Who *IS* Going to Rescue Us
It is old news that Jeff Bezos was caught cheating on his (soon to be ex-) wife. That isn’t terribly unique news. Powerful men seem to do that a lot. At this point it is still somewhat murky as to how AMI, parent of the National Enquirer, obtained pictures that Jeff shared with his girlfriend.
It is certainly possible, as AMI claims, that they got them from the brother of Bezos’ girlfriend, Lauren Sanchez. It is not clear why he might have done that. Possibly he didn’t like the situation. Possibly, they offered him a suitcase full of cash. Surely he must have known that would not enhance his relationship with his sister. Maybe he didn’t care. Maybe he didn’t even like her. Who knows.
That gossip is not terribly interesting in the big picture.
There is, however, an aspect of the story that we should all be concerned with.
Bezos, having a few billion here and there, even after going 50/50 with his soon to be ex, hired an investigator to figure out how AMI got those compromising pics. In case you don’t keep up with the gossip, the pictures included parts of Jeff’s body that most people do not expose to the sun.
The investigator wrote an opinion piece for the Daily Beast saying it was the work of the Saudis. I certainly don’t know if this is true or not. Certainly the Saudis don’t like Bezos must since the newspaper he owns, the Washington Post, said that the Saudi Crown Prince was responsible for killing and dismembering a journalist, Jamal Khashoggi. Whether you think that Khashoggi was innocent or not, people generally don’t like the idea of ordering hits on people and then cutting those people up and stuffing their body parts into diplomatic pouches to get them out of the country.
We could debate for a long time the merits of all of the above, that is not the point of this piece.
Lets assume for the moment that we reliably believe that the Saudis did hack either Bezos’ or Sanchez’ cell phones, steal the photos and give them to AMI. This is an assumption, not a fact, but something we need to agree for the moment is possible.
Lets assume as an alternate, that some other government that we have a love-hate relationship hacked into some U.S. company for reasons of their own and either stole stuff or did some damage. An example of this is Sony and North Korea, but that is not a good example because we have a hate-hate relationship with them and not a love-hate relationship.
All of the above is just a setup for what follows.
What should we expect the U.S. government to do about it?
After all, we hack the crap out of anyone that we can – right? – NSA, CIA and other TLAs (three letter agencies).
Should the government retaliate? Lets assume for the moment that Trump and Bezos didn’t have one of those hate-hate relationships that they do have. Should the White House launch an attack on another nation?
This is a real question that Trump has had to deal with and the supposed reason for the China Tariffs. It is possible that the tariffs may have some long term effect on China’s hacking of us. Short term, it seems to have increased their hacking, but long term – who knows.
We do know in the short term it is costing U.S. companies billions, most of which will be passed on to U.S, consumers in the form of higher prices and slower growth. The auto industry says that it is causing them to lay off tens of thousands of employees.
But still, stay tuned.
China is not a good example either because what China is doing is very widespread, not targeted like going after one person or one company.
So what should we expect our government to do in cases like this?
In the aggregate, hacking is costing companies more than a half trillion dollars a year globally. That is real money. It is bigger than the GDP of many countries.
Realistically, individual companies do not have the ability to keep out a determined nation state actor. Not if they are targeted and motivated (that represents, maybe, one tenth of one percent of all of the attacks, probably much less than that).
What is also true that many small companies may become collateral damage from attacks – either by regular hackers or nation states, but not the target. A perfect example of that is WannaCry that devastated companies across Europe who were not the target of the attackers.
Here is the bad news.
My opinion is (which along with about $4.95 will buy you an average cup of coffee at a well known coffee chain – probably a small cup) that 99+% of the time – unless you are a Sony and go up in flames – the government is not only not going to do anything to protect you or retaliate, but they are not even going to notice that you have been attacked.
The FBI gets thousands of reports of attacks a week. In 2017, the FBI got more than 300,000 reports. That is more than 800 reports a day, including Saturdays and Sundays. The FBI has, as I recall, around 14,000 actual agents who are responsible for all manner of crimes including murder, kidnapping and terrorism. How many of those 800 reports a day do you think they can respond to?
In fairness, they will cherry pick a few. Maybe 5 out of 800 a day. I don’t know. Probably less.
Bottom line – you are going to be responsible for yourself.
Realistically, this means that you have to do your best to keep the bad guys out and be ready to deal with it when the bad guys win a particular battle.
You are not going to like this analogy, but after 9-11, we stood up the TSA. Whether you think they are wonderful or buffoons, we spend almost $8 BILLION dollars a year in that one agency just trying to keep the bad guys at bay. Based on published reports, something like 50% of guns screened by TSA get through the checkpoints, more at some airports, less at others. Luckily, those guns do not appear to be owned by active terrorists.
From the TSA’s standpoint, while they would like to prevent another 9-11, and the director of the TSA would likely be fired if there was another one, for the rank and file, they are just doing their job. There is not much financial consequence to the 40,000 plus employees of the TSA if another 9-11 happens. In fact, it is likely to reinforce their job prospects unless we decide to shut down all of the airlines permanently. Or make you travel naked with no luggage.
From your standpoint, if you suffer an attack – ransomware, theft of intellectual property, destruction of your factory like happened recently with a German steel mill, that is costing you real money, real business, real jobs. It is very personal for you. Norsk Hydro lost $40 million in the first week after their ransomware attack.
This means that you need to actively work to make it harder for the bad guys damage you.
For you, this means, time, energy, people and yes, money. Sorry.
This is one case where the government can’t fix it, even if they try.
Source: The Cybersecurity 202.