Cybersecurity For Dummies. Joseph Steinberg
Читать онлайн книгу.— a problem the U.S. government is struggling with addressing as this book goes to print. Hackers no longer necessarily need to directly breach the organizations they seek to hack; they merely need to compromise one or more of the organizations’ providers. And such providers may be far less careful with their information security and personnel practices than the ultimate target, or may be subject to manipulation by governments far less respectful of people’s rights than are the powers-that-be in the ultimate targets’ location.
Political shifts
As with advances in technology, political shifts have had tremendous cybersecurity repercussions, some of which seem to be permanent fixtures of news headlines. The combination of government power and mighty technology has often proven to be a costly one for ordinary people. If current trends continue, the impact on cybersecurity of various political shifts will continue to grow substantially in the foreseeable future.
Data collection
The proliferation of information online and the ability to attack machines all over the world have meant that governments can spy on citizens of their own countries and on the residents of other nations to an extent never before possible.
Furthermore, as more and more business, personal, and societal activities leave behind digital footprints, governments have much easier access to a much greater amount of information about their potential intelligence targets than they could acquire even at dramatically higher costs just a few years ago. Coupled with the relatively low cost of digital storage, advancing big data technologies, and the expected eventual impotence of many of today’s encryption technologies due to the emergence of quantum computing and other cutting-edge developments, governments have a strong incentive to collect and store as much information as they can about as many people as they can, in case it is of use at some later date. It is more likely than not, for example, that hostile governments may have already begun compiling dossiers on the people who will eventually serve as president and vice president of the United States 25 years from now.
The long-term consequences of this phenomenon are, obviously, as of yet unknown, but one thing is clear: If businesses do not properly protect data, less-than-friendly nations are likely to obtain it and store it for use in either the short term, the long term, or both.
Election interference
A generation ago, for one nation to interfere in the elections of another was no trivial matter. Of course, such interference existed — it has occurred as long as there have been elections — but carrying out significant interference campaigns was expensive, resource-intensive, and extremely risky.
To spread misinformation and other propaganda, materials had to be printed and physically distributed or recorded and transmitted via radio, meaning that individual campaigns were likely to reach only small audiences. As such, the efficacy effects of such efforts were often quite low, and the risk of the party running the campaign being exposed was relatively high, and often carried with it the potential for severe repercussions.
Manipulating voter registration databases to prevent legitimate voters from voting and/or to allow bogus voters to vote was extremely difficult and entailed tremendous risks; someone “working on the inside” would likely have had to be nothing short of a traitor in order to have any real significant on election results. In a country such as the United States, in which voter registration databases are decentralized and managed on a county level, recruiting sufficient saboteurs to truly impact a major election would likely have been impossible, and the odds of getting caught while attempting to do so were likely extremely high.
Likewise, in the era of paper ballots cast in person and of manual vote counting, for a foreign power to manipulate actual vote counts on any large scale was impractical, if not impossible.
Today, however, the game has changed. A government can easily spread misinformation through social media at an extremely low cost. If it crafts a well-thought-out campaign, it can rely on other people to spread the misinformation — something that people could not do en masse in the era of radio recordings and printed pamphlets. The ability to reach many more people, at a much lower cost than ever before, has meant that more parties are able to interfere in political campaigns and can do so with more efficacy than in the past. Similarly, governments can spread misinformation to stir up civil discontent within their adversaries nations and to spread hostility between ethnic and religious groups living in foreign lands.
Insecure mail-in ballots as used throughout the United States during the 2020 presidential election aggravated mistrust. And, with voter registration databases stored electronically and sometimes on servers that are at least indirectly connected to the Internet, records may be able to be added, modified, or deleted from halfway across the globe without detection. Even if such hacking is, in reality, impossible, the fact that many citizens today believe that it may be possible has led to an undermining of faith in elections, a phenomenon that we have witnessed in recent years and that has permeated throughout all levels of society. Even Jimmy Carter, a former president of the United States, expressed at one point that that he believed that full investigation into the 2016 presidential election would show that Donald Trump lost the election — despite there being absolutely no evidence whatsoever to support such a conclusion, even after a thorough FBI investigation into the matter. Statements and actions from the other side of the political aisle — including the terrible chaos at the U.S. Capitol after the 2020 presidential election — showed clearly that concerns about election integrity, and the perception that our elections might be manipulatable through cyberattacks and other technology-based techniques, are bipartisan. It is also not hard to imagine that if online voting were ever to arrive, the potential for vote manipulation by foreign governments, criminals, and even political parties within the nation voting — and for removing the ballot auditability that exists today — would grow astronomically.
In an indication of how much concern is growing around potential election manipulation, consider that a decade ago, the United States did not consider election-related computer systems to be critical infrastructure, and did not directly provide federal funding to secure such systems. Today, most people understand that the need for cybersecurity in such areas is of paramount importance, and the policies and behavior of just a few years ago seems nothing short of crazy.
Hacktivism
Likewise, the spread of democracy since the collapse of the Soviet Union a generation ago, coupled with Internet-based interaction between people all over the globe, has ushered in the era of hacktivism. People are aware of the goings-on in more places than in the past. Hackers angry about some government policy or activity in some location may target that government or the citizens of the country over which it rules from places far away. Likewise, citizens of one country may target entities in another country with whose policies they disagree, or whose government they consider a national adversary.
Greater freedom
At the same time, repressed people are now more aware of the lifestyles of people in freer and more prosperous countries, a phenomenon that has both forced some governments to liberalize, and motivated others to implement cybersecurity-type controls to prevent using various Internet-based services.
Sanctions
Another political ramification of cybersecurity pertains to international sanctions: Rogue states subject to such sanctions have been able to use cybercrime of various forms to circumvent such sanctions.
For example, North Korea is believed to have spread malware that mines cryptocurrency for the totalitarian state to computers all over the world, thereby allowing the country to circumvent sanctions by obtaining liquid money that can easily be spent anywhere.
Thus, the failure by individuals to adequately secure their personal computers can