The unprecedented ransomware cyberattack that spread across the world last Friday, crippling computers and affecting hospitals, factories and transport systems in more than 150 countries, stands as a stark warning about the importance of cybersecurity. Irish organisations were mostly spared from the attack but there should be no complacency – the threat is going to escalate as our dependence on software in every aspect of our lives continues to grow. Eventually, a major flaw may be found and exploited in the software that runs our smartphones with the potential for much more disruption.
Whether the criminals who unleashed the so-called WannaCry ransomware worm are ever identified or apprehended, the larger concern is how the cyberweapon got into the wild in the first place. WannaCry, which exploited a vulnerability in older versions of Windows, was based on one of a number of hacking tools stolen from the US National Security Agency (NSA) and leaked online in April. The leakers are widely thought to be associated with Russian intelligence, hinting at ongoing cyber hostilities between the major intelligence agencies .
The NSA's arsenal of cyber tools may be written in code but they can wreak havoc in the wrong hands. There is a tension for the NSA between using these weapons for its own cyberespionage or nullifying the tools by disclosing the vulnerabilities to software companies to patch them. To that end, Microsoft's president Brad Smith repeated calls for a "Digital Geneva Convention" which would include "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".
Preventing the proliferation of hacking tools can only be tackled by significant collective action involving the major technology companies and nation states.That collective action, however, is at odds with the rivalry between state agencies determined to use every tool to undermine their opponents. There is great potential for this cyber cold war to spiral out of control as this most recent episode demonstrates.