In Cybersecurity And Cyberwar: What Everyone Needs To Know, P. W. Singer looks at cybersecurity issues faced by the military, government, businesses and individuals, and what happens when you try to balance security with freedom of speech and the ideals of an open Internet.
Singer is the director of the Center for 21st Century Security and Intelligence at the Brookings Institution. Singer tells Fresh Air‘s Terry Gross about the best ways to protect online accounts and the differences between tradition warfare and cyberwarfare.
On the importance of big companies taking cybersecurity seriously
[The Target and Neiman Marcus] incidents … are good illustrations of how cybersecurity issues affect us all. Even if you look at the kind of shopper who is at Target versus the kind of shopper who sends their personal buyer out to Neiman Marcus, they’re both being hit here.
… Companies may not have been taking security in the cyber-realm as seriously as they should. … There are certain industries that have done quite well because the incentives are really well aligned. … Think about the banking industry versus … the power grid, where they haven’t been taking it seriously enough, again, because the incentives aren’t there.
There’s a series of fairly simple steps that we can take. … One of them is, frankly, don’t use the same password for all of your different accounts.
… Often it’s not the password itself, it’s the secondary question … because if you’re being targeted in many ways, they’re going after the ability to change your password, to tell the provider, “OK, I lost my password. Can you send me a new one?” And in that case they’ll ask you some kind of question like, “What’s your mother’s maiden name?” which is easily look-up-able online and they get multiple chances at it.
… Give counter-intuitive answers to those: What’s my mother’s maiden name? Pizza, which is instead your favorite food, so it’s something they’ll never ever be able to look up.
… The bottom line is that any password is breakable. … The main thing is … don’t make the mistake that is out there. What is the most common password today? Password. What is No. 2? 123456.
On the hacking of U.S. patents
[Chinese hackers are] stealing designs for things that are of clear national security importance, like the design of a jet fighter.
There’s an advance jet fighter that we’ve been research-and-developing. … It’s a trillion dollar program and that program has been hacked multiple times. In fact, in one situation it was actually hacked while the plane was in mid-air; they were downloading information off it that way. So how do you measure the loss there? Do you measure it in terms of the literally billions of dollars of research and development that we paid for that they got for free? Or do you measure it in terms of the 10 to 20 years that we were supposed to be ahead of them that we’re not going to be? We’re already seeing design elements of that popping up in their new jet fighter systems.
On how cyberwar differs than physical war
There’s not the very clear and definable smoke plume coming out of the missile. … It’s not just the idea of the detection part of it, it’s also how you respond, or maybe rather when you respond. … You may want to watch an attack play out inside your system so you’re understanding it. … You may not always want to let the other side know that you know that they’re attacking you. Your response may be that you want to hit them back immediately, or maybe you want to let it settle a while and design something to go, effectively, after them.
… There’s this notion that it’s incredibly easy, but if we look at examples like Stuxnet, which was this weapon that we used to go after the Iranian nuclear research, it takes a massive amount of research and time and collective effort to build a truly impactful cyber-weapon.