In early May 2021, a primarily Eastern-European group of cybercriminals, who operate(d) as the DarkSide, were successful in a ransomware cyber attack that disrupted the Colonial Pipeline. This caused significant disruption to the distribution of petroleum products from the Gulf Coast to the East Coast of the United States. Such attacks demonstrate cybersecurity vulnerabilities of critical infrastructure. The owners of the pipeline paid the ransom, which will embolden more of these attacks and keep the cycle fresh.
Highwaymen and the Digital Commons
This latest exploit is remarkable for several reasons, but primarily this event reminds us of how fragile our infrastructure can be. How does this happen? The strength of the Internet is the wealth of communication it hosts – all manner of social and commercial activity is facilitated by this “Information Superhighway.” Of course, not all of this commercial or social use is legal, let alone safe. Eventually, we assess and internalize such risks and find a way to maximize utility while mitigating risks. As an innovation, networks, such as the road networks of the Roman Empire, reliably open up new opportunities for social and commercial activity that continue to shape societies and civilization. At the heart of these advances is the innovation and the diffusion of this innovation – at each stage, some degree of disruption is assured.
On the broad scope of human history, we can observe that the pace of innovation is non-linear and becoming more frequent. Whether human nature will keep pace with the opportunities and pressures of innovation is arguably irrelevant – history proves, time and again, that humans, as a species, will adapt. Whether this adaptation will result in the evolution of human nature remains to be seen, but is doubtful.
The double-edged sword of any innovation is that any advantages of an innovation will provide some disadvantages as well.
We can call upon the lore and image of the highwayman, Robin Hood being a well-known example, to better understand the ransomware attack on the Colonial Pipeline and why such events will likely continue. The utility of the highway is that we can all use it; the opportunity for malfeasance inherent in the highway is also rooted in the fact that we all use it.
Tragedy of the Commons
Among the reasons cybersecurity vulnerabilities will continue is the availability and magnitude of computing power. Most recent advances in human innovation are according to the pervasive and ubiquitous nature of expanding computing power, and its byproducts. This proliferation is a tide that is lifting all boats. The tragedy is that human nature will not likely keep up, evolve, or enlighten sufficiently to escape both the treasures and maladies of the Internet. Is it hopeless? Not necessarily, but as is the case with the tragedy of the commons, the barrel is spoilt by a rotten apple or two.
While many of us have become accustomed to two-factor authentication devices, what are these factors? As a rule of thumb, multifactor authentication is said to be strongest when you can authenticate according to these factors:
- Possession – Something you have (such as a 2FA application)
- Knowledge – Something you know (such as a password/passphrase)
- Inherent – Something you are (this is where biometrics come in)
- Location – Somewhere you are (you can see the inclusion of this in some of Apple’s authentication schemes)
While much of this can be automated – keeping your systems up to date, keeping your passwords strong and well-managed, and detecting threats – human vigilance is no match for a computer’s algorithmic vigilance to protect against cybersecurity vulnerabilities.
In the realm of protecting against malicious attempts to gain access to your personal computing devices, let alone systems that operate vital infrastructure, the computer is bound to win in the long term. In this regard, we are regrettably, as Shakespeare quipped: “hoist by our own petard.” The genie of computing is out of the bottle.
Speaking of highways, this seemingly insurmountable obstacle – insecurity on the network – can take some lessons from the highway. Much as the Appian Way was vital to Rome, our modern highways are vital to our freedom of movement as is our information highways.
While you may (or may not) be too young do to so, if you think back (or Google it) to the earlier days of roads and highways, they were fraught with dangers to which we adapted. In fact, although our use of highways takes numerous tolls (literally and figuratively) on us – accidents, environmental impact, upkeep – we accept the various costs as being inherent to the realization of utility. Along the way, we both adapt and innovate to make the experience safer and potentially safer still.
Cybersecurity, like all crime, is innate and will continue as long as vulnerability, opportunity, and weakness exists (which means always). A computer is good at deterministically doing something tirelessly (or at least as long as it is powered); that is a computer’s innate purpose. Our innate purpose is cloudier, but we are undoubtedly resourceful and innovative beings. With that, we are at an inflection point where choices need to be made about how we adapt to computing – both its perils and marvels. It is hard to predict where equilibrium will reside in this matter, but it is inherent in our nature to find this balance.