Home Editor's Choice Editorial: What the hack?

Editorial: What the hack?

It’s no secret nor news that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They often make headlines for a few days, but they’re just the newsworthy tip of an enormous iceberg. This week we have seen how the PN systems have been hacked and held to ransom, with sensitive information at stake.

The PN said on Monday that some of its data could have been stolen in a cyber-attack. On Tuesday, the operators of Avaddon Ransomware, the group that is purportedly behind the attack, said it is in possession of “company financial data, salary payments, employees’ personal documents, banking, private client data, payment documents and much more. Some of the data has already been published on the dark web. These include employee details and passport photos. The group said it would give the PN 240 hours to “communicate and cooperate with us.”

“If this does not happen before the time counter expires, we will leak valuable company documents,” it said. It also warned that it would mount a DDoS attack on the PN’s IT system. Such attacks cripple websites by overwhelming them with data.

One could ask how we arrived here. In general, hacking experts state, the primary reason computers are insecure is that most buyers aren’t willing to pay — in money, features, or time to market — for security to be built into the products and services they want. As a result, we are stuck with hackable internet protocols, computers that are riddled with vulnerabilities and easily penetrated networks.

The risks are about to worsen because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve.  Emerging artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems and then exploit them at unprecedented speed, scale, and scope. Most of these hacks don’t even require significant research breakthroughs in AI. They’re already happening. As AI gets more sophisticated, though, we often won’t even know it’s happening.

The solution isn’t a quick fix. After all, the internet isn’t just in Malta. Research indicates we need standards to ensure that unsafe products don’t harm others. We need to accept that the internet is global and regulations are local and design accordingly. These standards will include some prescriptive rules for minimal acceptable security.

No industry has significantly improved the security or safety of its products without the government stepping in to help. Cars, aeroplanes, pharmaceuticals, consumer goods, food standards, medical devices, workplaces, restaurants, and, most recently, financial products — all needed government regulation in order to become safe and secure. Perhaps it is high time for the government to step in and regulate this increasingly dangerous space, even if the shoe is on the other foot.