Welcome to the Age of Malware. It promises to be a huge downer and, possibly, a great tragedy.
For years, we have regarded personal computers, the internet, smartphones and various digital devices as evidence that America continues to dominate the central new technology of our time. Just last week, Apple attained a stock market value of $1 trillion — the first company ever to do so. This seemed yet again to confirm American leadership.
The reality, of course, is much different. By now, millions of Americans — probably most — must recognize that the internet and its digital sidekicks constitute a double-edged sword. They provide services (photography, maps, email) that now seem indispensable. Yet, the same technologies increasingly pose a fundamental threat to our way of life.
Hardly a day goes by without news reports of the internet being used to undermine our democracy, steal people’s personal information (names, Social Security numbers, credit scores, health data and the like), hijack corporate secrets and attack “critical infrastructure” — the power grid, financial and communications networks, water and transportation systems.
Many Americans remain in a state of confused denial. We simply cannot bring ourselves to acknowledge that such promising technologies can be turned against us in such destructive ways.
The injection of malware — computer software (“viruses”) that aims to corrupt legitimate data systems — has become an everyday occurrence. Other digital vulnerabilities abound. Just recently, the Pentagon curtailed military personnel from using global positioning devices because they can help adversaries monitor our troop movements.
Anyone who doubts cyber’s unintended consequences should read David Sanger’s new book “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age.” Sanger, a reporter for The New York Times, has been a dogged and diligent observer of cybersecurity issues for years. His book is a readable account of what went wrong.
It’s difficult for Americans to deal with these questions, because we want to play both sides. We deplore other countries’ (read Russia, China, Iran and North Korea) use of the internet to attack their geopolitical or commercial rivals.
But we are not innocent victims. Sanger rates Stuxnet — a joint U.S.-Israeli virus that temporarily destroyed Iran’s nuclear centrifuges — as a highly successful use of the internet for strategic purposes. Similarly, Sanger presents much circumstantial evidence that, via the internet, the U.S. caused North Korean missiles to fail. (Kim Jong Un apparently solved this problem by changing rocket designs.)
Still, Sanger is not overly impressed with U.S. cyberagencies, partly because they couldn’t protect their own data. The National Security Agency — the citadel of the government’s cyberskills — experienced the theft by Edward Snowden and a successful hacking by a group called Shadow Brokers, thought to be Russian. The heist involved NSA’s own cyber “tools” used to gain entry into other countries’ data systems.
The gravest dangers involve hacking critical infrastructure — power plants and the like — that could cause widespread public disorder and chaos. At a recent public briefing, the Department of Homeland Security conceded that foreign (presumably Russian) hackers have penetrated some utilities and could have turned off the electricity.
Warfare has changed. By Sanger’s description, there are at least four defining characteristics of the new cyberwarfare.
First, compared with large and expensive armies and navies, a cybercapability is inexpensive. “Cyber weapons are so cheap to develop and so easy to hide that they have proven irresistible” for large and small powers alike, writes Sanger. This implies a proliferation of cybercapabilities, including for nonstate actors.
Second, “Unless shooting breaks out, it will always be unclear if we are at peace or war,” he argues. “Governments that cannot stand up to far larger powers with conventional armies will have little incentive to give up the advantages that cyberweapons offer. We are living in a gray zone, one of constant digital conflict.” Cyberwarriors of all varieties will constantly be testing their own capabilities.
Third, the advantage lies mostly with the attacker. There are thousands upon thousands of potential entry points into various data networks. Even if defenders plug most of them, an attacker needs to find only one to launch an attack.
Fourth, although improvements have occurred in resisting cyberattacks, they are insufficient because new networks — autonomous cars, for example — are being created all the time. “We are getting better. But we are getting worse faster,” one expert tells Sanger.
The Age of Malware is upon us. There is no obvious technical fix for our love affair with the internet. We need to recognize that the things we like about the internet are the same things that make us vulnerable to its dangers. There is no clear separation of the good from the bad. We are flirting with national disaster if we don’t curb our internet appetite.
Robert J. Samuelson writes for The Washington Post Writers Group.