Via Inside Sources

The big news coming out of the G7 meeting in Japan will not be about establishing international norms for cybersecurity. That will only get an honorable mention at best. But maybe it should get greater attention: The threat is real and growing.

Consider just these four events of the recent past:

The electric grid in Ukraine was brought down last Dec. 23 by, it is believed, the Russians. Because of its older design, operators were able to restore power with manual overrides of the computer-controlled system.

The Hollywood Presbyterian Medical Center in Los Angeles was ransomed. This crime takes place when a hacker encrypts your data and demands a ransom, often in untraceable bitcoin, to unlock it. The hospital paid $17,000 rather than risk patients and its ability to operate.

While these ransom attacks are fairly common, this is the first one believed to have been launched against a hospital. Previously, hospitals had thought patient records and payment details were what hackers would want, not control of the operating systems. Some of the ransoms are as low as $3,000, with the criminals clearly betting that the victims would lose much more by not settling immediately, as did the medical center. The extortionists first asked for $3.6 million.

In a blockbuster heist on the Internet, the Bangladesh central bank was robbed of $81 million. The crooks were able to authorize the Federal Reserve of New York to release the money held in an account there. They would have got away with another $860 million, if it were not for a typing mistake. In this case, the money was wired to fraudulent accounts in the Philippines and Sri Lanka.

Target, the giant retailer, lost millions of customer records, including credit-card details, to an attack in February 2014. Since then, these attacks on retailers to get data have become common. Hackers sell credit card details on what is known as the “black web” to other criminals for big money.Often the finger is pointed at China, which will not be at the G7. While it may be a perpetrator, it also has victim concerns. There is no reason to think that Chinese commerce is not as vulnerable as that in the West.

China, with the help of the Red Army, is blamed in many attacks, particularly on U.S. government departments. But little is known of attacks Chinese institutions sustain.

Governments want to police the Internet and protect their commerce and citizens, but they are also interested in using it in cyberwar. Additionally, they freely use it in the collection of intelligence and as a tool of war or persuasion. Witness U.S. attempts to impede the operation of the centrifuges in Iran and its acknowledged attacks on the computers of ISIS.

As the Net’s guerilla war intensifies, the U.S. electric utility industry, and those of other countries, is a major source of concern, especially since the Ukraine attack. Scott Aaronson, who heads up the cybersecurity efforts of the Edison Electric Institute, the trade group for private utilities, says the government’s role is essential and the electric companies work closely with the government in bracing their own cyber defenses.

Still, opinions differ dramatically about the vulnerability of the electric grid.

These contrasting opinions were on view at a meeting in Boston last month, when two of the top experts on cybersecurity took opposing views of utility vulnerability. Juliette Kayyem, a former assistant secretary for intergovernmental affairs at the Department of Homeland Security who now teaches emergency management at Harvard’s Kennedy School of Government, said she believed the threat to the electric grid was not severe. But Mourad Debbabi, a professor at Concordia University in Montreal, who also has had a career in private industry, thinks the grid is vulnerable -- and that vulnerability goes all the way down to new "smart meters."

The fact is that the grid is the battleground for what Aaronson calls “asymmetrical war” where the enemy is varied in skill, purpose and location, while the victims are the equivalent of a standing army, vigilant and vulnerable. No amount of government collaboration will stop criminals and rogue non-state players from hacking out of greed, or malice, or just plain hacker adventurism.

Governments have double standards, exempting themselves when it suits from the norms they are trying to institutionalize. Cyber mischief and defending against it are both big businesses, and the existential threat is always there. 

Llewellyn King is a longtime publisher, columnist and international business consultant. He is host and executive producer of White House Chronicle, on PBS.

Editor's note: See bostonglobalforum.org for coverage of  international cybersecurity issues.

(April 28th, 2016) The Boston Global Forum (BGF) will host a May 9th Conference titled “Building Ethics Norms for Cyberbehavior’’. This conference (time, place and speakers below) is in part a follow-up to the recent creation of the BGF’s “Ethics Code of Conduct for Cyber Peace and Security,’’ which has been informed by BGF online dialogues with cyberexperts from several countries.

It is part of The Boston Global Forum’s BGF-G7 Summit Initiative, in which the BGF has convened leading scholars and business, technology and government leadersto seek solutions to pressing global issues involving peace, security and development. This BGF group has been working with Japanese officials to draft proposals to present to the national leaders meeting at the G7 Summit on May 26-27 in Japan.

The BGF’s biggest priority leading up to the summit is developing  what it calls “Strategies for Combating Cyberterrorism’’.

The May 9 event:

Time: 7 p.m. (EDT) May 9, 2015

Venue: Room 2, Harvard Faculty Club, 20 Quincy St., Cambridge, MA 02138

To be live-streamed at www.bostonglobalforum.org

The conference will be directly linked with participants in Tokyo and Bonn.

For further information, including on attending the conference, please send queries to: Office@BostonGlobalForum.org.

The conference will be moderated by:

• Former Mass. Gov. Michael Dukakis, Co-Founder, Chairman, Boston Global Forum.

Speakers:

• Prof.  Jose Barroso, former President of the European Union.
• President Vaira Vike-Freiberga, former President of Latvia, President of Club de Madrid.
• Prof. Thomas E. Patterson, Co-Founder, Member of Board of Directors, Member of Editorial Board, Boston Global Forum; Bradlee Professor of Government and the Press, Harvard Kennedy School.
• Prof.  Joseph Nye, Member of the BGF Board of Thinkers; University Distinguished Service Professor, Harvard Kennedy School.
• Prof.  Koichi Hamada, Special Adviser to  Japanese Prime Minister Shinzo Abe.
• Prof. Thomas E. Patterson.
• Nguyen Anh Tuan, Co-Founder and CEO, Boston Global Forum; Chair, International Advisory Committee, the UNESCO-UCLA  program on Global Citizenship Education.
• Prof. John Savage, An Wang Professor of Computer Science, Brown University.
• Ryan Maness, Visiting Fellow of Security and Resilience Studies, Department of Political Science, Northeastern University.
• Tomomi Inada, Chairman of Policy Research Council of Japan’s Liberal Democratic Party and a Member of the Japanese House of Representatives.
• Prof.  Nazli Choucri, Professor of Political Science, MIT; Director of the Global System for Sustainable Development (GSSD).
• Prof. Chris Demchak, RADM Grace M. Hopper Chair of Cybersecurity and Co-Director of the Center for Cyber Conflict Studies, at the U.S. Naval War College.