber attack against Iran, we can certainly open the odd Panamian or Cyprian bank account. No one obeys the Rules of War (including us), why would anyone obey anti-hacking rules? Pay-back's a hack and crack.....
14
"The Russian hack of Democratic emails should have been a wake-up call."
There have been wake up calls. The spear-phising attack has been around for years.
Had this happened to a Republican during this election cycle we would have heard about how they (Republicans) are ignorant of everyday practices for email and Internet access. They would have been labeled victims of their own stupidity.
Since it happened to Democrats closely associated to Hillary, well it was an act of war! (see Friedman). Podesta and individual responsibility?
Website attacks are another matter and a cause for concern. It appears the bad guys are not afraid of us. In the 1980s the Soviets were afraid of us - no Reset Buttons then.
7
What?
You took a long walk around the subject just to jab at Hillary.
@Robert: If you pay attention during that long walk you might learn something and realize why the Russians did not fear us.
And then let's remember that the FBI recently recommended that each and everyone of us reset our modem passwords, because of a threat from Russia. If that's not a wake-up call, what is? This is all going to end in tears.
We must face the the truth that computer security is terrible. We let Microsoft and electric companies off the hook by making excuses like "no security is perfect." We tell ourselves that victims are foolish, because it is comforting to believe our lack of foolishness will protect us. The reality is that they reap the profits that come from cheap security, and soon it won't be the supposedly foolish who pay the price. It will be all of us. Neither the media nor the regulators understand this well enough to protect us.
39
Wait a minute Nick. Remember all the panicky columns and articles about something called Y2K? Before 1999 ended and 2000 officially began there was also this similar terror that when the old century ended all of our electronic devices would automatically collapse when the new century began. The electricity would go out, ATMs wouldn't be able to distribute any cash and credit cards would be absolutely useless. I'm getting a little tired of columnists writing articles about how "we're all going to die" in the event of a hypothetical cyberattack against our voting machines. Why don't we go back to using plain old paper ballots instead? They worked for over 200 years.
49
Sharon,
I agree with the ballots. But comparing a cyberattack to Y2K is like comparing apples and oranges. You could, if you know precisely on the millisecond when the attack is coming. That was the case with Y2K. All critical systems were hardened, you just didn't notice any disruption.
With a cyberattack, there will be no warning and the attackers will attempt to swart all protective moves. It's like Y2K in unforeseeable permutations.
Sorry, I wasn't worried about Y2K for the above stated reasons. I am VERY worried about our vulnerability now. Our dependence upon the digital grid has become near absolute.
We need analog backup systems.
5
Wait a minute Sharon.
Over $ 100 billion in the US ($ 9 by the Fed Gov't.) and $ 3-500 billion worldwide was spent to fix Y2K bug and prevent the predicted problems.(http://www.slate.com/articles/technology/technology/features/2009/apocal....
Whether some of that was unnecessary people of goodwill can debate. But, you can also look at it as repairing the bridge before it collapses - or pick your favorite infrastructure metaphor.
With regard to voting - other large developed countries use paper ballots (e.g. UK) and typically the results are in by 2 or 3 AM the day after the polls close - I agree that approach appears to have much to recommend it.
The United States military and intelligence community are hardly innocent Bambis in the woods when it comes to offensive cyber operations. It is also confusing and imprecise to hear the term "hacker," usually applied to independent programmers who seek knowledge through experimenting with computers, applied to military offensive cyber operations by nation states.
The United States has allegedly pioneered offensive computer and network operations. The unclassified April 17, 2015 "DoD Cyber Strategy" document embraces "Build and maintain ready forces and capabilities to conduct cyberspace operations;" as the first of its "Five Pillars" entitled "Strategic Goal I."
The US has allegedly engaged in historic, as well as ongoing, offensive cyber operations against other nation states in conjunction with its allies, particularly the "Five Eyes" and Israel.
NSA reportedly maintains and engages in offensive operations under the rubric of "Computer Network Operations" from an operations center in Maryland, and in Hawaii, Georgia, Texas, and Colorado.
The New York Times does a disservice to its readers by suggesting that the US are babes in the woods and coming late to the idea of offensive cyber operations. In fact, the US historically is apparently a prime instigator and facilitator of such activity.
Henry Edward Hardy
former Senior Systems Administrator
Tufts University*
*institutional affiliation for identification purposes only
46
The increasing cyber danger as well as the ever-present nuclear threat of extinction can only be reversed if all parties see the benefit of reversal. It's way past time to sit down and TALK!
12
The federal government probably does have formidable offensive cyber capabilities, but this article is emphasizing the country’s lack of defensive capabilities, particularly for critical civilian infrastructure. State and local election officials, for example, are definitely Bambi in the woods compared to young, aggressive, well-trained, well-funded programmers and network experts working for the Kremlin.
Henry, your points are valid, however, you overlook the fragmented nature of our infrastructure. There are 52 state election systems, regional ISO electrical sectors (FERC is asleep at the switch, especially with reduced federal responsibility), numerous banking systems, etc. This resource dispersion may provide some resilience, but there is only incidental federal support and no leadership in this matter.
2
It's hard to believe that a country as rich and powerful as this one is, still hasn't learned a lesson from past cyber breaches both here and abroad.
This is a clear and present danger far greater than tech companies spying on private email accounts or Russian cyber interference in presidential elections -- this is a threat with the potential of stopping the world as we know it by either setting off a false military attack, rendering financial transactions lame, or shutting down worldwide communications systems altogether. The threat is real.
Which is also why one must wonder why the U.S. was so slow in removing Kaspersky AntiVirus and Security software from vital and sensitive government systems after Israel discovered Russian hackers exploiting it in search for American secret passwords.
Didn't the fact that Kaspersky was developed by an ex-Soviet Intelligence officer (just like Vladimir Putin) ring any bells?
It was certainy no secret that they were working in tandem with the Kremlin.
And given this background, one must not only wonder why Kaspersky Labs recently moved operations from Russia to Switzerland, but when will the U.S. finally going to wake up and realize that it's not nuclear bombs or specifically banned countries, but cyber activity that is the real threat to U.S. security.
And the clock has been ticking for a long time.
91
"Rich Powerful" ?
What a joke this may be one day soon.
Nothing can be said. Nothing much can be done because we are so divided. And the so -called Rich & powerful actually think they are insulated and removed from all this peon hand wringing. To a degree, I suppose a few smart ones may be. But there is a reckoning coming and we will ALL be paying for the greed & arrogance ...
1
RE: "Didn't the fact that Kaspersky was developed by an ex-Soviet Intelligence officer (just like Vladimir Putin) ring any bells?"
Who knows better how to fight crime than a criminal.
Isn't the same rational Trump used to say he better qualified to reform the tax system than anyone else? Isn't it the same rational used by those who employ so-called reformed criminals to prevent hacking and other crimes.
It's only when it back fires does it seem like a bad idea.
I agree.
The fact that the U.S. government even considered using Kaspersky software doesn't make me feel very good about the people who made the decision to do so.
Speaking of Kaspersky, they advertised heavily on NPR during the 2016 election cycle, then suddenly stopped when Trump won. Were they trying to infiltrate the liberal base?
The greatest military in the world will be useless in a cyber attack when the computers cease to work. Far fetched? Not really. All this favoritism towards Russia and North Korea have me perplexed. Our elected officials are silent in the midst of all of this as if they have something to hide. I am fearful for our country. All of the flag buttons and flag waving might satisfy the ignorant and gullible, but these are strange times and we are being governed by politicians whose main focus is on themselves and the 1%, not their country or the people they are supposed to represent.
103
The greatest military in the world will not be useless during a cyber attack. Why do you think we haven't been shut down yet? We have a submarine fleet that can wait indefinitely to counter- strike if it comes to that, but I can tell you it will not. Our enemies will play us at the margins, but they will never take on the US military. So don't worry.
This article is right-on. WWIII is in process right now: its cyber-war. While the US spends more and more on WWII technology, including redundant nuclear weapons, it doesn't pay its geek anti-hackers enough to retain them. Putin has publicly spoken and identified the next weapon that will dominate the world as AI (artificial intelligence). Both Russia and China have focussed their efforts on high-tech sectors that will be the strategic weapons, both economic and potentially destructive of the future. 'Man lives by his wits.'
60
Artificial intelligence will never dominate the world. He just wants you to believe that. This is nothing more than Russian propaganda that you seem to be buying into. We live in a physical world, a kinetic world. Hacking never killed anyone. Certainly we are vulnerable to hacking. But, the Congress just upped the defense budget by 2 hundred billion dollars as away to say to Russia and China: Don't bother even trying to catch up to us militarily.
More than 4 years ago a friend at the DOD told me, WWIII is already raging, in cyber.
I don't fear a nuclear conflict and never have. Knowing that our military is fully capable of overwhelming any adversary on that field makes any attack a suicide mission.
I do fear cyber war, however. We are already under constant attack by everything from foreign governments, to criminal networks to lone wolves.
We're behind on defending ourselves -- it's a constant battle to try to keep up with the attacks.
What about going on the offense? It is easy to identify who launches a missile, but trying to pinpoint the source of a cyber-attack is like trying to identify which mosquito in a swarm just gave you malaria and then figuring out where it came from and who sent it to bite you. You would like to target that one bad actor without doing the cyber equivalent of draining the marsh and then setting it on fire. That could escalate quickly to all-out cyber war.
17
Actually there are ways to identify cyberattackers' respective signatures and and trace "breadcrumbs" they leave to their sources in the wild. We can also detect and destroy hacker infrastructure prior to launch, crippling or neutralizing attacks under construction even by nation-states.
4
Donald Trump does NOT know more than the generals. Which makes me wonder: How much do the generals know? Trump insists on increasing the military budget multi-fold and developing nuclear deterrence, whereas the US cyber-deterrence is in desperate need of improvement. The generals must love the the budget increases -- warfare and defense is their business -- but why don't they allot more of the budget to cyber-deterrence? Are the generals as out-of-touch as the president? It doesn't appear so -- we have a military that knows and develops technology for modern conventional warfare. So either Trump doesn't listen to the military's suggestions to improve cyber-deterrence, or our commander in chief has too much power for a leader who's uninformed, technologically ignorant and refuses to accept council from the military. The Republican Congress is complicit in this negligence. The 2018 election might be another win for Republicans if Putin gives the go-ahead to Russian hackers again. Our leaders are dinosaurs, consumed with self-interest. America is in grave danger. It's time for a young, intelligent, well-informed, dynamic government with the country's interests at heart.
34
Maybe - just talking here - critical systems and information shouldn't be accessible via the internet?! It wasn't very many years ago that we got along just fine without it. And nobody could sit in a closet somewhere and push buttons that destroyed lives and property. You actually had to talk to people and/or go do something to make something happen. The world was not worse off than it is now. I think it is the height of stupidity to make ourselves vulnerable by our ever increasing reliance on technology. Yet here we are. The only defense, apparently, is to do unto them what they do unto us. And vice versa. Insanity!
54
Yes, there are a lot of systems that should be air-gapped (not able to connect, at least without in-person physical action, to the internet). Plenty of "white-hat" security experts are available to help, but of course takes money, management attention, and in some cases political will to hire these resources. I hope the inevitable crisis that finally catalyzes broad attention to this issue is merely inconvenient --and doesn't cost American lives.
4
My view is a variant of John V's. Talk of "reliance on technology" is oversimplified. Almost inevitably, we rely on some technologies and not on others — and why.
One behavior that's been dangerous and often pernicious has been America's almost intentional "see no evil ... " approach to widespread applications of new computer-based technologies. Routine internet-based spying, for example, has become pandemic in the US.
Specifically pertinent to Mr. Kristof's concerns: as long as new technologies lower *initial* costs to business firms, the technologies seem to be adopted with little critical analysis. Firm-level security therefore seems to take a back seat to cost-cutting ("efficiency" and "productivity"); breaches don't seem to trouble many firms, and there is little corporate accountability.
Related, and perhaps even more serious, has been the apparently endemic lack of attention to *system-level* vulnerabilities like those Mr. Kristof describes. It's analogous to building an inverted pyramid in a hurricane-prone location and not being concerned about its stability.
Americans have been cowed by "technology" companies' self-serving warnings against slowing down "innovation" (as though all innovations are beneficial!). Collective action — the only kind that can address system-wide issues — has been stymied by Americans' recent (and, in my opinion, largely unfounded) distaste for government. These mental maladies must be overcome before it's too late.
2
The attitude to "cyber security" (and domestic terrorism) is not unlike the attitude to international terrorism prior to 9-11.
1