Published with Permission by:
Lint, James R., “Ransomware Could Escalate into Strategic Attacks on the US”, In Cyber Defense, 10 Apr. 2017, Web, http://incyberdefense.com/news/ransomware-escalate-strategic-attacks-us/
After writing a series of articles on ransomware, I started thinking about how ransomware could be used in a strategic attack nationwide, rather than the attacks we’ve seen so far on business and personal computers. While a hospital’s $17,000 payout to ransomware thieves is considered big news, the consequences of a national ransomware attack on U.S. computers would be even more devastating.
Taking the tactical attack to the next logical level means a strategic attack that is bigger in impact and payout. Remember, the 9/11 Commission Final Report stated that the “most important failure” leading to the attacks was “one of imagination.” It concluded, “We do not believe leaders understood the gravity of the threat.”
Former New Jersey Governor Tom Kean, the chairman of the 9/11 Commission, said: “[The attackers] penetrated the defenses of the most powerful nation in the world. They inflicted unbearable trauma on our people, and at the same time, they turned the international order upside down.”
Are we again failing to use our imagination? What would be the worst scenario involving ransomware, a relatively new and growing hackers’ tool in 2016-17? This type of thinking sounds like a depressing way to make a living, but that is what our nation’s intelligence analysts must think about and anticipate. Thinking in the same way as an enemy requires special training, and that training must continually improve.
What If Hackers Were Able to Control a Vital US Installation?
Joseph Marks, writing in NextGov, discussed the potential of hackers holding government infrastructure hostage. “If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, [McAfee Chief Technology Officer Steve] Grobman said, and there’s a good chance the asset owner or the government would have to pay up.”
What would happen if the attack came from someone other than a conventional criminal hacker? Suppose the attacker was a nation-state or terrorist group that took control of a major dam and demanded that the U.S. government pay a ransom to prevent an area or town from being flooded? What if a small country wanted money to turn the electricity back on in New York City after an outage caused by ransomware?
In March 2016, Bloomberg Technology reported, “Hackers linked to the Iranian government launched cyber-attacks on some four dozen U.S. financial institutions and a flood-control dam north of New York City in forays meant to undermine U.S. markets and national security, according to federal prosecutors.”
Beginning in 2011, Iran-based hackers targeted the New York stock exchange, NASDAQ, Bank of America Corp., JPMorgan Chase & Co. and AT&T Inc. “One of them gained unauthorized remote access to a computer controlling the Bowman Avenue Dam in Rye, New York, for about three weeks beginning in 2013, according to the indictment,” the article reported.
The hackers were thought to be working for the Tehran government and the Islamic Revolutionary Guard Corps, a well-disciplined military organization. Following the indictments, the United States placed sanctions on Iran.
Now Is the Time to Prepare for a Strategic Ransomware Attack
Hackers have been indicted in China and sanctions have been levied against North Korea for hacking. A number of countries have already studied our networks. Most of the focus has been on the tactical ransomware on businesses and people. It does not take a lot of imagination to see the potential impact of a strategic attack on our nation’s infrastructure.
The impact of a strategic attack is huge. Now is the time to prepare for a ransomware attack from a wily enemy, its aftermath and crisis management. Let’s not be guilty of another “failure of imagination.”
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”