Cyberspace at our doorstep
If you use the internet, your privacy is toast.
So suggests David Shay, expert in the fields of cybersecurity and cyberthreats, advisor to presidents and speaker at the July 10 meeting of the North Georgia Veterans.
Shay continued: when you are online, assume that every keystroke is being recorded somewhere. Be aware that advances in data analysis technologies exist today that are capable of developing a sophisticated profile of your interests, preferences, relationships and activities just on the basis of your behavior in cyberspace, the invisible sphere of the global internet. This is what amounts to a dossier on you…and it’s legal.
Shay described this sophisticated technology as just one example of what becomes possible with the explosion of cyberspace. Personal privacy is certainly a casualty, along with the weaponizing of cyberspace in malicious intrusions and attacks on individuals and institutions.
What further concerns Shay is the speed with which sophisticated threats have evolved from the earliest cyberhacking in the mid-90s. Then, what was regarded as a harmless challenge to penetrate a digital barricade quickly morphed into an organized competition between international individuals and groups, criminal enterprises out to steal secrets, personal identities and money (“cyberfraud”) and, ultimately, state-sponsored groups with mandates to steal military secrets, misappropriate intellectual property and disrupt political discourse.
Shay labels 2006 as the turning point for the “industrialization of the cyberthreat world” where banks, corporations, infrastructure and the military became prime targets. More shocking was the revelation that these efforts were surfacing from formal collaborations of cyber-criminals with money, organization, illicit products for sale and shared software tools that even come with customer support.
The term for these activities and the efforts to counter them is known as CYBERWARFARE, and in Shay’s view, this will be the most important component of any future international conflict.
Facing a growing threat, the government in 2007 formed the U.S. Cyber Command in which Shay played a role. The purpose was to establish at the federal level homeland security technologies for identifying attackers, protecting critical infrastructure (energy, banking, finance, hospitals and military), and equally important, developing an active capability to respond.
One of Shay’s frustrations is that “we are educating the enemy,” pointing out that our education system and relatively open employment policies produce cadres of very smart people who have the capability to move relatively freely within the cyberworld. Ironically, some of the best players in U.S. Cyber Command come from just those groups that are attacking us.
Moreover, he says, in many cases we “hire the enemy” when we outsource microsystem components to state sponsors like China, facilitating the theft of intellectual property from U.S. business and government.
Cyber Command now encompasses the growing digital presence of government, private sector critical infrastructure and all branches of the military, where, for example, hack-proof essential military communications between the physical battlefield and command/control must be assured.
According to Shay, hundreds of thousands of attempts are made daily against critical infrastructure in this country. He noted that an average of 130 large scale breaches have occurred each year for the last four years, and speculated on the disaster that might result, say, from the loss of the U.S. electrical grid.
Shay quoted statistics identifying where threats originate. China seems by far to be the biggest challenge, accounting for 41 percent of all attacks. The U.S. comes in around 11 percent. Russia is responsible for just 3.7 percent yet is front and center in the current U.S. political dialog about foreign interference.
Not surprisingly, he says, virtually every major country has a “cyber-army,” and the military reference is no accident. Shay touched on the notion of what he calls “quantum computing,” in which “hundreds of millions of computers” can be organized into an integrated cyberweapon by the use of malicious software or “malware” to coordinate their activity.
The use of artificial intelligence (AI) will become commonplace. Presently, using data swept from cyberspace, AI is being used to develop models that predict how an enemy might respond in various scenarios.
Shay predicts that our ability to understand the approach to software development used by our cyber-opponents will be a core science of the future.
Shay finished by predicting that privacy concerns will become great enough that government oversight of the largest internet players such as Google and Facebook is inevitable.
He also offered minimum steps for protecting privacy at a personal level:
Change passwords (plural)...often
If you bank online, do so on a computer dedicated to that task only and do not use it for any other online purpose, minimizing the potential to be hacked.
Dedicate credit cards to special uses only, i.e., travel, and monitor statements carefully.
Make liberal use of credit monitoring, including controlling access to your credit services.
ABOUT DAVID SHAY
David Shay served in the U.S. Air Force as a Nuclear Weapons Specialist with the 91st Strategic Combat Group - SAC. His post-military career began with DFS and CBIS/Bell Laboratories as a research engineer developing guidance and control system technologies.
Leaving Bell, he became the Chief Technologist and VP of the Advanced Systems Division, an operating division of a multi-billion-dollar firm specializing in highly secured network design and communication security. He served as a cyber security advisor for the George H. W. Bush and Bill Clinton administrations; and in cyber intelligence from 2008-2017.
He holds 23 U.S. and International patents and was nominated as a Top Fifty Computer Industry Innovator in 2005. He is currently with TD Financial Group as a Distinguish Engineer for the Cyber Threat Innovation and Advanced Emerging Technologies Group supporting the financial industry globally.