Professor Dr Alex Frino, Senior Deputy Vice Chancellor University of Wollongong, said that cyberattacks on corporations have stolen military secrets, erased over $100 billion in shareholder value, lost the personal information of 150 million people, and led to the shutdown of critical infrastructure.
He added in his article about “Cyber security the globe” that NATO 2030 recognizes cyberattacks as a key risk to alliance members and allies. In June 2021, a senior official at the US Justice Department told Reuters that ransomware attacks were being elevated to a similar level as terrorism. Yet cyberattacks remain a critically understudied and poorly understood threat to countries around the globe. In this article I want to explain the nature and size of the global cyber security problem and a critical element for the solution– global cooperation in research and cyber solutions.
The 2022 Senior Fulbright Scholar, Florida Polytechnic University, stressed in his article that when hackers attacked the Colonial Pipeline in May 2021, they were seeking to make $4.4 million dollars through extortion. But their actions took down nearly 50% of the US East Coast’s gasoline supply. There was panic buying, hoarding, and the highest fuel prices since 2014. On May 14, 2021, 87% of the gasoline stations in the Washington D.C. area were out of fuel. The company paid the hackers $4.4 million in Bitcoin, some of which was recovered by the FBI.
“The impact of technical errors affecting critical infrastructure provides an indication of the potential risk from cyber attacks. On June 17, 2021 a technical error at Akamai, a US content delivery network (CDN) led to outages at the Reserve Bank of Australia, several Australian commercial banks, the Hong Kong Stock Exchange, and four US airlines. A mere eight days earlier, a similar issue at another CDN took Amazon, The New York Times, BBC, and the UK Government offline. An intentional cyberattack could do much more damage”, Professor Dr. Alex Frino said.
For him, these examples show how intertwined ICT systems are globally. They also serve to demonstrate that cyber attacks can be part of the increasing threat of hybrid warfare, where malicious actors do much damage while stopping just short of actions that could lead to war.
Many attacks are aimed at corporations, making cyber threats an important economic and geopolitical phenomenon. For example, military contractors have been repeatedly probed for sensitive secrets, causing geopolitical and economic damage when adversaries benefit from expensive R&D they didn’t pay for.
Cyber adversaries kill two birds with one stone by targeting companies in different countries. Ransom payments and stolen intellectual property are lucrative for the hackers. The loss of trust, business, and confidence is damaging for the victims.
Cyber criminals are also identified by NATO as one of the primary threats to the alliance. This makes cybersecurity a serious economic and geopolitical issue. In 2014, NATO acknowledged that a cyberattack could trigger Article 5, the alliance’s collective self-defense clause. In short, a cyberattack on one NATO country could lead the entire alliance to respond with an array of measures, including going to war.
As a result of the geopolitical and economic stakes, hacking has never been more serious. Unfortunately, hacking has also never been easier. An affordable laptop computer using freely available software can guess 1,000 passwords per second (3.6 million passwords per hour). While a truly complex password can take years to crack, most people don’t use complex passwords. In fact, even sophisticated corporations fall victim to seemingly unsophisticated attacks.
A 13-year old Australian hacked into Apple’s secure computer system to show off his skills in the hope the company would offer him a job. While he was caught and punished, state intelligence services are much more sophisticated than a teenager.
We can’t look at an international problem in isolation. For example, most NATO countries use a single, pan-European energy grid. Many of them share weapons systems and intelligence. But cyberattacks are a global problem, and threats to companies have reverberations across NATO countries and Australia. As I have noted, even minor technical issues in one country can immediately spread worldwide.
As nations around the world grow and prosper and become increasingly service-oriented with large amounts of intellectual property, securing secrets matters more than ever. Although we often say Apple “makes” the iPhone, that’s not really true. They design it and own the underlying intellectual property. Actually assembling the phone is a low-margin business they outsource to others. Apple is an intellectual property company.
Economic theory suggests that competition fostered by the market provides greater innovation and lowers costs. However, the diffuse nature of crucial infrastructure in NATO democracies makes cyberattacks on businesses a national security threat.
The bottom line here is that it is increasingly clear that the intertwined nature of ICT systems globally means that the only way of truly securing ICT systems in one country is to ensure that ICT systems globally are secure.
Professor Dr Alex Frino called for global research, which will look at the financial and economic effects of cyberattacks across all NATO countries and Australia—a key ally and partner to the alliance. Right now, companies have no evidence-based estimates on how much to spend on cyber-defence, and no comprehensive picture for the costs of cyberattacks across NATO member countires. We need research that will fill-in these key gaps, enabling policymakers in government and the private sector to better understand and defend against cyber threats.
He added that such research will also help governments understand the baseline for cyberattacks against NATO and NATO-allied nations. Cyberattacks are here to stay, but not all attacks are equally dangerous. Such research could give policymakers a smart, nuanced, understanding of the threat and how to move forward.
According to the expert, the results of such research are not only important geopolitically, but also have implications for corporate policy in each jurisdiction. Companies will be able to better understand the costs of cyberattacks, and thus make optimal investment decisions in relation to cyber security. They will better understand spillover risks, as well as learn what attributes may make them more or less vulnerable to attacks.
In addition, professor Dr Alex Frino said that such research will help financial market regulators in setting appropriate cyber-security policy and convincing companies to invest in cyber security. While no academic study can stop cyberattacks, such research could arm our companies and regulators with the knowledge they need to understand and fight back against this threat.