Delivering American University's news and views since 1925. | Saturday, June 24, 2017

Lack of cyber security poses a major threat to human lives

Mark Lu argues that institutions are increasingly at risk of cyber attacks

Lack of cyber security poses a major threat to human lives

Several weeks ago, a ransomware called “WannaCrypt/WannaDecript0r” hit computer systems across the world, affecting 200,000 victims in over 150 countries, according to Rob Wainwright, director of Europol. The malware encrypted patient/client data in computer systems running older Windows operating systems and prevented data from being viewed until a ransom in Bitcoin was paid.

But what attracted attention was that the most affected targets of the hack campaign were hospitals across Europe, especially in the U.K., namely, computer systems in the hospitals of Britain’s National Health Service, which reportedly still run on Windows XP and are extremely susceptible to cyberattacks.

An anonymous British researcher, who goes by “MalwareTech” on Twitter, was credited with stopping the WannaCrypt attack. He was recently identified by The Telegraph newspaper as 22-year-old Marcus Hutchins, who operated out of his parents’ basement and reportedly found the solution by accident.

According to a ransomware expert, “the malware spread via SMB, that is the Server Message Block protocol typically used by Windows machines to communicate with file systems over a network.” Once a machine behind the firewall was infected, the virus self-propagated and spread indiscriminately. Churches, police systems, factories and schools were affected, but hospitals with outdated software were most heavily hit, since healthcare computer systems hold critical patient data.

Kevin Beaumont, a British IT security worker, found that WannaCrypt's malicious procedure was programmed to carry out certain duties through an IF statement that attempted to connect to a URL called “iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com,” probably created by a hacker mashing their hands on their keyboard. The malware only works when this URL cannot connect to the software, so if someone simply registered the URL, then the virus would stop functioning.

This whole SMB fiasco shows that the lack of cyber security poses a major threat to human lives in today’s modern age, especially with the increasing digitalization of data, private information, and scientific research and evidence.

The unfortunate separation from the European Union crippled Europe’s ability to work together and improve technical systems as an international community, leaving the U.K. confined to the financial and regional constraints of the will of the British Conservatives. The current and most likely continuing prime minister, Theresa May, hasn’t shown much support for the health system throughout the ongoing U.K. snap election called earlier this year, which has led Labour MP and candidate for prime minister, Jeremy Corbyn, to settle on attacking the Tories for cutting funding from the NHS infrastructure as a campaign strategy.

Much of the controversy within the British community surrounding the Transatlantic Trade and Investment Partnership (T-TIP), a trade deal negotiated between the U.S. and the EU in 2016, originated from the looming terror of U.S. healthcare barons becoming involved in the NHS, that it caused, according to The Independent, “fear over whether it would open up the NHS to vast multinational corporations who might put the profits ahead of patient care.” But if the U.S.’s relentless capitalism can improve operating systems and cyber security in NHS hospitals more effectively than the U.K. government, then I guess it’s all worth the embarrassment, isn’t it?

Single-payer healthcare is expensive, but that doesn’t mean the government should leave its health system’s electronic grid open to cyber attacks. The NHS’s cybersecurity provider, the Information Security & Assurance Service (ISAS), promises a score of services to guarantee security across the NHS, which includes a gajillion overhaul operations ranging from cybersecurity protection to preparation. However, judging by the outdated systems that allowed for the WannaCrypt attack, it seems to have failed spectacularly.

We can view this event as the biggest pen test for the world’s increasingly digital world. Governments must become familiar with the digitalization of data and human operations, because if they are not there to provide security and prosperity for their people, then millions of people may suffer for it.

In their 2016 issue of “The World If,” The Economist magazine writes “just as a country with a threat of flooding would build dykes, and one with violent neighbours should guard its border, every country and institution at risk would be wise to double down on their cyber defenses as well as their plans for when—not if—they are breached. And since cyber threats constantly change, so should the defense plans.”

The time has come to modernize.

Mark Lu is a freshman and a staff columnist for The Eagle.

edpage@theeagleonline.com