We must work together “to get out of this mess”

The failure to shut down a former employee’s email account was enough for a critical US energy company to be floored by a malicious hacker attack. For a water company in Florida, this was a case of mismanagement when it came to deploying a fix to broken old software that resulted in supply disruptions.

These are just two of the examples given by Nicole Perlroth of how small holes or seemingly innocuous problems in corporate computer networks and management policies can become gateways to much larger disasters, the consequences of which can be. go well beyond the domain of a company or an institution. In a hyperconnected world, once a hacker has a digital foot in the door, their ability to wreak destruction and havoc in a much larger area is considerable – as Perlroth details in his book, This is how they tell me the end of the world, winner of the Financial Times and McKinsey Business Book of the Year for 2021.

The book is a chilling tale of the dangers posed by essentially vulnerable computer systems that are at the center of a rapidly escalating global cyber arms race. The actors in this nebulous world, which Perlroth covered for 10 years from Silicon Valley as a cybersecurity reporter for the New York Times, are no longer just lone, mischievous criminals or hackers, but increasingly state actors with clearly aggressive intentions.

Since the end of the book, which was published earlier this year, the situation has only gotten worse. In particular, the pandemic and the associated shift towards work from home and hybrid working arrangements have offered criminals or hostile state actors new opportunities to exploit extensive computer systems. “The attack surface has widened,” she said.

In the middle of it all is a wild and nebulous marketplace, where hackers exchange knowledge about loopholes and vulnerabilities in networks and operating systems – a backdoor to a smartphone’s operating system, for example. example, is sold for millions of dollars. Known as “zero days,” these hacks have grown from the margins to one of the main areas of malicious activity.

“It’s a healthy market,” says Perlroth. This comes with a key condition: participants never talk about it because revealing knowledge of a vulnerability in an adversary’s system is tantamount to rendering it worthless as the target will move quickly to correct it.

The book opens with Perlroth’s arrival in Ukraine after the country fell victim to a sustained and widespread cyberattack orchestrated by Russia. In what she describes as “the zero point of the most devastating cyberattack the world has ever seen,” government agencies, transportation systems, ATMs and utilities have all been affected.

The most important point about Perlroth, however, is that these events are not just things that happen in distant places. Rich, industrialized, highly interconnected and digitally dependent countries, such as the United States and the United Kingdom, are particularly vulnerable and ill-prepared. “There is no cavalry,” she says, adding that she wrote the book because she wanted to “wake people up”. The magnitude of the threat, as she sees it, is captured in the title of the book. Without change, “we are in a calamitous cyberspace-induced event that will bring us all down or we will be where we are now, death by a thousand cuts.”

Nicole Perlroth receiving the FT / McKinsey Business Book of the Year 2021 award © Gareth Davies

Governments, businesses and individuals are all part of the problem. State-led offensive cyber-strategies often rely on turning a blind eye and then exploiting loopholes in widely used software. Businesses often view cybersecurity as a cost center that needs to be tightly controlled. People generally feel that they do not have a meaningful role in a much larger conflict.

That, Perlroth says, must change quickly, especially since the advent of artificial intelligence will only make matters worse, if not irreversible. Policy makers must recognize that future geopolitical conflicts “will play out like a cyber war or have a strong cyber component”. The country that wins “will look a lot like a digital Israel,” she said. “A country that can continue to run its most basic services while surrounded by hostile activity.” The United States and Great Britain, she adds bluntly, are not in this state. “If we don’t strengthen our cyber defenses, we won’t win more wars. “

Companies must take more responsibility. Boards should ask their chief information officers and security officers: “Will we be affected by the next conflict between nation states, will we resist it: or will we unwittingly be on the front lines?” in this conflict? “

“You might not think of yourself as a target as a business. You might think your own data is protected. But if you don’t monitor what’s going on on your network, you could be used as a go-between for a nation-state spy operation, ”says Perlroth. “You could be the lowest common denominator. “

In terms of what companies can do, a number of necessary actions are quite straightforward and already known. These include educating employees not to click on attachments and links, training against phishing and other common hacking tactics, the introduction of two-factor authentication, and the regular changing of Passwords. In other words, as Perlroth says, “All the things that have been told us over and over again, we have to do, but they are boring.” We must make it a priority. ”

But there is much more to be done. That’s why Perlroth herself decided to quit journalism and join the U.S. government for a two-year assignment as an advisor to a new Department of Homeland Security cybersecurity agency. The group brings together people from politics, government, tech, and experts like Perlroth.

She believes that as a journalist in Silicon Valley, she was well placed to be a “connector” and “translator” between different worlds and actors who often struggled to communicate and work with each other. “We have to work together – business and government – to get out of this mess. It involves a level of collaboration and cooperation that we may never have seen in the West. “

Frederick Studemann is the literary editor of the FT

Comments are closed.