08 Jul Creepy Cyber Coincidence? Probably Not.
On July 8, United Airlines, The Wall Street Journal, popular financial blog site ZeroHedge and the New York Stock Exchange all had to shut down their services for “technical reasons.” Although the Department of Homeland Security released a statement saying that there was “no sign of malicious activity” at the NYSE, intellectual speculators quickly joined their financial peers to suggest these events were not coincidental and the result of a coordinated cyber-attack.
Simple probabilities support the view that this was not a set of coincidental technical failures.
Given the criticality of technology to United Airlines, let’s assume for a moment it has a daily reliability rate of 99.99%, meaning it has a system failure once every 10,000 days – which equates to once every 30 years. Seems reasonable. Now, let’s assume the NYSE has a daily reliability rate of 99.9%, meaning it fails once every 1000 days (approximately 3 years). Given the Wall Street Journal doesn’t directly handle billions of dollars or millions of lives, let’s assume it’s daily reliability rate is 99%, equating to one failure every 100 days.
If these events were truly random and independent, then the frequency of all three of these events happening at the same time is – are you ready – once in a billion days (or if you prefer to count in years, almost 2.8 million years!) If for some reason you feel that the WSJ’s reliability is higher (say 99.9%) then the three events would happen even less frequently (once in 10 billion days!). Coincidental failure is possible, sure, but it does seem highly unlikely.
When looking at other global developments, one is immediately drawn to China’s imploding stock market. Might there be a connection? Some have suggested that disgruntled Chinese hackers were behind the attack, a fact that both a real-time cyber attack map from Norsecorp and a digital attack map produced by Google Ideas and Arbor Networks appear to validate. Perhaps the Chinese are not happy with WSJ reporting of the regularly falling prices of their NYSE listed securities?
So What? Whether my speculative musings prove true or false, one thing does seem certain: cyber risks are large, rising, and will affect almost everyone. Travel by air? Even before today’s shut down of United Airlines, the industry has been warning that a major cyber attack is “absolutely inevitable.” Just last month, Poland’s LOT Airlines was grounded after hackers disrupted their flight planning technologies.
Lest you think cyber attacks only affect information, think again. They have the potential to damage physical stuff too. A German steel mill was hacked last year and the perpetrators blocked the control systems from properly shutting down a blast furnace, resulting in massive damage. Given this risk to facilities and equipment, it’s not surprising that insurance giant AIG invested in K2 Intelligence, an emerging leader in the field of cyber security.
And please don’t dismiss these risks as just being about hackers stealing customer information from large corporations. Cyber attacks will soon be a risk we bear in our everyday lives. Use the Starbucks app to buy your daily latte? Cyber attacks have enabled hackers to drain bank accounts through the Starbucks app. As the Internet of Things booms (IDC estimates there will be 200 billion connected devices by 2020), and devices as far ranging as refrigerators to cars are brought online, vulnerabilities multiply.
One particularly problematic area is the domain of medical devices. Insulin pumps can be hacked, as can many other wirelessly controlled medical devices, rendering patients vulnerable to medical cybercrimes. Remember the Homeland episode in which the Vice President’s pacemaker was hacked by terrorists, allowing them to administer a lethal cyber attack? As explained by the show’s producers and noted by Dick Cheney’s doctors, hackers can quite literally break your heart.