In Cyber-security, as in life itself, prevention is the cure. The latest influenza epidemic in Spain showed that a vaccination in time can prevent a disruption in our daily lives and even worse things. Cyber-security is no different. In both cases, we are dealing with viruses and all their consequences.
What do we have to worry about in 2018?
I would focus on Data Theft and Cyber-Physical Attacks.
It is not a random choice. Cyber-attacks are for a reason. Analyzing them to understand these reasons helps us to predict the nature of the attacks. The international situation, technological trends or the fight for power based on religious, ethnic or cultural grounds are amongst the main causes.
The true battle is no longer waged on the battlefield with tanks, guns and large armies. Today, these battles are waged in cyberspace and are just as cruel. Let’s see why:
Data theft. The cybernetic version of the age old custom of stealing information. Information is power and the theft and leaking of data a profitable business. I’m not talking only of stealing e-mails or passwords from famous people who pay dearly for their personal exploits by using unimaginative passwords. I’m talking of extremely valuable economic and political information. Think about Equifax and the famous theft of their client’s credit information. Think about insurance companies or health centers with confidential data on our physical or mental health. Think about all the companies that have personal data (not only the first that come to mind, such as Facebook, Google and Telefónica, etc.). Imagine your Internet browser background was stolen. Would that be uncomfortable? How much would it be worth? In many cases, quite a lot. Politicians, like the recent one in Great Britain, have to resign in these cases. Data theft can have major economic repercussions on companies and, in certain cases, even on countries. The classic cybernetic version is industrial espionage. The theft of data associated to projects and bids. Projects that may be worth thousands of millions of euros in the case of infrastructure (trains, bridges, roads, undergrounds, dams, etc.). From auctions, where the participants are competitors, to performance and construction, where they can even be other countries with an interest in preventing infrastructure from contributing to the growth of a particular region. The reason for obtaining leaked information is proportional to the profits at stake, which may be astronomical.
Cyber-physical attacks. Another cyber-security risk I should mention is the threat to physical infrastructure. Again, geo-political interests are at the source. The de-stabilizing of a country or region may be in the interests of other countries or regions. What better way to do so than to damage its infrastructure. Certain cases come to mind. Do you remember the famous case of Iran’s nuclear centrifuges to enrich uranium and thus achieve the atomic bomb? Suddenly, the issue went quiet. Apparently, someone made the centrifuges rotate at a higher speed and ruined the process. Rumor has it that the virus was introduced on a pen-drive. More recently, we saw the strange, a priori, alliance between Saudi Arabia and Israel for advice on how to de-stabilize a common enemy accused of being behind its regional conflict. The rumor is that the goal was to de-stabilize its financial structure. When banks cannot do their work, the ATMs don’t provide cash and credit cards stop working; millions of people can be affected and the country’s financial system critically injured. As the saying goes, my enemy’s enemy is my friend.
All of this sounds a long way away, but don’t be mistaken. In Europe, we have already suffered from a number of terrorist attacks perpetrated by Daesh. Just because they have been less sophisticated does not mean that they have been less devastating. Technology progresses and access to it is just like access to weapons. There is always someone willing to sell at the right price. Amongst the threats we will face in 2018 are those targeting our strategic infrastructure. Using the example mentioned above, what would happen if the nuclear power plant were in Spain? What would happen if someone hacked a water purifying system, or the supply system? What if they took control of basic food production? Let’s not overlook the fact that nowadays the majority of processes are technologically controlled by sensors that transmit information and act accordingly. If the sensor says that the temperature of the reactor is correct, or the proportion of chlorine in the water is right, or the ferments in the yoghurt are suitable, the system thinks that everything is fine. But it certainly wouldn’t be. How does this interest cyber-terrorists? It means that they can do all of this without firing a single shot, or even being close. Everything can be done from a comfortable office thousands of miles away.
Is this possible? Of course. Is it likely? Well, I can’t say that governments, institutions and companies themselves are not doing anything, or that they do not have systems and people devoted to minimizing the likelihood. However, we have to be aware that the danger is there. If those interested in causing one of these situations have the resources and access to the right technology, there is no doubt they will use it. They already have and they will keep trying. Western societies must accept the fact that these risks go hand in hand with technological development and increasing global access to networks, not only social ones. Here, there is no room for naiveness, or savings in dedicated resources. The consequences could be terrible.
Data theft and cyber-physical attacks are just two of the cyber-security dangers on the horizon in 2018. But they are not the only ones. I am convinced, as are numerous analysts throughout the world, that we will also be witness to ransomware, especially of systems housed in the cloud. I also believe that Artificial Intelligence will be used as a cybernetic weapon and that the attempts (and more than just attempts) will continue to alter election results in western countries. Finally, how could I forget the trending topic in 2017: bitcoins? To hack the mine, in other words, how they are produced, would be an interesting topic for 2018, like robbing the Mint. More details to follow soon.
I will leave you with some interesting reading:
Translated by Jeff Callow: