Opinion: Ransomware is a problem we should be talking about

The government needs to make technological improvements to protect Americans from future ransomware attacks that could be devastating.

by Navaiah Santora

As modern technology becomes further integrated into everyday life, there are security risks that are not being discussed. By now, everyone has seen or heard about companies getting hacked and their data being stolen. But, what is arguably more serious is ransomware.

Ransomware blocks a machine or a group of machines from being able to do anything unless a certain amount of money is paid, usually in a cryptocurrency like Bitcoin. It is generally not advised to pay the ransomware because the malicious group that made the ransomware will likely come back and ask for more money. The only option is to find a way to get the ransomware off the computer, which if sophisticated enough, might not be an option.

This kind of attack would be devastating in certain industries like health care because nearly all medical records are electronic now. What is more dangerous, is if something like this were to happen on a government level, specifically in the public sector.

The government is using an uncomfortable amount of computers and other electronics from the 1990s-2000s. Most tech companies no longer support these technologies, so security updates are not going out. Ransomware is increasing exponentially every year, and there is bound to be an exploit found that will compromise the security of those older machines. If the ransomware somehow gets on those computers either by accident or by a rouge employee, it can be devastating. Water plants might not be able to treat water to make it safe for consumption for extended periods of time, leaving certain areas without water.

The most damaging of all government industries would be a hack against the electrical grid. It is estimated that if a wide-scale attack like this were to happen in the United States, after three weeks we would not be able to recover. In an ideal world, I would like to think this is not possible in the United States. But it is, and it isn’t being talked about enough. The United States is so far behind on cyberinfrastructure that this is a possibility. This already happened on a small scale in 2019. Granted, power did not go out anywhere, but it was noted in the North American Electric Reliability Corporation report that unauthorized personnel were in a private electrical company’s firewall for around 10 minutes. This does not seem like a lot, but they should not have been in there at all. Who knows what information they took and what information they found?

So what can be done about this? Unfortunately, there is not much the general public can do other than raise awareness. Older software that is used by these utility companies and by the government is used because that’s where they were first created. The older operating systems have a lot more flexibility as far as what can actually be run on it compared to modern operating systems. This lack of flexibility is due, in part, to security concerns. It is possible that companies that make software, such as Microsoft, can work with the government and the private sector to create operating systems that are modern and more secure but still allow for the flexibility of what is needed. This type of change would take years to make, but it is better to start sooner rather than later.

It is no secret the government does not like change, especially in terms of technology. But, if they want to keep the electrical grid and other utilities safe from potential blackouts and ransomware, then a change like this needs to be done. The cost of this type of project is not worth the possibility of Americans dying because of blackouts.

 

Navaiah Santora is a senior at the University of Minnesota studying IT-security.