“In the 21st century, almost all of our daily activities are linked to the internet – from banking to shopping to using our telecommunications networks and physical infrastructure systems,” Governor Cuomo said, announcing the creation of an all-star New York cyber security advisory board last week. “Just as we protect against crime on our streets, we must also work to defend New Yorkers from cyber threats, ranging from identity theft to consumer fraud to threats to our physical infrastructure.”
For years, cyber security experts have feared that hackers might one day be able to control American power plants, utilities, or telecommunications remotely. Then, last Monday, a group of hackers supporting Syrian dictator Bashar Al-Assad briefly took over the Onion’s Twitter account. “UN retracts report of Syrian chemical weapon use: Lab tests confirm it is Jihadi body odor,” they tweeted using The Onion’s handle. Two weeks prior, the same group hacked the AP, which caused the Dow Jones to plummet 143 points. Breaches of states’ data, including tax or criminal information, is also not that unusual, points out James Lewis, cyber security expert and a director at the Center for Strategic and International Studies. New York, he says, is particularly vulnerable.
“One of the prime targets for hackers is Wall Street. There are continual attempts to break into the stock exchange,” Lewis said. “Attention to the financial system from the bad guys is going up.”
In the fall of 2012, hackers caused major problems for leading banks, too. By flooding the likes of Bank of America, Citigroup, Wells Fargo, and Capital One (among others) with DDoS attacks, hackers were able to effectively shut down online banking, at least for a few minutes at a time. According to the New York Times, officials and experts now believe Iran was behind the job.
The other nightmare cyberhack states fear deals with utilities. For example, in 2011, Illinois state intelligence officials and media reported that Russians hacked into a data system that controlled a small town near Springfield’s water supply. The report turned out to be erroneous–it was just a state contractor doing some work while on vacation in Russia and Germany–but briefly caused a panic that reached the FBI and Department of Homeland Security.
The fact that we don’t know just how vulnerable these systems are in the first place is both comedic and tragic, Lewis says, which is why states have a new responsibility to bring on the experts. In New York’s case, the advisory board consists of some of the best in the game–Richard Clarke, a guru who served as an advisor to the White House on cyber security with nearly 20 years experience in the Pentagon and other intelligence agencies; Howard Schmidt, former White House Cyber Security Advisor under President Obama; Shawn Henry, who helped the FBI develop its cyber security capabilities; Phil Reitinger, who did similar work for the Department of Homeland Security; and Will Pelgrin, who served as chief of New York’s cyber security office.
“It’s a really good team,” Lewis told the Voice. But he says there’s of work to be done when it comes to protecting state data and telecommunication from sophisticated hackers.
“The first cars had cloth doors and no safety glass. People loved them and they went fast, but they weren’t very safe,” Lewis said. “That’s kind of the internet.”