Pandemic tests cybersecurity capabilities
By JESSE VARSALONE | Special to Stars and Stripes | Published: March 27, 2020
• Stars and Stripes is making this story and other coverage of the coronavirus pandemic available free of charge. See other stories here, and sign up for our daily coronavirus newsletter here.And please consider supporting our journalism with a subscription.
Anytime there is a natural disaster or emergency such as the Tsunami of 2011, Hurricane Sandy in 2012, or the coronavirus pandemic we’re in the midst of, opportunist attackers will try to leverage a dire situation to their advantage. Whether individuals or nation-states, perpetrators who capitalize on national emergencies or moments of panic are nothing new. But today’s situation may present us with a perfect storm of ingredients for a full-blown cybersecurity crisis.
Actions by organizations in the U.S. and around the world have led to an unprecedented number of people teleworking. Aside from the expected overloaded networks, servers and teleconference lines as companies rush to accommodate an astounding number of remote workers, many organizations lack either the security controls needed for a higher percentage of their employees to telework securely — or the capacity to employ these necessary controls. As more businesses scramble to adjust to the new normal and triage priorities, security will take a back seat, opening the door to new opportunities for hackers.
In fact, new attacks arose in the U.S. in the early days of the coronavirus outbreak. Shortly after coronavirus became a popular search term, hackers quickly came up with a “Coronavirus Map App” that could harvest text messages and record users via their phone’s microphone and camera. Scams involving fake emails and information websites linked to Department of Health and Human Services have attempted to phish user IDs and passwords. Hackers are already capitalizing on confusion, fear and increased online activity as people search for the latest coronavirus information and updates.
Arguably, even more nefarious than a hacker attempting to steal money, intellectual property or Social Security numbers is the opportunity for nation-states to take advantage of the widespread panic in the U.S., which is accelerating, especially through the use of social media. Not only can panic over the inability to acquire needed items such as toilet paper, food, hand sanitizer and disinfectants cause a disruption in the lives of normal citizens, it also can lead to widespread disruption of the economy and result in more social unrest.
Social media platforms like Facebook and Twitter have many positive benefits, such as helping us maintain social connections. But during times of unrest, malicious actors can use these platforms to spread fear and influence social discord and government distrust. It is documented how social media can be used to influence an election. Now, we may witness even greater consequences.
Likewise, surrendering privacy in exchange for conveniences such as GPS and tracking software that our digital devices afford us, is a familiar concept and one that many users accept. But do we accept the government using data collection through GPS to help scientists track people moving through a hot spot known to have an outbreak of COVID-19? What if the government used GPS and cellphone tracking to make sure people are following quarantine rules? While these methods are all helpful in the war against the coronavirus, a battle between public safety, personal privacy and individual liberties will most certainly become a topic of debate.
So, what lies ahead? It’s looking more and more like the federal government may be issuing checks to citizens in the next few weeks. Fortunately, the media are already warning people to watch out for scammers masquerading as government officials who will call and ask for bank account and Social Security numbers in exchange for the relief money.
Now more than ever the government, specifically the cybersecurity community, must do more to educate people about all types of scams and campaigns that are intended to harm the citizens it seeks to protect.
In the midst of a global pandemic we are certainly in need of a silver lining. Perhaps this crisis and the lessons learned will put us on the path to a grand solution to the nation’s cybersecurity challenges. We now know we must always be on the offensive to prepare for and protect against the next crisis. Hospitals will plan for greater capacity. Schools at all levels — K-12 through university — now understand that they must be able to “go virtual” overnight so that learning is not disrupted. And companies will be ready for an increase in telework with security controls already in place.
A report released this month by the Cyberspace Solarium Commission offers a way forward for our nation to keep up with the rapidly evolving cyber world. The recommendations remind us that government and private industry must act swiftly to deal with the COVID-19 pandemic. The bottom line is that all industries must examine their core functions to see how this disaster can help them better prepare for and adapt to the new realities and challenges we may face in the future.
Jesse Varsalone is an associate professor of Computer Networks and Cybersecurity at University of Maryland Global Campus.