As fears spread about the coronavirus (COVID-19), another issue lurks beneath the surface. The virus has provided an opportunity for nefarious individuals to send phishing emails and malware under the guise of pandemic response information from the World Health Organization. Using fake news and social engineering, cybercriminals play upon people’s fears to steal sensitive information. Erel Margalit, the founder of Jerusalem Venture Partners, has expressed his suspicions that cyberattacks have helped propel the virus. “The outbreak of the [coronavirus] and the way the world is dealing with it, is like a script for the onset of global cyberattacks,” he said at the Local Government Innovation Conference at Muni Expo 2020. As governments scramble to contain the coronavirus, their data systems and information architecture are enticing targets for adversaries along with the private sector. Unfortunately, governments have not been transparent about the dangers of cyberattacks to citizens and the private sector — and they are ill-equipped to deal with various cyber threats.
Emergency management is traditionally associated with natural disasters, acts of terror, and disease outbreaks. When a dam breaks, governments should be prepared to minimize the damage and risk to their citizens. However, many are using outdated computer systems to manage their infrastructure, which makes them vulnerable to attack. In 2013, Iranian hackers accessed the digital control system for the Bowman Avenue Dam near Rye Brook, New York. Although they did not open the floodgates, they would have been able to do so.
Most worrisome is that governments are reluctant to share data about such attacks (or are even aware of when specific attacks occur), fearing that such information will expose our vulnerability and incite further attacks. These concerns may be valid but keeping the public in the dark can only intensify the risk. Lapses in cybersecurity increase the potential for such attacks to impact the society at large. Officials kept the 2013 attack on the Bowman Avenue dam secret for three years. The U.S. government has indicated that Russia has perpetrated cyber-attacks on American nuclear power plants but did not share the details.
The scope of cyberattacks seems to be unlimited, and their targets continue to be caught unprepared. From causing actual physical damage in steel mills in Germany to striking the Economy ministry of Mexico, cyberattacks present an unprecedented range of threats. The national oil company of Mexico, Pemex, had to shut down its servers after a ransomware attack with a demand for $5 million bitcoins. In 2017, the virus WannaCry affected 80 NHS trusts in England, causing estimated damage of £92 million. Two years earlier, a North Korean group hacked the SWIFT messaging system that financial institutions use for funds transfers. When even large organizations are struggling to plug loopholes in their cybersecurity, the threat is nearly unimaginable for mid-level and small businesses. U.S. security officials have been warning of a “cyber Pearl Harbor or 9/11,” which could trigger a cyberwar that will unleash forces no one seems to be prepared for. Nevertheless, they have done little to improve the digital infrastructure needed to ensure public safety.
Cybersecurity needs the attention of all policymakers and emergency planners. To be truly effective, emergency management planners must incorporate cybersecurity into their framework. The world’s most powerful governments must take the necessary steps to update their infrastructure before it is too late.