CIOReview
| | December 20188CIOReviewIN MYOPINIONAMERICA'S BIGGEST VULNERABILITY: OURSELVESBy Mark Decker, CIO, Jackson County OregonUnsuspicious citizens are soft targets for social engineers, and America has a huge attack surface. To enemy hackers, `We the People' represent millions of unprotected end-points. Foreign nations and non-state actors have successfully exploited our human vulnerability time and time again. In 2016, spear-phishing led to damaging email leaks just before the election, when the Russian hacking group "Fancy Bear" compromised email accounts belonging to the Clinton campaign and the Democratic National Committee. In 2017, the same group used the same social-engineering techniques against three US senators up for re-election, including Democrat Claire McCaskill, a vocal critic of Russian President Vladimir Putin. And in summer 2018, another phishing attack targeted Republicans critical of Russia via fake conservative think-tank websites. Headline-grabbing attacks on high-profile American political targets are the tip of the iceberg. Attacks on lower-profile targets typically go unreported, if they are even detected at all. For every big-name politician, countless ordinary Americans are also targeted by hackers. Many of these regular folks are well-placed employees in critical industries. Their companies supply goods, services, and technologies to governments, militaries, and law-enforcement agencies. They are trustees in airports, hospitals, and power plants. Our nation's critical infrastructure grows more connected to the internet and more deeply dependent on computers every day. Trusted human beings have privileged access to those computers, and humans are a species known to routinely hand over their passwords when phished. Data breaches are hardly the worst-case scenario.It's not mere speculation to observe that a foreign actor could remotely commit a terrorist act or targeted assassination using stolen credentials as the murder weapon. Mark Decker
< Page 7 | Page 9 >