If cyber warfare wasn’t properly on the agenda of global leaders before May’s WannaCry attack, then Petya ransomware has placed it front and center. While WannaCry reached over 150 nations and instilled fear and a sense of chaos into millions across the globe, Petya has the potential to be even more paralyzing. Such an impact means that Petya may just be the moment that cyber warfare became cyber terror.
The time has surely come for the world to come together and fight digital terrorists with the same determination as their real-world counterparts.
{mosads}While the WannaCry ransomware attack was more widespread than perhaps any before, Petya has gone several steps further. Petya most notably lacks a “kill switch,” which stunted its predecessor’s potential growth.
Organizations across the globe have been crippled by Petya using the “Eternal Blue” exploit, a digital weapon believed to have been developed by the U.S. National Security Agency and subsequently leaked online by a hacker. Reported casualties so far include Ukraine’s airport and banks, Russia’s largest oil producer Roseneft and U.S. pharmaceutical giant Merck. Petya has hit Ukraine, Russia, France, Poland, Italy, Denmark, the U.K. and United States.
While as blackmailing schemes, Petya and WannaCry seem to have failed, with few people or organizations known to have actually paid the ransom, they have achieved something far more significant: the inevitable undermining of public trust in the systems, which they had assumed would protect them from hackers. After all, if some of the world’s largest networks were infiltrated, millions will ask if anyone is really safe. For terrorists, this erosion of confidence in established systems is often the wider goal.
These attacks should have come as little surprise. They are far from the first instances of hackers disrupting national infrastructure and daily life. In December, parts of Ukraine’s capital, Kiev, were plunged into darkness, after the power grid was breached.
In 2015, intruders successfully targeted a New York dam, gaining partial control. And the ransomware which Petya deployed is hardly unheard of, with cases having spiked by 6,000 percent in 2016. Meanwhile, the phishing technique used to gain access to computers is similarly extensive, accounting for 91 percent of all cyberattacks.
Petya should have been detectable. Worryingly, the very nature of cyber warfare means that the next attack will inevitably be even more sophisticated. This is only the tip of the iceberg. By their very nature, cyber assaults are hard to detect. Unlike conventional terrorists, cyber assailants do everything to remain anonymous. They do not seek publicity for their cause, quite the opposite.
Once upon a time, warfare was a question of fighter jets and tanks in the hands of large forces. Today’s cyber warfare means that small groups of individuals have the equivalent weaponry at their fingertips.
In this context, the fight against cyber attackers may appear daunting. However, governments are starting to wake up. President Trump recently gave an executive order calling for an audit of cyber preparedness in key networks.
But more must be done. A holistic view of cyber security must be applied, which recognizes that no single entity stands in isolation. In the digital world, everything is interconnected. With this understanding, it is possible to create a comprehensive strategy, which fuses cyber intelligence and physical security. Consequently, critical assets can then be identified, prioritized and properly protected across all manner of national assets, spanning public and private sectors.
However, most importantly perhaps, Washington must apply this maxim globally. Comments this week by homeland security adviser Thomas Bossert, which underscored the importance of international cyber cooperation, are a promising start. Borders mean nothing in the cyber world, and so no single state can win the cyber war alone. It is a global fight, which requires global cooperation and intensive collaboration. Just as malicious attackers share tools and techniques across borders, so too must we.
A coalition of Western governments was built to defeat the common scourge of conventional terror, sharing information and best practices. A similar cyber alliance is required today if tomorrow’s Petya is to be prevented. It is the only way to defeat what is unquestionably an international enemy. The alternative is a future at the mercy of those intent on paralyzing daily life for us all.
Yair Solow is the chief executive officer and co-founder of CyGov, an Israeli cybersecurity company focused on government security. Follow Solow on Twitter @ysolow.
The views expressed by contributors are their own and are not the views of The Hill.