Last week, BusinessWeek catalogued the depth and breadth of the problem with breaches that originate in China while driving home the underlying fact that individual incidents “don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.”
The Washington Post reported that China was the main aggressor — targeting “energy, finance, information technology, aerospace and automotives” using malware and other techniques — with a goal of “economic gain.” The Chinese government ain’t the only Barbarian at the Gate, though. Al-Qaida has demonstrated over and over the desire to eviscerate the American way of life. We have a multitude of enemies, and increasingly we are vulnerable to them.
The day after Obama’s address, the Cyber Intelligence Sharing and Protection Act began its second journey through the House. The problematic bill died last year in the Senate for lack of John Arquilla’s vision. I expressed concerns
about CISPA the first time around, specifically regarding privacy safeguards. Privacy advocates don’t think it has enough, because CISPA demands the flow of information going both ways: government to private sector and vice versa. That two-way traffic pattern was notably missing in Obama’s vision this time around (he advocated only for government sharing with the private sector), which may help pave the way for CISPA, provided lawmakers act on the president’s cue. We can only hope that with a few intelligent tweaks CISPA can become law soon.
While the creation of uniform security standards for computer systems that run the nation’s critical infrastructure is a no-brainer, the answer to the question “Are we prepared?” is, for the time being, a resounding “Not exactly.”
A worst-case scenario would feature a cornucopia of catastrophe such as shutting down major sections of the power grid, erasing millions of bank accounts, manipulating or hijacking tens of millions of identities, and/or disrupting transportation systems throughout the land. Simply put: systems failure.
So while we wait for Congress to actually do something meaningful for our safety and welfare, here is a short list of things you can do to minimize the damage.
1. Print it and store it. If a hacker brings down your bank’s website, or the entire electrical grid, you need the paper documents to prove what’s rightfully yours. Print out your checking regularly, savings and credit card account transaction information and a recent credit report. Keep scans or equivalent documents on a password-protected encrypted thumb drive. This stuff may well come in handy when power is restored.
2. Get it together (and copy it). Gather personally identifiable documents, place them in sealed, waterproof plastic bags and store them in more than one secure place such as a safe at your house, as well as another location you can access in an emergency. Again, password-protected, encrypted portable drives are critical. Documents to include:
3. Think like a prepper.
- Birth certificates
- Social Security cards
- Insurance policies (car, home, life)
- Property valuations
- Ownership deeds to property, car title, mortgage, etc.
- Information on savings, checking, credit card and investment accounts
- Contact information for creditors and any company that sends you a bill
- Military records
- Marriage and divorce papers
I’m not saying everyone should go out and buy a gas mask, survival ax and walkie-talkies. But having emergency basics including candles and matches is always a good idea. FEMA recommends keeping enough food to last your family two weeks. A cache of cash is also a good idea (ATM networks could go down, too).
4. Work with your neighbors. If the cyber war crashes our electricity and transportation networks for more than a few days, serious chaos would ensue. Rather than stocking the basement full of food, guns and ammo, another option is to come together as a community. Together you can strategize ways to get the food and water you need and protect the neighborhood from looters. (After all, even the best-prepped prepper needs sleep occasionally.)
5. Demand more from government. It’s not controversial, complicated or partisan. A unified security standard for every nuclear power plant, drinking water plant and subway system is just common sense. The cyber-security law failed last year due to a combination of cynical obstructionism and correctable flaws in the legislation. Call, write, email and tweet your representatives in Washington. Urge them not to make the same mistake twice.
More from Credit.com:
The 10 Worst Government Data Breaches of 2012
7 Ways to Protect Yourself From a Facebook Hack
The 10 Dumbest Risks You Take With Your Smartphones