By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for In Cyber Defense and Contributor, In Homeland Security
After writing a series of articles on ransomware, I started thinking about how ransomware could be used in a strategic attack nationwide, rather than the attacks we’ve seen so far on business and personal computers. While a hospital’s $17,000 payout to ransomware thieves is considered big news, the consequences of a national ransomware attack on U.S. computers would be even more devastating.
Taking the tactical attack to the next logical level means a strategic attack that is bigger in impact and payout. Remember, the 9/11 Commission Final Report stated that the “most important failure” leading to the attacks was “one of imagination.” It concluded, “We do not believe leaders understood the gravity of the threat.”
Former New Jersey Governor Tom Kean, the chairman of the 9/11 Commission, said: “[The attackers] penetrated the defenses of the most powerful nation in the world. They inflicted unbearable trauma on our people, and at the same time, they turned the international order upside down.”
Are we again failing to use our imagination? What would be the worst scenario involving ransomware, a relatively new and growing hackers’ tool in 2016-17? This type of thinking sounds like a depressing way to make a living, but that is what our nation’s intelligence analysts must think about and anticipate. Thinking in the same way as an enemy requires special training, and that training must continually improve.
What If Hackers Were Able to Control a Vital US Installation?
Joseph Marks, writing in NextGov, discussed the potential of hackers holding government infrastructure hostage. “If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, [McAfee Chief Technology Officer Steve] Grobman said, and there’s a good chance the asset owner or the government would have to pay up.”
Read the full article at In Cyber Defense.