"Our systems are such that not only can people break into them, but they actually use our system to train people to break into them," he says. You’ll experience a hack, which is followed by five more. "These aren't six separate hackers, [rather] it's clearly one person teaching the other five how to hack in and what to do with the system."
Holding systems for ransom
In February, Hollywood Presbyterian Medical Center admitted that it paid $17,000 to hackers to get their systems back. These kinds of attacks could be scaled up, says Carone, to cause chaos. Example: hackers take over the electrical grid to a section of a city that includes the headquarters of several Fortune 500 companies along with a residential neighborhood. "[Hackers] can tell each of the companies separately 'If you want your power restored you need to give us some obscene amount of money and by the way we've also cut power to the neighborhoods in your area,'" he says.
Not only will that cost those companies a huge amount of money, but it could pit residents against companies if they are told that the reason they don't have power is because of their corporate neighbors. In other words: chaos.
Keeping up with the hackers
"This is a new world problem that needs a new world solution," says Newton. "The world has looked at security over the past 10, 15, 20 years from a perimeter perspective. Keep the bad guys out."
The mindset, he says, has to change. One way to do that is to protect crucial information by encrypting it so that, even if someone breaks in, "it's totally innocuous. The hack is like a non-event."
However, awareness, says Edry, is "very weak." Decision-makers, especially in government, aren't giving this issue the attention it needs, and when they do, the response is too slow. He thinks something major will need to happen before the problem gets that attention it deserves.
Because government does move so slow, Carone sees the solution coming from the private sector. "I think you're going to find practitioners in the field take it upon themselves to generate solutions and try to put that defense posture in place, whether it's ensuring safety of the electrical grid or the electoral process," he says. "[Otherwise,] it won't get done because government just can't make decisions fast enough."
Sign up for Computerworld eNewsletters.