WASHINGTON – The “WannaCry” ransomware attacks, which some experts tentatively attribute to North Korea, remind us again that malicious malware crosses borders without pause and has the potential to cause serious harm to friend and foe alike.
Days after the news broke, 99 countries had reported attacks, including major disruptions at 16 of Britain’s National Health Service health care centers, Russia’s Interior Ministry, FedEx and Spanish telecom giant Telefonica. Despite significant investment in network security, automated security patching by Microsoft, and the best efforts of computer emergency response teams (CERTs) and incident responders across the globe, WannaCry spread like wildfire, wreaking damage on those infected. Cyence, a computer-risk modeling firm, estimates the WannaCry ransomware caused $4 billion in damages in just a few days. The rapid and destructive spread of this ransomware highlights the need for a coordinated international response to large-scale cyberattacks.
A new Trump administration executive order on cybersecurity calls for public and private input on defending U.S. networks as well for an international cyberengagement strategy. The order is a small step in the right direction toward addressing systemic risk to the internet, but the time has come for real action. The interdependent nature of today’s international system brings with it new risks of catastrophic failure and concrete steps must be taken to address them. This means better real-time coordination between a variety of security vendors, CERTS and internet service providers (ISPs), a stronger commitment to security from developers and end users, and better cross-border support between governments pulling in domestic private resources as needed.
Nowhere is this need more striking than in the U.S. alliance with Japan. The destruction of Sony’s corporate IT system in 2014 and the 2015 pension system hack in Japan serve as stark reminders of the serious threats the United States and Japan face. In the aftermath of the Sony attack, we know that North Korea — bent on developing a nuclear missile that threatens both nations — has the ability to launch a sophisticated cyberattack in conjunction with a conventional or nuclear strike. Similarly, we see Russia — accused of meddling in the 2016 U.S. presidential elections — incorporating crippling cyberattacks on communications, financial and energy infrastructure into its military campaigns against Georgia and Ukraine.
Yet, almost 30 years after the Morris Worm shut down 10 percent of the internet in 1988, Japan has done little to prepare to defend against a nation-state sponsored cyberattack. Although Japan’s recent pledge to participate in the Department of Homeland Security-sponsored Automated Indicator Sharing program is laudable, Japan-U.S. alliance coordination is still mostly talk, presentations and white papers. The 2020 Summer Olympics in Tokyo offers our foes an attractive target. Protecting this high-profile event from malicious actors needs to be a key element of our engagement strategy with Japan, and a momentum-builder for taking Japan’s cybersecurity to the next level.
North Korea’s cyberweaponry offers it an effective way to unleash its hostile intentions toward the U.S. and Japan, a risk too dangerous to ignore. The Japan-U.S. alliance and Japan’s Constitution permit a strong response in the face of a military attack on Japanese soil. They provide all the legal underpinnings for an active and effective defense collaboration. The U.S. military and the Self-Defense Forces need to put action behind words and start training together on responding to significant cyberattacks arising within a larger conflict.
Finally, the WannaCry attacks force us to acknowledge the cross-border interconnections of public and private infrastructure as well as telecoms, corporate systems, and other private networks and endpoints. Responding to attacks against internet-connected systems requires an unprecedented level of cooperation between private and public elements — hardware and software providers and operators, incident responders, domestic law enforcement within countries and, most of all, end users — as well as real time cross-border exchanges among private- and public-sector organizations. Finding ways to facilitate rapid cross-border, cross-sector response mechanisms is critical to thwarting these sort of fast spreading threats before they do major damage. There is no easy answer here. Everyone, even end users, must take on some responsibility for securing networks, but it is up to governments to lead the way.
The U.S. and Japanese governments have been holding the annual U.S.-Japan Cyber Dialogue since 2013. The two countries need to take the next step beyond information exchange and develop a list of actionable items for collaborating on reducing vulnerabilities and responding to incidents. We recommend the following steps:
- Establish liaison exchanges that promote better threat awareness and coordination — to include putting personnel in situation rooms such as the National Crime Information Center and forming joint task forces of intelligence and law enforcement authorized to act on situations as they develop.
- Include the SDF in U.S. military communications networks, such as the Mission Partner Environment/Multinational Information Sharing and related systems, to improve security and interoperability.
- Institutionalize meaningful coordination between industry-focused U.S. and Japanese Information Sharing and Analysis Centers (ISACs) that permit rapid dissemination of threat information, remediation steps, and best practices between private-sector participants in both countries.
The U.S. executive order is a call to action. The WannaCry attacks are a warning of the consequences of nonaction. The U.S. and Japan can and should heed that call.
Former Adm. Dennis Blair is chairman of the board and distinguished senior fellow (nonresident) of Sasakawa USA. Bud Roth is a nonresident fellow for cybersecurity at Sasakawa USA. © 2017, The Diplomat; distributed by Tribune Content Agency