As hacking becomes more aggressive, people are increasingly worried that network chaos will trigger wars

The nightmare of a cyber attack in the United States is happening, and it will not stop anytime soon. From hospitals to schools to government agencies, foreign opponents and criminal gangs are attacking every aspect of society.

In December alone, ransomware attacks against human resources software disrupted the operations of some hospitals operated by Ascension Healthcare, a timing system in New York City. Metropolitan Transportation Agency, And the Prince George County Government in Maryland.

However, this ransomware attack is far from the most serious incident in December, as private cybersecurity companies stated that they have seen hackers backed by China, Iran, and other countries use a widely used software, the open source logging platform Apache Log4j.

For decades, people have been warning about cyber Pearl Harbor and 9/11-style cyber attacks, but so far, the United States has avoided major accidental cyber attacks that can cause loss of life and spread to other areas of society. But considering what would happen if a cyber attack caused a war to break out, professionals in business and government are ready.

“I hate to say it, I did think about it, it’s a very scary thing, [and] I hope we will never encounter a cyber attack that is considered a declaration of war,” said Charles Carmakal, senior vice president of the cyber security company Mandiant. “And I don’t know we have had it in the United States. Things that should be declared as acts of war, but in general, in some cases, other parts of the world have been declared as acts of war. “

Mr. Carmakal pointed out that the NotPetya cyber attack launched by Russia against Ukraine in 2017 was regarded as an act of war in the United States. The NotPetya attack used accounting software to infect Ukrainian computers and disrupt the network, resulting in a loss of 10 billion U.S. dollars. According to data from the Brookings Institution, Global loss.

The rules of war in cyberspace are not as clear as in other areas.

National Cyber ​​Director John Inglis told the House Oversight and Reform Committee in November that when cyber attacks cause the same damage as kinetic weapons, they are usually regarded as acts of war, including “health and safety losses, and national security .”

Some cyber attacks are very close to Mr. Inglis’s general definition of cyber warfare.

The Biden administration stated in November that it had evidence that Iran-backed hackers used vulnerabilities in the hospital. However, the Cybersecurity and Infrastructure Agency issued an alert on hacking, saying that CISA, the FBI and its partners in the UK and Australia determined that hackers focused on exploiting known vulnerabilities rather than selecting specific targets in the healthcare and transportation industries.

The Biden administration also accused the Iranians of trying to interfere in the 2020 elections, especially against Republican lawmakers, Democratic voters and the news media. Last month, the Ministry of Justice charged two Iranians with computer fraud and intimidating voters, while the Ministry of Finance imposed sanctions on six Iranians and an Iranian entity.

Jonathan Couch, senior vice president of ThreatQuotient, a risk intelligence company, said that such cyber operations are nothing new to Iranians, but get involved in politics, especially by intimidating and spreading distrust afterwards to influence voters. The efforts of Iran are a new strategy of Iran.

“I think they have learned from the Russians. This is one of them. Despite a lot of rhetoric, it is actually a very difficult thing to invade elections on a large scale because of how we conduct elections and how these things are done, “Mr. Couch said, who has served in the Air Force. “One thing that the Russians successfully used in 2016. Now Iranians are participating. If I can’t change the vote personally, I will call it an’influence action’ and let me try to influence the voters to change their vote.”

Last year, the United States hardly suffered major disasters caused by network problems. Secretary of Homeland Security Alejandro Mayorkas recently told the editorial board of USA Today that a water treatment plant in Ozma, Florida was hacked in February and “should have been swept To our entire country.”

A hacker tried to change the sodium hydroxide (liquid discharge component lye) content in drinking water, but was stopped by a factory operator in a town near Tampa.

According to Mr. Mayorkas, hackers have no economic motives and just want to cause harm.

The smashing of the cyber attack on the United States made predictions about the future look grim, and prompted lawmakers to consider an unusual solution similar to lynching justice—authorizing private companies to legally counter attackers.

Rhode Island Democratic Senator Sheldon Whitehouse and Montana Republican Senator Steve Dynes proposed an amendment bill instructing the Department of Homeland Security to study the benefits and risks of allowing private groups to participate authority Take offensive action.

“The status quo fails to protect the American people from cyber attacks. That’s why I have to challenge federal officials to think outside the box and put all options on the table,” Mr. Daynes said in a statement to the Washington Times .

For private groups authority A legal counterattack is a proposal that may find supporters in the private sector and victims. Mr. Carmakal said he was not familiar with the senator’s proposal, but he believed that the government had an opportunity to delegate the ability of some commercial entities to take active action against the attackers.

He emphasized that not everyone should have the legal ability to fight back, because not everyone has the necessary knowledge to do so, which may lead to an escalation of conflicts.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *