Can globalization survive a barrage of cyber attacks?
The biggest cyber attack the world has ever seen went down on Friday.
The malware — built off a worm called "WannaCry" — infected computers using a phishing scam, locked the systems down, and demanded $300 in bitcoins in exchange for letting users back into their own files and computers. By Sunday, the cyber attack had hit over 200,000 computers in 150 countries, and "aftershock" infections were still popping up. The previous attack anywhere near this big was a decade ago, when a computer worm called Conficker struck millions of computers across 190 countries.
Whether globalization is good or bad for Americans is a hot topic in politics these days. What's less discussed is that globalization rests on a world that's deeply interconnected by telecommunications. And that world, in turn, is what makes attacks like this possible.
If such attacks continue — and plenty of experts say they will — how will globalization adapt? Can it even survive?
The WannaCry attack hit targets in America, Russia, Britain, Spain, India, Taiwan, Ukraine, and more. Those targets included universities, the Russian Interior Ministry, FedEx, railway systems, the Spanish telecom giant Telefónica, and the French automaker Renault. A lot of disruptions and inconveniences resulted.
But the scariest consequences were for Britain's National Health Services (NHS). Thirty-six hospitals, ambulance companies, and doctors' offices were hit. Outpatient services had to be canceled, surgeries rescheduled, doctors were locked out of patient records, and people with non-critical medical issues told to avoid emergency rooms. While it wasn't nearly as bad as it could have been, you can extrapolate from the NHS' difficulties how a sufficiently ambitious and successful cyber attack could literally kill people. "When people ask what keeps you up at night, it's this," Chris Camacho, the chief strategy officer at a New York security firm, told The New York Times.
So how should countries protect themselves against this sort of globe-hopping infection? You could imagine governments completely retooling telecommunications' infrastructure, so there are only a few key physical pipes bringing info in and out of a country, over which they keep strict control. But how should they handle mobile or satellite connections to the rest of the global internet? Also, given the way the malware hit individual businesses everywhere, it's hard to imagine countries being able to effectively police their cross-border data flows without squashing a lot of international trade in the process. How in God's name would international financial markets work, for instance?
All that's before you start considering the damage to democracy and human rights by such a shift in the global order.
If nationalist retrenchment proves too hard, countries would have to go the opposite route: deepening their interconnections and cooperation even more. Some experts suspected that Friday's cyber attack was orchestrated by a particular state, but just as many believe it was hatched by non-state actors. If a bunch of people around the world can put their heads together to come up with a ransom-demanding cyber threat that affects millions, then companies, institutions, and governments all around the world are going to have to put their heads together to stay ahead.
On that score, Friday's attack isn't encouraging either.
Apparently, the WannaCry attack was made possible by a backdoor vulnerability in older Microsoft Windows systems that was discovered by none other than the U.S. National Security Agency (NSA). Crucially, the NSA sat on that knowledge until last month, when another group of hackers called the Shadow Brokers stole a bunch of cyber tools from the agency — including the backdoor — and released them on the internet. Just hours later, Microsoft released a patch to fix the security hole. Observers concluded the company didn't know about it until the NSA informed them — only after its own secrets had been compromised.
This is a big reason why major tech companies like Apple are sometimes hesitant to help the U.S. government hack their own devices or install backdoors in them: Once the government loses control of the knowledge of those security holes, they can be exploited and adapted by anyone. It's not the first time this has happened, either: Hackers once used a leaked NSA backdoor tool called DoublePulsar to infect computers. And various versions of the Stuxnet worm America and Israel used to attack Iran's nuclear program later showed up in cyber attacks as well.
Governments have conflicted incentives here. On the one hand, they want to protect their own companies, which pushes them to share knowledge. On the other hand, they want to stay ahead of their rivals, which pushes them to hold onto secrets, risking exactly this kind of exposure. Cooperative cyber-security efforts between certain allies — like the U.S. and European governments, for instance — is probably doable. But even there you've got worries about how far secrets will spread. Cooperation between the likes of America, Russia, and China is a lot harder to imagine.
Yet another wrinkle here is the question of intellectual property. User fees for software systems can cost developing economies a lot of money, which goes to line the pockets of software firms in rich Western countries. So many businesses in developing countries just use older, pirated software. But then they don't benefit from the kind of security patches Microsoft released after the NSA breach. That's a big reason the WannaCry attack was able to spread so far despite knowledge of the vulnerability.
So how to deal with a future of more common global cyber attacks doesn't just call into question the ability of various governments to cooperate — it calls into question whether the global economy will ever agree on a functional intellectual property rights regime that poorer countries and powerful global corporations alike can live with.
This is why threats like the WannaCry malware can inspire a certain vertigo. You can see how a truly bad global cyber attack could inspire countries to return to isolationism in the realm of telecommunications, spilling into other realms like trade and politics. But it's also hard to envision how such a retrenchment could occur, practically speaking.
Meanwhile, someone's out there right now cooking up WannaCry's next evolution.