When the general public thinks of the word “cybersecurity,” what typically comes to mind is personal data theft.
Some bad actor may steal your financial information. Some hacker will gain illegal access to your computer files. On a larger scale, someone may steal customer information from a corporate database.
Of course, such breaches can cause large-scale damage to both companies and individuals.
But now the rules have changed.
The game has evolved.
The horizon has expanded,
The conflict gaining an exponential boost as the Internet-of-Things (IoT)--where every device in your home or within an infrastructure becomes connected online--enters mainstream adoption.
Now, it’s not just the individual or the corporation to fall victim to a cyber attack.
Internet itself can be disrupted.
Meaning that entire countries can be taken offline.
Lights can be cut off. Water supplies can be halted. Temperature sensors can be manipulated to cause factories to blow up or ignite from within.
Cyber attacks are the new Weapons of Mass Destruction (WMDs). And once it happens, it can take months if at all to identify who the attacker might be.
Just a few days ago, Britain’s second busiest airport, Gatwick Airport, was brought to a halt for two days.
What caused the standstill? A single drone. Not a cyber attack, but a relatively small flying gadget.
Imagine what a sophisticated online attack might have done. Most people would rest assured that cybersecurity experts would never let such an attack take place.
But evolution in this realm sees no difference between progress and its malevolence: the more sophisticated the cybersecurity, the more sophisticated the attack.
It’s a feedback loop of escalation. Endpoint none.
Does this sound like a narrative premise to an old latest cyberpunk novel? In a way, it does. But that’s because most people haven’t yet resigned to the fact that such destruction is not only possible...it’s highly probable...it has already happened....and it will continue to happen.
It has a history that has been building up with greater frequency.
- In 2010, the Stuxnet worm took down the centrifuges that Iran was using for its nuclear program, destroying one-fifth of its nuclear facilities. Stuxnet would have needed Microsoft’s original source code, indicating that only another government--potentially the US or Iran--might have released it. The main point is the groundbreaking Stuxnet proved for the first time that a cyber attack can take down an entire infrastructure.
- December 2015, three major power suppliers in Ukraine were commandeered by hackers, causing a six-hour blackout across most of the country. The attacks allegedly came from Russia; popular suspicion accusing Russia of testing out “a new weapon” or new cyber warfare tactics.
- In April 2017, the FBI and British law enforcement warned that Russia had hacked wifi routers across numerous households. Russia’s main objective, allegedly, was to position themselves to launch attacks around the world using household routers should the need ever arise.
- In May 2017, the Wannacry ransom software disabled hundreds of computers used by Britain’s National Health Service. It took six months for cybersecurity experts to discover that the hack came from the North Korean government.
- In December 2017, the largest internet outage in history took place, caused by three men. A distributed denial of service (DDOS) attack, it took down online access across the US and parts of Europe for 12 hours.
- In April 2018, the entire country of Mauritania was taken offline for two straight days. Allegedly, the government of Sierra Leone had cut the single undersea cable that provided the country’s internet in an attempt to cripple the country’s media as part of an attempt to manipulate the country’s election.
At this juncture, it’s important to note that the last two attacks mentioned were handled by relatively “unsophisticated” bad actors.
- In June 2018, a cyber attack wiped out a third of Atlanta’s city government software programs.
- This year, the FBI warned that a bad actor may be attempting to take the 911 emergency system offline across the entire US.
The main point here is that there is not “one” bad actor attempting to take countries offline. There are many bad actors: lone hackers, organized collectives, terrorists, and rival countries.
So what might happen if the electronic or digital financial infrastructure were to be taken offline?
What if, similar to what happened to Puerto Rico after Hurricanes Irma and Maria struck, you weren’t able to access ATM machines for cash, or digital money?
What other physical forms of money might you have? Cash is limited. Digitized money or cryptocurrency would be useless (since you can’t access them). Your stock holdings would be meaningless.
What about gold and silver? What if someone willing to make a transaction with you were to offer silver or gold coin or bullion?
Most people in their right minds would take it. As both gold and silver are not only legitimate forms of money but the safest forms of money that you can privately store and use in cases such as this one.