When we hear the word cyberattack, we likely imagine an aggressive targeting of information technology, including the networks and infrastructures where it hides. Our understanding is not wrong, as the definition is similarly emphasized in security-based articles or media reports we encounter. However, we would be wrong to assume that the effects of a cyberattack are limited to tech-based environments, as its impact on global life can be cataclysmic, with limitless cyber-related implications from individuals attacks and those orchestrated through duos, collaborations, institutions, or nation-states.
Through the act of hacking into vulnerable system, a cyberattacker aims to reveal, change, immobilize, demolish, steal, or acquire information to gain unlawful access and utilize it in an unauthorized way. The consequences of an unbeaten cyberattack can be catastrophic. They can be financially and operationally devastating, not to mention they can destroy your reputation—but can they threaten your very life? The answer might surprise you.
While it’s true cybersecurity providers and governing bodies do everything within their power to keep data safe, an effort now reinforced through the implementation of The General Data Protection Regulation (GDPR), the biggest question is: Are we doing enough to keep people—real, living people—alive and safe?
The WannaCry ransomware attack of May 2017 may still feel as fresh in our minds as the day it happened, with the ransomware cryptoworm targeting central processing units of more than 200,000 thousand computers across 150 countries. Two of the many affected organizations included Boeing Commercial Airplanes and the National Health Service (NHS) England.
Patients’ welfare is at the core of the NHS, and the WannaCry attack is to date one of the most distressing and destructive attacks in NHS history. In balance, it feels essential to voice that historically, healthcare-orientated attacks have been primarily for financial gain above the sabotage of human life, but we should acknowledge the potential for attackers to cause direct harm, should they choose, by understanding what their line of attack might be, and where the nation presents a vulnerability.
- Following the WannaCry attack, the National Audit Office reported that 19,000 hospital appointments were canceled. Imagine the potential consequence of missing an operation or a medical consult where your life hangs in the balance?
- The last decade has seen advanced technology supporting the WIFI functionality of Cardiac Pacemakers. In 2017, the U.S. Food and Drugs Administration recalled 465,000 implanted pacemakers, as they posed a risk of interference from hackers, with the capacity to adjust a patient’s heartbeat or tamper with the battery functionality within the device.
- Access to sophisticated technological apparatus has, over the last five years, become the new normal. At our fingertips, we have technology that encompasses both domestic appliances and multifaceted devices that store and record blood group data, track fitness, or capture health-related statistics. And on the higher end, we have created brilliant implants of neurostimulators to treat individuals with chronic illness, thereby enhancing their quality of life. Terrifyingly, none of these are safe from attackers, and meddling with the functionality of these tools, or the alteration of their data could see devastating consequences.
- Do we take for granted our Public Emergency Response (PER) system? Robust evidence suggests that significant expenditures are required to safeguard PER systems from cyberattacks that, if extensively hacked, would result in no connection when you call 911, preventing emergency response teams from coming to your aid.
- Cyber risks to airlines, airports, trains, and traffic lights are immense and at times unfathomable. The safety of transport operations relies on timing, clearance, signals, communications, and accurate information. Manipulation of any of these and the repercussions could be colossal, significantly endangering multiple lives.
- Imagine for a moment the impacts of disrupted services to your utilities in the form of electricity, water, power, oil, and gas, not to mention food and other services that demand the highest level of safety. The expanding digitization and maturing connectivity of our vital industries enhance operational efficiency and improve overall control, but they also inflate the opportunity for an attacker to penetrate systems, invade operations, and create turmoil that can result in loss of life through power failure initiation and the disablement of multi-functional generators.
Interruption to business continuity and financial impairment are both real consequences of a cyberattack. Direct threats to our people, however, must be carried with a weightier heart. Should future opportunists choose to engage in cyber activity with life-ending consequences, concerns will naturally grow for our nation and its safety, forcing an even closer look at our overall defensive approach.
Although human-orientated cybersecurity risks are nothing new, they are seldom discussed with the same degree of urgency as those related to hardware, software, and networks. But it is important to acknowledge these impending threats with the same concern and construct robust strategies for mitigating their ability to harm us through false campaigns, cyber warfare, and online terrorism of all kinds.