The city of Atlanta was under attack.
Not by terrorists with guns or knives or vehicles as weapons — but instead by hackers who in March disabled the city’s public services with ransomware. The cyber offensive left Atlantans unable to pay bills online, and visitors to the world’s busiest airport, Hartsfield-Jackson Atlanta International Airport, unable to connect to WiFi.
And around the same time yet nearly 700 miles away in Baltimore, in a seemingly unrelated attack, hackers disabled the computer system supporting emergency calls in that city.
Both incidents underscored the vulnerability of many public computing networks — and the damage that hackers in the dark corners of the internet can inflict on vital services.
Cyberattacks have typically been carried out by criminals and organized gangs –- but many fear public infrastructure will be an increasing target in traditional warfare.
“I believe we are on the cusp of a fundamental change in the character of war,” said Gen. Mark Milley, the U.S. Army Chief of Staff to the AUSA in 2016. “The significantly increased speed and global reach of information (and misinformation) likewise will have unprecedented effects of forces and how they fight.”
In the attacks on Atlanta and Baltimore, for which no one has been arrested, ransomware seemed to be the weapon of choice. An increasingly prevalent form of cybercrime, ransomware penetrates and disables systems and data to users, and essentially hijacks their personal information. Hackers literally demand a ransom to release the victim’s files back to them.
Ransomware is not limited to the United States, of course. Hackers have struck banks, hospitals, businesses and schools around the world, including the United Kingdom’s National Health Service.
Beyond ransomware and the vulnerabilities of online infrastructure at the municipal level, experts fear cyberattacks on national security. Suzanne Spaulding, the former undersecretary for cyber protection at the Department of Homeland Security, told ABC News there is a “coming wave” of cyber incidents that will affect databases. And those networks include data on individuals of interest to national security that are integral to the country’s security network.
The rules of engagement in cyber warfare are ever-changing and have yet to be defined.
“We do not have a strategy for dealing with that war,” Sen. Angus King, I-Maine, said at a Senate Armed Services Committee hearing last month.
Weaponizing everyday technology
When the fitness app Strava released data in November on more than 1 billion activities — through GPS exercise devices like Fitbit — keen observers noticed unusual activities in sensitive locations around the world. The 13 trillion data points seemed to reveal locations of military bases where soldiers or Marines were wearing devices to measure their running.
As sophisticated devices become increasingly accessible to everyday consumers, our lifestyles are adapting to live with more in tandem with them. Experts say we are becoming increasingly comfortable in surrendering more of our personal data to increasingly powerful corporate firms — in exchange for convenience.
That, experts say, is a perfect example of how the seemingly mundane use of technology could pose national security risks.
“We are going to start seeing a lot more of this,” says Robert Schifreen, a cybersecurity analyst for ABC News. “As we move more and more online and live more of our lives connected to the internet out of ease and convenience, we are going to come across vulnerabilities we hadn’t even considered to be sensitive.
“People will be ready to exploit them where they can,” Schifreen added.
Brian Lord, the former deputy director for the Intelligence and Cyber Operations at the Government Communications Headquarters in Britain, said security will be difficult to negotiate in an age where the general public is almost entirely reliant on services online.
“Data is a foundation on which everything relies. If you take away the access to data or the integrity to data that you’re looking at then everything collapses because everything depends on it,” said Lord, who is now managing director of cyber at Protection Group International, which specializes in cybersecurity.
“Our dependence on IT systems and the internet is absolute, and if it’s taken away or denied, then we cannot function,” he told ABC News.
Combatting cyber warfare
As the digital ecosystem expands — and people increasingly do everything from finances to shopping online — so, too, do the risks, according to experts and recent research.
Northeastern University estimates that by 2020 the total amount of data in the world will be 44 zettabytes. To put that into perspective –- one zettabyte is equivalent to 44 trillion gigabytes.
And that infinite trove of data can be weaponized, experts warn. One instance of a rising tool in the cyber warfare arsenal is Kompromat — the Russian term for the gathering of compromising and embarrassing personal information.
Lord says all of the risks we are increasingly becoming aware of — to municipal infrastructure, national security and even elections — are difficult to protect against because of the vast openness of the internet.
“What bothers me more is that the internet itself is ungoverned by its very nature,” he said. “It isn’t owned by anyone and it was never designed for this kind of purpose.
“How long is it reasonable to expect the connectivity provided by the internet to be ungoverned when it is providing absolutely critical services?” he added. “I just do not feel that any state or any democratic state has got its head around that.”
President Trump’s first federal budget proposed $1.5 billion allocated to the Department of Homeland Security for cybersecurity, protecting both federal networks as well as critical national infrastructure from attack.
Robert Mueller, the special counsel investigating Russian interference in the elections, recently indicted 13 Russians and three companies for their role in the plot.
And earlier this month, members of Congress grilled Facebook CEO Mark Zuckerberg for two days in the wake of the Cambridge Analytica scandal. The data firm, which had ties to Donald Trump, accessed information from 87 million Facebook users.
Still, Lord says despite government’s best efforts, the law may be behind the curve on protecting online users, the cities and countries they live in, and the institutions they live by from cyber warfare. Worst yet, he warns, the risks may increase in the near future.
“My biggest fear is that we are inherently reliant on an ungoverned structure where our understanding of its capacity is still a long way away,” he said, “and it’s going to come home to roost in the next five or 10 years.”