Cyber crime must be addressed by targetting the source, not merely blocking the methodology. Nations must be steelier in their resolve to do this.
EDITORIAL: Girding our cyberloins won’t suffice in face of the modern gangsterism of ransomware and sometimes dark political machinations.
New Zealand and other nations must also more strongly confront the need to hold nation states accountable for their roles in conniving at, or commissioning, the assaults that have become ever-more commonplace.
Lately the extortionists have reached further into New Zealand than the previously targeted Reserve Bank and stock exchange, to instead grasp the throats of health services and some of our schools.
There’s nothing very special about that, sad to say. Government operations, the corporate world, and harassed households worldwide have felt the clammy grip of cyber criminals in ways which too often have been undisclosed.
* Urgent warning for NZ businesses over ransomware vulnerability
* How emission reduction targets made by world leaders at international climate summit stack up
* US charges Russian intelligence officers in high-profile cyberattacks
Prime Minister Jacinda Ardern recently called for heightened global effort to combat the rise in cyber attacks. Her warning was bracketed by the attacks on Waikato DHB and the more recent international ransomware assault via Miami-based firm Kaseya.
That global response cannot simply be a renewed effort to fend off these attacks at an IT level. Concerted commitment for technical protections must, indeed, be treated as massive priorities requiring co-ordinated and well-resourced effort from governments and private firms alike. Which is itself a terribly complex task.
A cyber-attack on a US fuel pipeline is impacting fuel supplies in many of its of eastern states.
But more than that, to honestly confront the scale of the problem also requires the sort of political stare-downs that we’re also starting to see through the Biden administration in the US.
American and British authorities have concluded that Russian spies accused of interfering in the 2016 US presidential elections have in more recent times been turning their bony-fingered endeavours to abusing virtual private networks, hitting hundreds of organisations.
Biden has directed US intelligence agencies to investigate who was behind the Kaseya attacks and security firm Huntress believes it’s the Russia-linked REvil gang, recently blamed for paralysing US meat packer JBS.
It’s a tad disconcerting to learn that Biden has, in his stern message to Russia, identified 16 areas of US infrastructure that apparently should be off-limits, including telecommunications, healthcare, food and energy sectors.
The implicit message is that even if agreement is reached on that score it will presumably leave potential targets that are off the list – and these will be legion – in some sort of regrettable-but-tolerable realm.
For his part, Russian President Vladimir Putin reciprocates Biden’s reproach, citing attacks “co-ordinated from US cyberspace’’. And it’s true the US isn’t above a measure of retaliation-in-kind. It lined up responses following the SolarWinds hack that infiltrated US government agencies and corporations and was traced back to the Kremlin.
This time, Biden has told Putin to expect responses if intelligence pins culpability for the latest attacks on Russia. The trigger would include the attacks being made simply with the knowledge of, rather than at the behest of, Putin’s administration.
It’s highly debatable whether the best way to confront cyber villainy is to directly mirror its very tactics. Quite apart from the moral issues – there’s no parental figure here to intrude and insist “I don’t care who started it’’ – there’s the risk of escalation into the realms of the Cold War’s perilously balanced stakes of mutually assured destruction.
But the dangers and damages of cyberattacks worldwide from within not only the likes of Russia but China or North Korea and even private enterprise terrorists who have acquired ransomware, require a combination of measured political retaliation, alongside real efforts to achieve mutually beneficial political co-operation as an alternative to escalation.
And how hard could that be? Until countries can collectively answer that, we have a massively dangerous and destabilising situation on our hands.