[ad_1]
Given the scope for lives to be put at risk, is it possible – and palatable – to juxtapose ransomware against other national security threats, such as terrorism? Two and a half weeks before polling day in 2017, the Manchester Arena terrorist incident resulted in the deaths of 22 people and an immediate shift in the election debate. The attack also prompted longer-term reflection through a formal inquiry.
While the terrorism comparison is imperfect, it is of note that ransomware groups – and ‘lone actors’ – typically act clandestinely with the tacit cover of adversarial foreign countries. Ransomware operators profit financially from the destruction that they wreak on lives and livelihoods. At the same time, the West’s primary adversaries – chiefly Russia, Iran and North Korea – reap strategic benefits. Suffering a ‘death by a thousand cuts’, Western states experience a range of ailments including reduced economic productivity and diminished trust in societal services. Again, seen in this light, healthcare services may be a particularly attractive target offering potentially immediate public-facing disruption – a contemporary ‘testicle of the West’.
Healthcare is vulnerable to simultaneous ‘vectors of attack’ in the context of state, terrorist or criminal group attacks on critical national infrastructure (CNI). Ransomware can paralyse key processes, making the service less efficient and more costly to run. At the same time, being a universal human concern, health is extremely sensitive to misinformation (as seen in the antivax arguments around COVID-19). In the case of Synnovis, uncertainty in pathology services could reduce confidence in the blood system (and so potentially reduce donations), especially at a time when blood-related scandals are in the news. At the other end of the spectrum, lack of confidence in services and misinformation can increase demand on the same compromised laboratory services by increasing health anxiety, thus feeding health-seeking behaviours. This combination of reduced supply, increased demand and degraded system performance could be catastrophic if brought about in a coordinated manner, especially if combined with economic and supply chain complications. Health needs to be recognised as a specific high-risk CNI, and its cyber security needs to extend beyond ‘simple’ episodic criminal threats to include countering systematic attacks.
Improving cyber security across CNI and societal services is paramount, but target-hardening will not solve this issue without altering the risk calculus for the perpetrators. Notwithstanding the success of recent takedown operations and sanctions, criminal ransomware groups continue to act with relative impunity, and the ‘thousand cuts’ continue to fester.
Now more than ever, it is time to ‘talk about ransomware’ and to acknowledge the risk that insufficient action not only fosters ‘normalisation of the unacceptable’, but also encourages growth and innovation in the ransomware community. There is a risk of collective exposure to an intentionally or inadvertently catastrophic ransomware breach. While an incoming government following the election will undoubtedly have a burgeoning in-tray, serious thought should be given to leveraging action against ransomware. This could include measures that increase the national intelligence picture and concurrently sow disruption and mistrust among ransomware actors.
The views expressed in this Commentary are the authors’, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to [email protected] and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
[ad_2]
Source link