The phrase”data breach” now seems common, and looking at this infographic, data breaches are more common than we think. These days, we’re more inclined to wonder when we’ll be hacked, not if, and perhaps we wonder where, or what service we use, will be next. Then there is the issue or ransomware.
Data breaches that are familiar, like the ones at Target, JP Morgan, and Home Depot, are usually organized by hackers working towards financial gain. All of that customer data is worth something, and though such data breaches make the news for the consumer angle, there is a cyber war happening with military and political objectives—with potentially far more damaging results. Cyber terrorists and militaries have already developed technologies that are able to hack into important data systems, destroy critical infrastructure, and take down crucial things like power grids and financial systems. If this does not scare you, you should know that there are almost no direct laws that deal with the ramifications of cyber attacks, the contractors who built the failing technology, or innocent bystanders.
On this episode of Digital Detectives, Sharon Nelson and John Simek interview cybersecurity expert David Bodenheimer about the effects of cyber attacks, whether they are likely to proliferate, the connection between the private sector and government defense, and the legal risks to contractors and bystanders.
Bodenheimer first explains how economic cyber crimes are different than cyber war, and gives some examples like the US cyber security threat in 2009, the 2007 cyberattacks on Estonia, and Stuxnet, a computer worm that destroyed many control systems in Iranian nuclear plants. He explains that there is a global cyber race and, in a few years, no self-respecting military will be without cyber attack capabilities.
Unfortunately, there are no international treaties or laws that directly govern cyber weapons and war. Bodenheimer also discusses US laws that federal agencies and contractors could face to account for damages. These could include the DHS SAFETY Act, Public Law 85-804, and various legislative proposals, but there is no clean fit.