Forecast as of New Years Eve 2018 (What’s this?)
Not really my area. But my general view is that we tend to overthink cyberattacks that are startling and gain attention at the time because they hit close to home, but don’t have catastrophic results (like the NY Times paper printing) with ones that we didn’t see coming, and have a major impact (such as the Russian influence operations or Stutnext.)
In this way I think cyberattacks are a lot like terrorism – we forget that any attack which succeeds is the result of a whole array of conditions which, the change of any one, results in a different outcome. And a lot of attacks will fail that we’ll never hear of because of these conditions.
But our minds are anchored to the apriori of what we know happened and what we think should be happening – which is why when an attack is noteworthy – but not earth-shattering like the newspaper strike a lot of people think “oh this is training for the big attack!”
The reality is that the tools are out there, there are so many different hacking groups now that sovereign-state actors may be “testing” at the same time criminal groups are actively pushing hard to make a buck, so there’s really not much difference day to day.
Is it interesting in that they’re disrupting a physical process via a cyberattack? Sure. And those kinds of infrastructure attacks are probably going to ramp up. If 2018 was the year “Ransomware” became common in public perception 2019 is probably when “Infrastructure hack” does as well…even if it’s been around for years.
But as far as ‘major impact’….print publication is just not that big a deal to the distribution of information these days. Most media is consumed online, and even if hackers “perfect” a way to take out print publication other than putting a dent in first-week sales of what’s sure to be a string of Trump-tell-all I just don’t see it as a major thing. To the extent there’s going to be a “big hack” which puts infrastructure hacking or physical equipment on the map, it’s not likely to be this.
Now if someone hacks all the refrigerators Silicon Valley style….
(Followup): Thank you! Quick followup, does the impact analysis change knowing that most media uses a “content first” infrastructure, and thus the online media and print media is likely coming from the same data center? What if the target is AP (Associated Press)?
(Followup Forecast): Again – this isn’t really my area of specialty, and we’re talking about attacks that haven’t even been fully postmortem yet. So it’s not clear if the infrastructure hack came in through a computer that controlled the printing presses (similar to Stutnext’s through the control systems for the centrifuges) or existed ‘elsewhere’ in the network and then infected the infrastructure. From what I understand these attacks are fairly specialized, just as the newspaper capabilities are distributed across different applications and platforms. So if the printing press management software “shared” a living space with the content databases…um…maybe? But that doesn’t seem likely to me. And to the extent that a database of content may be vulnerable, well that’s nothing new. There are far more sophisticated capabilities to attack digital infrastructure than there are physical – so why would someone “test” a physical attack if their intended target is intangible?
I think this is just an example of where media is really really important to us, so we’re very highly focused on this. But we’re not sure yet whether this was just a ransomware attack that had it been targeting health care providers (as the black sails one did in 2017) whether we’d care as much even if that has potentially more impact….because we’re not all as focused on healthcare back office systems as we are “media dies in darkness.”
Taking a step back it looks like trying to read a lot into one specific event and from that draw broader conclusions. Start at the other end however and work into this event.
Will there be state-sponsored hacking efforts in 2019? Yes.
Will there be non-state actor hacking campaigns in 2019? Yes.
Will media companies be a target both of state-sponsored hacking for political and non-state actor hacking for financial in 2019? Yes.
Will the primary state-sponsored actors of hacking have links (direct or indirect) to Russia, China and Iran in 2019? Yes.
But I could’ve easily given you those same answers for 2018, or 2017 and at least as far as Russia going all the way back to the Georgian intervention in 2008. So I guess I’m not seeing really fundamentally “what’s changed” in the landscape that creates a watershed moment, other than that this time, it happened to hit things we care about. That’s not to discount it’s an environment of high risk in cybersecurity – but that’s not particularly ‘new’ this upcoming year.
Although ransomware attacks continued in spades, I haven’t heard of any major newspaper strikes like when the question was asked. My suspicion is that they are not a target for money, because they have none, and they are not as much a target for serious disinformation campaign hacking – because there are easier means to do that through. This isn’t to say there won’t continue to be efforts to delegitimize, minimize, and side-step traditional media companies. But it just didn’t look like 2019 was some kind of bellwether year in terms of cyberstrikes on newspapers or media. The greatest threat to media companies remains on the “business model” side from content aggregators like Google, Facebook and other forms of social sharing.
Running Score: 2 out of 12