The recent Russian hacking of both government and corporate entities is just the latest in a long list of attacks by international actors along with domestic terrorists and assorted geeks. It is happening constantly and the overriding problem is the lack of disclosure. The rules regarding when the government or company should disclose these intrusions and the effects are fuzzy and not particularly enforced. The problem is huge and the consequences unknown. By the way, it is not just a direct digital concern. In April, 2013, an armed group attacked a PG&E substation in San Jose CA. They cut telephone lines and then began to destroy the electrical equipment with high powered rifles. It left the station very much disabled and PG&E had to scramble to prevent the shut down of Silicon Valley. There have been no reports of an investigation and no arrests made.
Overall, of the numerous reasons for digital vulnerability, economics is as much the cause as technology. The move to digitalization was readily accepted not only because of efficiency but also because of cost savings, especially compared to paper based information. Management loved the cost savings so there was litlle resistance to rush forward with the technology. However, the cloud is neither free nor safe. There are new budget costs for set up, maintenance and security. Management has been reluctant to acknowledge and support the costs necessary to operate and secure digital information.
In the Russia case, it was a simple invasion by updates, the kind used by all operating systems and networks and it even worked against companies involved in security. Technology is increasingly complex and it is expensive to staff in house qualified people. So as a result, government and companies outsource a lot of work to vendor contractors. For the same cost reasons, these contractors then parcel out some aspects of the project to other vendor contractors. Then these contractors do the same. So at some point, a lot of people have access to the company network or surely have the ability to access it. As you go down the levels of contractors, security verification diminishes. IT staff are often under pressure and it is not uncommon to bypass and short cut protocols or make mistakes. It is always possible to encounter bad actors who will steal information or sabotage the system.
The costs of digital security have not been fully funded and will be significant. At the higher end, they will be the economic costs associated with government efforts in response to the attacks and the ongoing efforts to prevent them. This will cause an increase in taxes along with the potential costs of international trade. Hopefully, they will not include war type conflicts. At the lower end, companies will have to increase prices to help pay for the costs of added security for their networks.
There is manipulation behind the scenes as the government and business try to get the other to pick up some of the costs. Either way, as citizens we will be subjected to both higher taxes and prices and the consequences of reduced privacy and the losses due to the inefficiencies caused by hacks, crashes and digital disasters.
(Part 1, December 4, 2018)
Joseph Testa