Companies are facing the 'next great challenge' for stopping hacks

Ethan Wolff-Mann
Senior Writer

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG as Britain’s National Health Service is investigating “an issue with IT” Friday May 12, 2017. (@fendifille via AP)

In May, North Korea’s WannaCry virus encrypted hundreds of thousands of devices across the world, halting production at companies, slamming hospital infrastructure, and causing serious problems.

In a press conference Tuesday, Tom Bossert, the White House’s Homeland Security Advisor, and Assistant Secretary for Cybersecurity and Communications Jeanette Manfra officially attributed the attack to North Korea and called for increasing “collective defenses.”

It was a call for cooperation and action against a global antagonist. As Manfra put it, “a company can’t single-handedly defend itself against a nation-state attacker.” But the announcement also brought up a suite of issues for companies as they step into an increasingly murky cybersecurity landscape.

A U.S. company is not the U.S.

The White House officials made one thing clear: an attack on a U.S. company was not tantamount to an attack on the U.S. as a country. (In reverse, this does not apply, as many countries direct private citizens to carry out attacks at their behest.) But at the same time, Manfra said, “our adversaries are not distinguishing between public and private, so neither should we.”

This may sound like doublespeak, but it’s a good illustration of how complicated cyber-issues are today. “Cyber norms” are not in place yet. Cyber norms, according to Alex McGeorge, head of threat intelligence at cybersecurity firm Immunity Inc., are essentially a framework for what is acceptable and unacceptable behavior. (Akin to a regular norm like how corporate espionage is frowned upon generally, but state-run espionage is generally accepted as common practice.)

“Cyber norms are really interesting because how each country views them is very different,” said McGeorge. For example, the U.S. can’t make a private citizen hack on its behalf, but in China, he says, it’s common practice. “The establishment of cyber norms is the next great challenge of the next few decades.”

Tom Bossert, homeland security adviser to President Donald Trump, holds a press briefing to publicly blame North Korea for unleashing the so-called WannaCry cyber attack at the White House in Washington, U.S., December 19, 2017. REUTERS/Kevin Lamarque

Figuring out what’s normal is just the first hurdle, however. Deciding how to respond is the next problem. According to Larry Johnson, CEO of CyberSponse and a former lead cyber investigator with the U.S. Secret Service and Treasury, criminal acts by states usually flow out of law enforcement and into State Department diplomacy.

For example, in the past, when North Korea was counterfeiting U.S. currency (“they were buying the same ink and paper because they could go to the suppliers as a nation-state,” said Johnson) — the case was closed and the State Department resolved the matter diplomatically, with North Korea making concessions.

Another option is to not interfere and collect intelligence. “You let the criminal activity go so you can gather intelligence,” said Johnson.

Are companies on their own? Sort of.

The US government exploits gaps in companies’ security for intelligence collecting. According to Bossert, only 10% is kept for intelligence gathering and the rest is given to companies so they can patch them and keep their customers’ data safe. (WannaCry was made from a leaked NSA tool, which itself came from the 10% of vulnerabilities the government uses.)

This is 90/10 framework of ethical disclosure of bugs is another example of a contentious cyber norm, and it has been in debate since the ‘90s. “We have a lot of smart people and little headway,” said McGeorge. “It’s going to continue to be a murky issue but now with more people with less tech expertise [start getting involved].”

Besides continuing to turn over most of the vulnerabilities the government finds and notifying companies when they’ve been hacked, it’s not clear what the public-private cooperation will look like, even though Bossert and the DHS have promised to help.

In this Monday, May 15, 2017, file photo, employees watch electronic boards to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea. (Yun Dong-jin/Yonhap via AP, File)

Some companies might want help in terms of more aggressive action against North Korean hackers, but it’s also possible that it might be done with a heavy — and unwelcome — hand, though Bossert stressed the voluntary nature and robust privacy and liability protection.

What the help will look like and whether companies want the help may turn into a thorny issue. According to McGeorge, companies are asking themselves: “Is this going to entail DHS dispatching a team of nerds to my network?” If you’re Apple or Google, you might not want this. “Someone else might have a different opinion, though,” he said.

One reason you might not want to call the feds if you don’t have to, Johnson, the former Secret Service lead cyber investigator, told Yahoo Finance, is because a cyber incident might turn into a PR disaster.

“Once you call the government, all bets are off that you won’t be front page of [the Wall Street] Journal or the [Washington] Post saying you were hacked or breached because of lousy security,” said Johnson. “I think that’s a big part of it.”

For now, nothing is getting simpler.

“DHS isn’t telling companies that they’re on their own,” said McGeorge. But how they will help hasn’t been fleshed out. And what are the laws to protect you from the government when the feds are helping?”

If there’s one silver lining, however, it’s that McGeorge views Bossert and Manfra as being very competent with a good understanding of the complexity of these issues.

Ethan Wolff-Mann is a writer at Yahoo Finance. Follow him on Twitter @ewolffmann. Confidential tip line: FinanceTips[at]oath[.com].

Read More:

American Airlines just resolved its 15,000 flight fiasco

The phone industry’s clever plan to stop robocalls

Jack Dorsey on bitcoin and cryptocurrency

How cutting the 401(k) limit would affect people’s saving

Former ambassador: Mexico has ‘moved on’ from NAFTA

Big bitcoin-friendly companies like Microsoft and Expedia hedge their bet

The real reason Mexico will never pay for the Trump’s wall: It’d be ‘treason’ 

How Waffle House’s hurricane response team prepares for disaster

Trump weighs slashing one of the most popular tax deductions

  • Duchess Meghan dazzles in her first royal gown for Fiji state reception
    News
    Hello!

    Duchess Meghan dazzles in her first royal gown for Fiji state reception

    The Duchess of Sussex has stepped out to attend a state reception in Fiji in a true show-stopper – her first ever royal gown! Wow. The mum-to-be looked incredible for the formal dinner, hosted by the President of Fiji at the Grand Pacific Hotel where the royal couple are staying. The beautiful shade is in fact thought to be a nod to the nation, with one guest noting the gown was clearly 'Fijian Blue, - a tribute to her hosts.

  • See Prince Harry's amazing response to palace aides when told to end conversation with military widow
    News
    Hello!

    See Prince Harry's amazing response to palace aides when told to end conversation with military widow

    The Duke of Sussex was left rather unimpressed when his royal aides tried to hurry him along during an important conversation with a serviceman's widow. On Friday, Prince Harry was joined by Invictus ambassador Gwen Cherne on the Sydney Harbour Bridge climb in which they talked about grief and loss. Ms Cherne, whose husband served in Cambodia, Afghanistan and Iraq and took his own life in February this year, shared a hug with Harry before they were interrupted.

  • Conor McGregor accepts he made many mistakes against Khabib Nurmagomedov, and is happy to fight the 'next in line' if he can't land a rematch
    News
    Business Insider UK

    Conor McGregor accepts he made many mistakes against Khabib Nurmagomedov, and is happy to fight the 'next in line' if he can't land a rematch

    Conor McGregor has analysed his UFC 229 loss to Khabib Nurmagomedov in a lengthy Instagram post. McGregor also admitted that many mistakes were made in the build-up to UFC 229, as well as in the actual fight itself. Conor McGregor has accepted that he made many mistakes in the build-up to UFC 229, and in the actual fight with Khabib Nurmagomedov on October 6.

  • Brexit news latest: UK cabinet divided over No10 fear for Ireland leader's future
    News
    Evening Standard

    Brexit news latest: UK cabinet divided over No10 fear for Ireland leader's future

    Fresh Cabinet tensions have erupted after senior No 10 officials told ministers they are “concerned” that a tough stance on the Northern Ireland backstop could undermine Irish premier Leo Varadkar. The issue was raised by Downing Street during weekend conference calls of Cabinet ministers organised by Downing Street ahead of Theresa May’s statement in the Commons. Brexiteers fear that Britain’s negotiating stance could be softened to protect a foreign leader whose interests are opposed to the UK’s.

  • Strictly Come Dancing: The professional dancers and their sizzling romances
    News
    Hello!

    Strictly Come Dancing: The professional dancers and their sizzling romances

    With Strictly Come Dancing continuing to dominate our television screens and all the headlines, there are a number of professional dancers who have become some of our firm favourites. From Aljaz Skorjanec and Janette Manrara to Ola and James Jordan, take a look at these relationships... Aljaz and Janette are a huge hit with the viewers.

  • Strictly's Neil Jones shares sweet picture of morning cuddles
    News
    Hello!

    Strictly's Neil Jones shares sweet picture of morning cuddles

    Neil Jones has shared a sweet snap of himself enjoying morning cuddles with a very lucky lady in his life – his pet pooch, Crumbles! Sharing a photo of himself snuggling the adorable little dog, who is a mix of shitzu, poodle and Chihuahua, and wrote: "Morning cuddles." The professional Strictly dancer regularly shares snaps of his dog, and recently posted a photo of the puppy sat next to him after a workout, writing: "I love the Autumn Sun especially after a good workout and of course joined by @miss_crumblejones. Some would even say my hair colour is Autumn Sunset but I just call it Ginger  . The little dog even has her own Instagram page, where Neil and his wife, Katya Jones, regularly share photos of the pooch.

  • Holly Willoughby reveals clever trick to balance busy career with family life
    News
    Hello!

    Holly Willoughby reveals clever trick to balance busy career with family life

    Holly Willoughby is incredibly busy Monday to Thursday, fronting popular ITV morning show This Morning alongside her partner in crime Phillip Schofield. The star's schedule is also loaded on Wednesday evenings filming Celebrity Juice together with Keith Lemon and Fearne Cotton and soon she will travel to Australia to co-present I'm a Celebrity… Get me Out of Here!, so how does the mum-of-three manage her busy career with family life? "It's not easy and there is no perfect recipe," Holly told HELLO! at an exclusive event celebrating Diet Coke's Because I Can campaign.

  • Prince Charles and the Duchess of Cornwall's iconic polo match photo recreated on The Crown
    News
    Hello!

    Prince Charles and the Duchess of Cornwall's iconic polo match photo recreated on The Crown

    With production of series three of The Crown well and truly underway, the popular Netflix period drama is ready to focus on the early stages of Prince Charles' romance with the Duchess of Cornwall, who was then known as Camilla Parker Bowles. Actors Josh O'Connor and Emerald Fennell were recently pictured recreating the moment the royal couple were seen talking after a polo match at Cirencester Park in 1975. Both Charles and Camilla dated after meeting in 1971, but their romance ended when Charles left to serve in the Royal Navy.

  • People's vote on Brexit: everyone seems to be missing this key point
    News
    The Conversation

    People's vote on Brexit: everyone seems to be missing this key point

    Has anyone asked the EU if it actually wants the UK back now?

  • Harry and Meghan's royal tour of Fiji: all the best pictures from day one
    News
    Hello!

    Harry and Meghan's royal tour of Fiji: all the best pictures from day one

    The Duke and Duchess of Sussex arrived in Fiji on Tuesday - beginning their three-day visit to the South Pacific island. Arriving at Suva’s Nausori airport, Harry and Meghan were first greeted by Melanie Hopkins, the High Commissioner and chief of protocol, Jonetani Tagivetaua. After disembarking from their Qantas charter flight in light rain and strong winds, forcing the Duchess to hold on to her hat, the couple were introduced to the Hon Frank Bainamara, Fiji’s Prime Minister and his wife, Maria, Ro Teimumu Kepa, leader of the opposition, Alessandro Truppia, the High Commissioner’s wife and Rear Admiral Viliame Naupoto, commander of the RFMF.

  • Another princess is joining Queen Maxima and Kate Middleton at state banquet – find out who
    News
    Hello!

    Another princess is joining Queen Maxima and Kate Middleton at state banquet – find out who

    The Queen is preparing to host a spectacular state banquet for the Dutch royals at Buckingham Palace on Tuesday evening. King Willem-Alexander and Queen Maxima of the Netherlands will be reunited with their sister-in-law Princess Mabel. Mabel is the widow of the king's brother Prince Friso, who sadly died five years ago following a ski accident.

  • Couple in car that towed caravan the wrong way down a busy motorway are named
    News
    Yahoo News UK

    Couple in car that towed caravan the wrong way down a busy motorway are named

    John Norton, 80, and Olive Howard, 87, from High Wycombe, Buckinghamshire, died in the crash on the M40 in Oxfordshire.

  • Fleetwood Mac tour 2019: How to get tickets
    News
    The Independent

    Fleetwood Mac tour 2019: How to get tickets

    Fleetwood Mac have announced a European tour for June 2019, with three exclusive performances currently revealed for London, Dublin and Berlin. The tour will feature the new line-up of Mick Fleetwood, John McVie, Stevie Nicks, and Christine McVie along with newcomers Mike Campbell and Neil Finn – following the departure of Lindsey Buckingham.

  • When do the clocks go back for winter? What time and date?
    News
    The Independent

    When do the clocks go back for winter? What time and date?

    It’s that time of year again when the clocks go back for winter, gifting people an extra hour in bed. It followed years of campaigning by builder William Willett who published a leaflet called “The Waste of Daylight”, arguing that moving the clocks back in the summer would save on energy costs and give people longer to enjoy outdoors. Daylight saving time (DST) was eventually introduced by the Government the year after Mr Willett died, in a bid to save fuel during the war.

  • Who is still going to Saudi Arabia's investment conference?
    France 24 Videos

    Who is still going to Saudi Arabia's investment conference?

    Saudi Arabia's Future Investment Initiative conference gets underway in Riyadh, but without many of its high-profile speakers. Many business and political leaders have chosen to skip the event over the murder of journalist Jamal Khashoggi. We look at those who have chosen to attend despite the controversy. Also today, Italy is expected to be further reprimanded by the European Commission over its budget.

  • Britain's highest paying degrees, according to graduate salary
    News
    The Telegraph

    Britain's highest paying degrees, according to graduate salary

    Asked which degree you should take for the highest graduate salary, you may well think of Oxbridge excellence in law or economics.

  • Wonder Woman 1984 release date pushed back as Charlie's Angels reboot fills spot
    News
    The Independent

    Wonder Woman 1984 release date pushed back as Charlie's Angels reboot fills spot

    Wonder Woman 1984’s release date has been pushed back. Warner Bros – the studio behind the recent spate of DC comics-based movies – are claiming the move was made because the original Wonder Woman was released in June, and so the two dates now coincide with each other. “We had tremendous success releasing the first Wonder Woman film during the summer, so when we saw an opportunity to take advantage of the changing competitive landscape, we did,” Warners president of domestic distribution Jeff Goldstein said.

  • A wild rumor claimed Jamal Khashoggi's body had been found in a well, but Turkey's president says it is still missing
    News
    Business Insider UK

    A wild rumor claimed Jamal Khashoggi's body had been found in a well, but Turkey's president says it is still missing

    A Turkish politician on Monday floated a wild rumor that journalist Jamal Khashoggi's body was found in a well near the Saudi consulate in Istanbul. Turkish President Recep Tayyip Erdogan appeared to have shot the rumor down by saying that "no one knows" where the body is. Turkish officials have continuously leaked intelligence and made bold public statements about Khashoggi's killing.

  • How popular is Donald Trump? Latest polls, approval ratings and impeachment odds
    News
    The Telegraph

    How popular is Donald Trump? Latest polls, approval ratings and impeachment odds

    Donald Trump's approval ratings are at relatively healthy levels in the month before the mid-terms according Telegraph's poll tracker.

  • Best grammar schools in 2018 according to GCSE league tables
    News
    The Telegraph

    Best grammar schools in 2018 according to GCSE league tables

    The Tiffin Girls' School in Kingston upon Thames is at the top of the tree when it comes to GCSE performance among grammar schools.

  • Costa chief: Sale to Coca-Cola a 'win win'
    Sky video

    Costa chief: Sale to Coca-Cola a 'win win'

    Alison Brittain, boss of Costa parent firm Whitbread, says Coca-Cola has the means to take Costa and its brand values global.

  • Doctor Who's Tosin Cole: 'Seeing people who look like me on stage made me think I could do that'
    News
    Evening Standard

    Doctor Who's Tosin Cole: 'Seeing people who look like me on stage made me think I could do that'

    “I remember thinking Bradley Walsh was The Doctor,” says Cole, 26, with a laugh. Walsh — the former Coronation Street actor and host of ITV’s The Chase — instead joins Cole and Mandip Gill in the cast as one of three new side-kicks, alongside Jodie Whittaker’s Doctor. “I remember turning up to read my lines and seeing Jodie and thinking, ‘Oh, who’s this?

  • Palestinian security forces routinely torture critics, rights group says
    News
    The Guardian

    Palestinian security forces routinely torture critics, rights group says

    The Palestinian Authority (PA) in the West Bank and its political rival Hamas in Gaza regularly detain and torture critics and dissenters, Human Rights Watch (HRW) has said in a report. Both have carried out “scores of arbitrary arrests for peaceful criticism of the authorities, particularly on social media, among independent journalists, on university campuses, and at demonstrations,” the New York-based advocacy group said.

  • Take a walk on the design side when you head to LA
    News
    Evening Standard

    Take a walk on the design side when you head to LA

    This laidback neighbourhood, at the intersections of Melrose Avenue, Beverly Boulevard and Robertson Boulevard, is LA’s beating design heart. It also has the highest concentration of furniture showrooms on the West Coast — not to mention the celebrities who visit them to deck out their homes. WeHo’s Design District got a fancy design-focused hotel earlier this year with the opening of Kimpton La Peer, the fourth Los Angeles outpost of the hotel brand.

  • Hong Kong bridge: China opens world's longest sea-crossing bridge that stretches over 34 miles
    News
    Evening Standard

    Hong Kong bridge: China opens world's longest sea-crossing bridge that stretches over 34 miles

    China has opened the world’s longest sea-crossing bridge which links Hong Kong to the mainland. The 34-mile-long bridge links the city of Zhuhai to the semi-autonomous regions of Hong Kong and Macau. It includes an undersea tunnel allowing ships to pass through the Pearl River delta, the heart of China's manufacturing sector.