By Nick Schiff
From Russian election meddling to North Korean computer warfare, cybersecurity issues have roared into the center of daily life at tremendous speed. At times, these developments can seem overwhelming. So we checked in with an expert to find out what, exactly, we need to know.
Dr. Corey Hirsch is a globally recognized cybersecurity leader. When he’s not presenting papers at places like the International Cyber Warfare Conference in Washington, D.C, he serves as Chief Information Security Officer of Teledyne Technologies. He also teaches in the Technology Management and Enterprise Risk Management master’s programs at Columbia University’s School of Professional Studies. Below, he tells us about crucial new developments in his field.
Collateral Damage from Cyberwarfare
Collateral damage is as old as war itself. But we may not think about the unintended victims of cyberweapons—yet. According to Dr. Hirsch, cyberweapons, which can victimize any device connected to the internet, are even more prone to causing collateral damage than bullets or bombs. That is bad news for their victims. “Unlike casualties in the four ‘native’ theaters of human conflict (land, sea, air, space), there are no treaties, no conventions, no Red Cross, and barely any meaningful law enforcement mechanisms to protect non-combatants,” he says. The NotPetya attack, for example, which Russia launched at Ukrainians, resulted in a $200 million loss for a Danish shipping company. Boeing became collateral damage of the North Korean WannaCry attack nearly one year after it began. “With billions of vulnerable devices connected on the internet, the risks of extreme disruption…are rising exponentially,” Dr. Hirsch cautioned. Serious conversations are needed at the organizational, national, and international level to make progress on this issue before we witness further, potentially cataclysmic, damage.
General Data Protection Regulation (GDPR)
A useful catchphrase from Dr. Hirsch: “Technology leaps, the law creeps.” In other words, technology blazes ahead while “regulation tries to keep up—and often makes a bigger mess.” The latest example: the European Union recently implemented new data protection laws known as GDPR, some of the strictest in the world. They give consumers more control over how their data is collected and shared, and violations are met with fines of up to four percent of global revenue. (That would be roughly five billion dollars for Google.) According to Dr. Hirsch, the upside is that GDPR “should reduce wasteful and dangerous SPAM, and reduce the toxicity of the ‘email information bloodstream.’” The downside: criminal entities will inevitably find a way to exploit new privacy to hide their behavior. “Often, when you go toward anonymity—which is pro-privacy—you’re reducing security,” said Dr. Hirsch. GDPR will “block clues that cyberdefenders use…so it’s harder to discover who may be setting up to attack you.” As citizens of the digital age, we all need to consider how we negotiate the trade-offs between privacy and security.
Blockchain technology is an attempt to solve a fundamental problem of the internet: how can we trust people we interact with online? Blockchain is an open-source, online database that “ensures if 51% of the community is trustworthy, you can’t cheat.” The technology “could play a tremendous positive role in the future of humanity online,” said Dr. Hirsch. It has the potential to restore the viability of teamwork—which Dr. Hirsch calls “the core competency of our species”—in the finance, health care, and insurance industries, just to name the most obvious applications. “However,” Dr. Hirsch warns, “it has so far been misused.” Most people have encountered blockchain only through Bitcoin and other virtual currencies where the blockchain, far from boosting accountability has “massively inflated the threat from ransomware, DDoS, and other extortionate threats.” Individuals, companies, and governments should to monitor this emerging trend carefully to ensure it improves—and doesn’t plague—global technology.
Dr. Hirsch teaches Enterprise Info Security: Threats and Defense for the Technology Management and Enterprise Risk Management master’s programs at Columbia University’s School of Professional Studies. The Executive Technology Management program offers a Cybersecuity area of focus.