cyberattack Archives | Restoring Liberty

Cyberattack on Healthcare Tech Giant Sparks Nationwide Pharmacy Delays

February 22, 2024/0 Comments/in Featured, News /by News Editor

A cyberattack targeting the prominent healthcare tech giant Change Healthcare has triggered widespread disruptions in pharmacies across the United States. The leading prescription processor announced that it was “experiencing a network interruption related to a cyber security issue,” prompting immediate action to safeguard partners and patients by disconnecting its systems.

The extent and specific nature of the cyberattack have not been disclosed by Change Healthcare, leaving pharmacies grappling with outages and delays. According to reports from the Huron Daily Tribune, healthcare provider Scheurer Health in Michigan faced prescription processing challenges at all its family pharmacy locations.

The impact extended to McConnell Air Force Base in Kansas, where the 22nd Medical Group reported a temporary pharmacy outage. Despite acknowledging the inconvenience caused, the medical group assured patients that its team was diligently working to resolve the issue, with an estimated resolution by the following day or later. While the pharmacy remained open, new prescriptions could not be processed due to an “unexpected enterprise-wide MHS GENESIS downtime.”

Canadian Lakes Pharmacy in Michigan also fell victim to the nationwide outage caused by the cyberattack on major prescription processors in North America. The pharmacy acknowledged the ongoing issue, affecting numerous pharmacies since the previous day.

Change Healthcare, being one of the largest healthcare technology companies in the United States, handles orders and patient payments nationwide. The company’s proactive measures, disconnecting its systems to prevent further impact, indicate the severity of the cyber threat.

Photo credit: Flickr

Cyberattacks Are a Major Security Threat. Here’s How to Deter Them.

December 16, 2016/0 Comments/in Featured, Opinion /by Albert Wolf

Nearly two years ago, North Korea launched a cyberattack against Sony that nearly crippled the movie giant. The U.S. responded by imposing yet another round of feckless sanctions against the Hermit dynasty.

But ironically, if members of the North Korean army had landed in Los Angeles and blown up Sony’s studios with dynamite, they would actually have done less damage to the company—but there likely would have been a greater outcry in the U.S. for a more forceful response.

Cyberattacks are incredibly destructive, but because they are subtle, they often attract far less attention than overt attacks.

North Korea’s attack against Sony, along with a host of other state-sponsored cyberattacks, raises important questions for U.S. policymakers. How should we deter cyberattacks? And how should we respond when our deterrence fails?

Unlike the early days of the Cold War, we do not have a modern-day George Kennan (who wrote the strategically vital article “Sources of Soviet Conduct“) or a Paul Nitze (the primary author of the influential NSC-68) for the cyber age. Instead, we are left with the strategic equivalent of trying to pour old wine into new recyclable water bottles.

In order to develop a cyberdeterrence doctrine, we need to unpack what is necessary in order for deterrence to be successful—and how to respond when deterrence fails.

One of the most difficult hurdles to overcome is defining what constitutes a cyberattack. Several federal agencies disagree over what is, and is not, a cyberattack.

An informal consensus is contained in a report issued by RAND Corp. in 2009, which defined a cyberattack as “the deliberate disruption or corruption by one state of a system of interest to another state.” (Spying is not considered to be a cyberattack because it does not deny users access to a system, even though spying may be a prelude to an attack.)

At first glance, this is a reasonable definition. It doesn’t account, however, for one group of people: nonstate actors.

If a group such as the Islamic State, al-Qaeda, or Hezbollah were to disrupt the electrical grids in the United States or Israel, surely this would count as a cyberattack, would it not?

This brings us to the second problem: attribution—that is, correctly identifying where a cyberattack has come from.

It is fairly straightforward to determine who fired a gunshot or a rocket. However, when it comes to cyberattacks, attribution is a critical component of deterrence. Without attribution, we do not know who to retaliate against.

In the 2008 war between Russia and Georgia, hackers operating from Russian soil launched cyberattacks against Georgian installations. However, there was little evidence to directly tie then-Prime Minister Vladimir Putin’s Kremlin to the attacks.

While the attacks benefited Russia’s military efforts, there was no proof that Putin or then-President Dmitry Medvedev had hit the “enter” key—or created the code.

This lack of proof complicates efforts at the third problem: retaliation.

In order for deterrence to be credible, states not only have to be able to attribute attacks, they have to be able to retaliate. States may deter in one of two ways: deterrence by denial and deterrence by punishment.

We can think of deterrence by denial as erecting a large fence where cyberattacks would be deflected (or, building a wall that is so tall, enemies would not bother to attack it in the first place).

Deterrence by punishment, on the other hand, means retaliation. It is in essence saying to the enemy, “If you kill my mainframe, I’ll melt every one of your servers.”

These two options are not necessarily mutually exclusive. States can build cyberdefenses that protect against attacks by making the costs of attack exceed any of the benefits. States can also adopt retaliatory postures in response to attacks, provided they can determine who was responsible for an attack.

This leads us to the next issue: proportionality.

In his classic book “Strategies of Containment,” historian John Lewis Gaddis differentiated between two types of containment: symmetrical and asymmetrical.

Symmetrical containment emphasized maintaining the balance of power between the U.S. and the Soviet Union. It also suggested that if the Soviets attempted to breach our sphere of influence, we should respond proportionately.

This was the strategy adopted by the Truman, Kennedy, Johnson, and Carter administrations.

By contrast, asymmetrical containment suggested the U.S. climb the ladder of escalation in response to Soviet provocation.

In order to make Soviet expansion costly, the U.S. should push the Soviets behind the “Iron Curtain”—the term coined by Winston Churchill to describe the dividing line between the free states of Western Europe and the Soviet-dominated member nations of the Warsaw Pact. Presidents Ike Eisenhower, Richard Nixon, Gerald Ford, and Ronald Reagan all adopted this posture.

While retaliation against cyberattacks is necessary, whatever posture we adopt, the key question we need to ask ourselves is: “What next after retaliation?” Our hope, of course, is that with a symmetrical posture, our enemies will learn their lesson.

But, what if they don’t? What if they see a symmetrical posture as a sign of weakness, a lack of resolve, or a sign of low capabilities?

Similarly, the aim of an asymmetrical posture is to demonstrate our resolve while increasing the costs of cyberconflict for our opponents. But what if we are facing an opponent like Saddam Hussein, who lacked the ability to update his beliefs in the face of discrepant information, and any retaliation on our part is not taken seriously?

Or, what if we face a defensively motivated opponent whose intentions are not nefarious, but are driven by an interest in national security? Here, an asymmetric posture could lead to an unnecessary spiral of conflict.

Furthermore, we need to discuss whether our responses should be restricted to the cyber domain or include more conventional means of retaliation, such as economic sanctions or military strikes.

Some pundits and scholars have written of a “new” strategic triad: space, nuclear, and cyber. To be successful, it is necessary to develop a doctrine for cyberdeterrence that defines what a cyberattack is, how to attribute attacks from state-based and nonstate actors, and the appropriate degree of retaliation.

Before we develop a new cyber doctrine by the seat of our pants, it is worth allowing our cyber experts and decision-makers to take a breath and sift through the laborious conceptual work that is needed to make cyber-deterrence successful in the 20th century. (For more from the author of “Cyberattacks Are a Major Security Threat. Here’s How to Deter Them.” please click HERE)

Follow Joe Miller on Twitter HERE and Facebook HERE.

Energy Official: Cyberattack Could Bring U.S. Grid Down

April 29, 2015/0 Comments/in Featured, News /by Sam Rolley

Power Maze

U.S. Energy Secretary Ernest Moniz said this week that, despite the federal government’s best efforts to “stay ahead of the bad guys,” the nation’s energy infrastructure remains “a major target of cyberattacks.”

“The energy infrastructure is a major target of cyberattacks. That is increasing in frequency and perhaps source,” Moniz, said at a breakfast hosted by the Christian Science Monitor.

According to Moniz, U.S. natural gas pipelines represent a particularly weak link in the infrastructure chain.

“The natural gas system, the distribution pipes, are a big issue,” he said. “About half of the distribution pipes in the country are 50 years old or older, so that’s a very obvious area.”

According to the energy official, small gas distribution pipelines that carry fuel to gas customers are aging and at capacity. Some high-volume pipelines, meanwhile, remain “underutilized” despite the U.S. shale boom of the past decade. (Read more from “Energy Official: Cyberattack Could Bring U.S. Grid Down” HERE)

Follow Joe Miller on Twitter HERE and Facebook HERE.

Posts