Former US Defense Secretary and CIA Director Leon Panetta in conversation with Council President Ivo Daalder on March 19, 2015.
Nearly 7 out of 10 Americans think cyber attacks pose a leading threat to US security—matching their concerns regarding terrorism and surpassing their concerns about Iran’s nuclear program—according to 2015 Chicago Council Survey results. To better understand the public’s concerns, the Council hosted a series of programs this past spring that examined how digital infrastructure vulnerabilities are undermining traditional notions of security and privacy.
During his March 9 remarks at the Council, Marc Goodman, Future Crimes Institute founder and cyber advisor to the FBI and INTERPOL, shared many startling statistics and predictions; cyber crime costs the global economy $400 billion per year, he stated, and 75 percent of Fortune 500 companies can be hacked in under 15 minutes. Given the exponential growth of computing power, the scope for such criminality is expanding beyond the ability of law enforcement to respond; Moore’s law, Goodman quipped, has given us “Moore’s outlaws.” Worse still, the burgeoning “internet of things” is creating a smorgasbord of opportunities for technological mischief and government snooping in a dystopian world of hackable pacemakers and eavesdropping dishwashers.
Governments are as vulnerable as citizens and corporations. Speaking to the Council’s Young Professionals on April 2, WIRED senior staff reporter Kim Zetter gave a gripping account of the development of the world’s first digital weapon: Stuxnet. This sophisticated computer worm wreaked havoc with centrifuges at Iran’s Natanz nuclear plant before its discovery in 2010, and offered a glimpse into a future where malicious code is created, not simply to steal information, but to destroy physical infrastructure.
The extent of official concern regarding cyber weapons was evident in the remarks of former US defense secretary and CIA director Leon Panetta, who visited the Council on March 19. Referencing the Shamoon virus, which destroyed 30,000 computers belonging to Saudi oil company ARAMCO, Panetta described such an attack on US infrastructure as his greatest fear. With such technology in the hands of terrorists, he said, they could “cripple our country” without setting foot on US soil.
“Privacy is not dead,” claimed Michelle Dennedy during her May 12 program at the Council, “but it does need a reboot.” As chief privacy officer at internet security firm McAfee, Dennedy expressed serious concerns about the ways hacking and the collection and sharing of personal data online have eroded traditional notions of privacy, but she also stressed that citizens can take simple but powerful steps to protect themselves. Using a memorable underwear analogy, Dennedy described how simple online hygiene practices, such as setting “exotic” passwords, keeping them under wraps, and changing them often, will at least mean hackers have to work for their loot, and will probably target someone else.
Dennedy also stressed the need to hold to account those who create software and handle data. Ultimately consumers have the power of choice, she reminded the Council’s audience, which they can leverage to demand higher standards of data management from corporations and service providers. Similarly, software developers need to be held liable for the vulnerabilities of their products, Goodman argued.
Fear sells, and a silver lining to the crisis of privacy in the digital age is that the market is now responding to public concerns. Silicon Valley’s venture capitalists are rushing into the cyber security space, and insurance company actuaries are scrambling to value this novel form of business risk. Data breaches may not yet have seriously dented corporate share prices, but, Dennedy asserts, executive’s attitudes are slowly changing. Certainly, the fate of Target’s former CEO, who resigned following the retailer’s massive 2013 data breach, has focused boardroom attention on the need to build the financial and reputational costs of data loss into their business plans.
Illuminating and unnerving in equal measure, the Council’s cyber threats series generated as many questions as it answered. “We live in exponential times,” Goodman emphasized, and the scope of changes to our political, economic, and social systems resulting from technological advancements are so rapid that, in many areas, our responses have yet to be debated, legislated, or coded. In the realm of cyber warfare the outlook is particularly bleak. A lack of intergovernmental clarity over how international law applies to digital weapons leaves the door open for widespread mischief, and worse, Zetter suggested.
But even Goodman, who likened modern society to a “technological house of cards,” is ultimately hopeful. In calling for a Manhattan Project for cyber security to mobilize the public and private sector in a common fight, the former LAPD street cop reminded the audience that defeating the cyber criminals is a good old-fashioned question of garnering the will and the resources.
Join the Council this fall as we explore how empowered citizens, chastened corporations, and digitally diligent governments are redefining security in the cyber age.
About the Author
Iain Whitaker joined the Chicago Council on Global Affairs in 2014 and is the assistant director, leadership programs. Prior to joining the Council, Whitaker worked in KPMG's Trade and Customs Services practice. He was also previously the legislative assistant to a UK member of parliament at the House of Commons in London. He received an MA in modern history from the University of St. Andrews (UK), and an MSc in international security from the University of Bristol (UK).