Money spills out of the ATM, right into the bag of the waiting customer. But this customer is no ordinary customer. He doesn’t have an account with the bank that owns this ATM, and he's not riding away with his money.
This mule service is part of one of the most sophisticated and damaging of cyber thefts in history, one which has reportedly stolen around $1 billion from more than 100 banks in 30 countries across Europe. In fact, the attack by the group dubbed "Carbanak" was so sophisticated that the banks who were victimized are still trying to figure out what happened and how to respond.
Thankfully for those of us in the U.S., the majority of the banks hit were based in Europe. However, with the increasing interconnectedness of markets and global financial transactions, this theft could have had devastating consequences for us. Indeed, the same individuals that hacked all of those accounts in European banks could probably have done the same thing to U.S. institutions had they chosen to do so.
That’s why Executive Order 13636 is so important. Entitled “Improving Critical Infrastructure Cybersecurity,” this new Presidential Policy Directive signed at Stanford University by President Barack Obama seeks to draw attention to the security of critical infrastructure within the U.S., which includes “systems and assets” dealing with “security, national economic security, national public health and safety, or any combination of those matters.”
Now I know what you are thinking: this is just another example of presidential overreach on the part of the Obama administration, and into the private sector at that. However, this is somewhat different. In the first place, Obama has already sent a legislative package to Congress dealing with this issue, which has been highlighted by a number of members of Congress as important.
In fact, a bill has been placed on the floor of the Senate for discussion regarding the sharing of information between the public and private sectors and cooperation towards greater security of the information that we have. This bill is a successor to other bills that have died due to a lack of support or attention to the issue.
Really, this shouldn’t be a big issue at all. The countries that are the most secure on the issue of cybersecurity learned to share information across the public and private sectors a long time ago. The poignant example of this approach is Israel. The “startup nation” long ago started to create partnerships between the public and private sector in an effort to provide comprehensive security to its cyber assets.
The most poignant worry of most Americans in the wake of this new directive is the role of the National Security Agency. Recent revelations about the NSA and its offensive cyber efforts through the use of malware and spyware has raised questions about whether these new efforts to create “information sharing and analysis organizations,” or ISAOs, are really just another tactic of the government to increase its domestic surveillance, creating a sequel to the PRISM program.
Even if the NSA does gain more information through such information security, I think that’s a small price to pay for national, public health and energy security. Besides, all the NSA has as of now is metadata (basically phone numbers and who called whom at what time, not the content of conversations). This has been proven to combat terrorism by making financial and personal links between people that are trying to attack the U.S. and our allies.
But the majority of Americans would disagree with me about that. That’s why the biggest worry from the companies is the liability that comes from sharing information with the government and with each other. What’s the lesson here? Congress needs to act on cybersecurity so that President Obama doesn’t have to do so unilaterally.
Not only this, but the American people need to make up their minds when it comes to protection and who sees their information. When the intelligence agencies don’t detect a cyber-attack for lack of information sharing, there is a public outcry. When they try to collaborate by monitoring information, there is a public outcry. Let the intelligence agencies do their job to stop those who would steal our information, our money and even our very lives from us.
Reach the columnist at jbrunne2@asu.edu or follow @MrAmbassador4 on Twitter.
Editor’s note: The opinions presented in this column are the author’s and do not imply any endorsement from The State Press or its editors.
Want to join the conversation? Send an email to opiniondesk.statepress@gmail.com. Keep letters under 300 words and be sure to include your university affiliation. Anonymity will not be granted.
Like The State Press on Facebook and follow @statepress on Twitter.
