More on this book
Community
Kindle Notes & Highlights
another joint DHS-FBI warning the following March, the agencies officially named Russia as the perpetrator behind the assaults on our
Included in their report was a chilling illustration of our new predicament: a screenshot showing the Russians’ fingers on the switches.
has now been more than one hundred months, and though we have yet to see the mushroom cloud, we are closer than we have ever been.
Now that Biden is elected, Russia may try to use its foothold in our systems to weaken or delegitimize him, or hold back so as not to provoke his new administration, or just sit there with the digital equivalent of a gun to his head.
are experiencing instead is not one attack but a plague, invisible to the naked eye, that ripples across our country at an extraordinary rate, reaching ever deeper into our infrastructure, our democracy, our elections, our freedom, our privacy, and our psyche, with no end in sight. American computers are attacked every thirty-nine seconds.
lessons from even the most destructive attacks tend to be forgotten too quickly. We have normalized them,
that there were as many vulnerabilities now as there were stars in the sky. It was only a matter of time before a patient adversary exploited them against us.
most attacks never even made the headlines. They were hitting our nuclear plants, our hospitals, nursing homes, our brightest research labs and companies, and somehow, no matter how much I wrote, this all seemed to escape the consciousness of the average American, of the people now plugging in their Nests, Alexas, thermostats, baby monitors, pacemakers, lightbulbs, cars, stoves, and insulin pumps to the internet.
As of this writing, foreign states and cybercriminals are hitting American networks from so many sides that, from my quarantined perch, it has become nearly impossible to keep track.
decided to track down the man in the photo. His name is Dave Retz. I asked Retz if anyone there that day had any security concerns about what they were building. “Absolutely not,” he replied. “We were just trying to get the thing working.” Back then, nobody was thinking that this interconnected system, rigged from an old bread truck, would one day become humanity’s collective memory, or that it would
backbone for our modern banking, commerce, transportation, infrastructure, health care, energy, and weapons systems. But, come to think of it, Retz conceded, there had been one ominous blip of what would come.
four decades later, in 2020, San Francisco International Airport officials had just discovered that the same stealth Russian hackers who were probing our nuclear plants, our grid, and our states had hijacked an internet portal used by airport travelers and employees.
asked Retz what, if anything, he would take back. His reply was immediate and unequivocal. “Everything can be intercepted,” he told me.
“Everything can be captured. People have no way of verifying the integrity of these systems. We weren’t thinking about this back then. But the fact is,” he ...
This highlight has been truncated due to consecutive passage length restrictions.
One decade ago, the primary threats to our national security were still, for the most part, in the physical domain:
the next 9/11 struck tomorrow, the first question we would ask ourselves is the same question we asked some two decades ago: How did we miss this?
easier
to sabotage the software embedded in the Boeing 737 Max than it is for terrorists to hijack planes and send them careening into buildings.
Allies and adversaries alike are resorting to cyberespionage to glean whatever they can about each country’s containment, treatments, and response. Russian cybercriminals have seized on Americans working from home to break into an untold number of American companies in the Fortune 500.
United States was hit by the largest medical cyberattack in its history after cybercriminals held Universal Health Services, a hospital chain with more than four hundred locations, hostage with ransomware.
former scammers have turned to hacking to convince those sheltered-at-home to click on their Covid-themed emails and grant them access to their computers.
As the pandemic peaked in the United States, daily hacking attempts quadrupled.
“Everything can be intercepted” is right, and most everything important already has—our personal data, our intellectual property, our chemical factories, our nuclear plants, even our own cyberweapons. Our infrastructure is now virtualized, and only becoming more so as the pandemic thrusts us online with a scope and speed we could never have imagined only weeks ago.
Russia, China, North Korea, and Iran are stockpiling their own zero-days and laying their own logic bombs.
The world is on the precipice of a cyber catastrophe.
The very institutions charged with keeping us safe have opted, time and time again, to leave us more vulnerable.
we must stop introducing glaring bugs into our code.
speed has always been the natural enemy of good security design.
nation-states like North Korea continue to find they can extract far more money and exact far more harm on the web than they can in the physical domain.
The House Energy and Commerce Committee is also pushing for a Bill of Materials after hackers exploited a piece of unpatched
open-source code to breach Equifax, the credit monitor, and hijack data on more than half of all Americans.
Jim Zemlin, the foundation’s executive director, recently told me he thinks governments should consider mandating the cybersecurity equivalent of a driver’s license for programmers who maintain critical code.
Apple designed its system so that each
app does not have access to other applications or data without an iPhone user’s express permission.
The idea is to redesign computer chips from the inside out, adding contamination chambers that would keep untrusted or
malicious code from running on the chips inside our phones, PCs, and servers.
Multifactor authentication is the best defense against these attacks. Turn it on, wherever you can, right now.
To date, there is not a single online voting platform that security experts like Mr. Halderman have not
It’s critical we have someone in the White House coordinating a national cybersecurity strategy and running point on the government’s response to cyberattacks and cyber threats.
But we need red lines. I believe we can agree on a set of targets that are off-limits for cyberattack, starting with hospitals, food and water supplies, election infrastructure, airplanes, nuclear facilities, and so on.
