Home | About | Archives | RSS Feed |
The Independent Investor: Cyber Attacks: Who Is On The Frontline?
John McClane (Bruce Willis): Hey, what's a fire sale? Matt Farrell (Justin Long): It's a three-step ... it's a three-step systematic attack on the entire national infrastructure. Okay, step one: take out all the transportation. Step two: the financial base and telecoms. Step three: You get rid of all the utilities. Gas, water, electric, nuclear. Pretty much anything that's run by computers which... which today is almost everything. So that's why they call it a fire sale, because everything must go." 'Live Free or Die Hard'
|
There is a war being waged today in this country, one that could have severe repercussions for each and every one of us. It is costing us billions of dollars a year and yet neither business nor government wants to spend the money necessary to fight back.
This week on Capitol Hill lawmakers are getting down to debating the pros and cons of passing one of several versions of a cyber-security bill. Everyone hopes the eventual legislation will launch a counterattack on an army of highly sophisticated hackers bent on some serious mayhem. The debate boils down to who is going to pay for a defense system that will prevent the bad guys from accomplishing a "fire sale," a la the last "Die Hard" film.
The Obama administration backs a Senate bill sponsored by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, that would implement new rigorous standards and require companies to notify the government when their networks have been breached. The business community opposes it as just more intrusion into the private sector that will mean more costly regulations on top of more regulation. Instead, they would prefer a bill promoted by Sen. John McCain, R-Ariz., which wants the government to issue alerts about imminent cyberattacks but would not require a company from acting on the information unless they thought it was a threat to their business.
Unlike other wars the United States has fought, this one is on our territory and the frontline troops are increasingly the IT departments of American corporations. To date, those troops have been both outnumbered and outfought by the enemy. The rates of infiltration by organized gangs or state-sponsored hackers are escalating. In a multinational study by the Center for Strategic and International Studies, the three countries ranked as most vulnerable to attacks were the U.S., Russia and China, while the biggest potential source of attacks was our own country.
Today, we only hear of the biggest cyber-attacks such as the 2011 theft of over 200,000 customer names, account numbers and contact details from Citigroup or the 100 million accounts pilfered from Sony Online Entertainment's PlayStation Network. I was on the receiving end of the Citigroup theft, and believe me, it drives home the danger like nothing else.
These attacks are costing American companies big money. It costs on average over $7.2 million in costs (lost business, legal defense and compliance) or $214 per customer record in costs. If it is a first time breach, it can cost 30 percent more, not to mention the inconvenience to its customers like me. Yet, the real danger is not in the consumer sector. It is in the potential for a breach in the nation's infrastructure system.
As you read this, for example, our natural gas pipeline companies are currently battling a major cyber-attack from a single source, which was launched in December 2011. Don't dismiss this threat. As early as 1982, the CIA managed to blow up a Siberian gas pipeline by using what was called a "logic bomb" involving the insertion of a portion of code into a Russian computer system overseeing the pipeline.
Those involved in cyber security worry that our infrastructure companies (power, water, nuclear, etc.) do not realize how vulnerable their systems are to outside invasion. Computer systems and safeguards that were originally installed years ago are out-of-date. But managements are loathed to upgrade their systems simply on a bet that someday, maybe, their company might be targeted by hackers. It is a persuasive argument since to safeguard a company against all possible dangers — earthquakes, tornados, floods, nuclear fallout, to name a few — would be cost prohibitive.
On the other hand, no one wants another 9/11. Maintaining a head-in-the-sand attitude until something happens is just the kind of strategy that has organizations such as Homeland Security experiencing perpetual nightmares. It is a tough one but somewhere in the debate lurks a compromise. I just hope we can find it.
Bill Schmick is an independent investor with Berkshire Money Management. (See "About" for more information.) None of the information presented in any of these articles is intended to be and should not be construed as an endorsement of BMM or a solicitation to become a client of BMM. The reader should not assume that any strategies, or specific investments discussed are employed, bought, sold or held by BMM. Direct your inquiries to Bill at (toll free) or email him at wschmick@fairpoint.net. Visit www.afewdollarsmore.com for more of Bill's insights.