Interview with ‘Virtual Terror’ Author Daniel Wagner
Daniel Wagner is is the Founder of Country Risk Solutions and Managing Director of Risk Cooperative. He has three decades of experience managing cross-border risk, including 15 years of underwriting experience with AIG, GE, the Asian Development Bank, and World Bank Group. Daniel has lectured at more than 15 universities around the world, is a regular speaker at conferences, and a frequent commentator on global affairs in visual media.
He has authored four books – Virtual Terror, Global Risk Agility and Decision Making (co-authored), Managing Country Risk, and Political Risk Insurance Guide — and has published more than 500 articles on current affairs and risk management in a plethora of platforms.
Following the release of his latest book, Virtual Terror, I reached out to Wagner to talk about his book and cybersecurity in general. Our interview, conducted over email, has been edited for flow, is below.
First and foremost, what inspired you to write your new book, Virtual Terror: 21st Century Cyber Warfare?
I surveyed some of the literature on cybersecurity and felt that much of what I read was dated and based on conventional definitions of terrorism. The cyber arena has changed all that. I have crafted a new definition for cyberterrorism (“Virtual Terrorism”) and put some real thought into writing a book that educates people on what the phenomenon is really all about. My view is that the best way to fight it is to help ensure that as many people as possible understand what it is, what some of the challenges are in fighting it, and what can we do about it. The subjects covered in the book range from governments and the private sector to drones and robots to social media and some psychological implications of cyberterrorism.
80% of North Korea’s missile tests have failed, with a lot of those failures being attributed to American hackers. How soon do you think it will be before major military powers like the US and China have to worry about their deadly hardware being hacked and used in terrorist attacks?
Regarding North Korea, it is really a testament to what the Kim regime has achieved that it has endured so much in the way of sanctions and anti-missile hacking and has still been able to successfully create a nuclear weapons program and test intercontinental ballistic missiles. One of the characteristics of Virtual Terrorism is that it allows countries like North Korea (and Iran) to punch well above their weight in the cyber arena, and conduct their own form of ‘diplomacy’ on the cyber battlefield. These countries have already attacked the US and other countries – all countries with the capability to do so, do so. The real challenge is to be able to identify when such cyberattacks occur, and then to be able to block them. It’s an ongoing battle.
A rogue actor could potentially kill thousands of hospital patients by shutting down their power or threaten mass starvation by knocking out the food supply chain’s servers and equipment. Will civil infrastructure e-terror attacks become commonplace in the near future?
As is discussed in the book, the medical profession endures a significant portion of cyberattacks. The personal information medical services routinely require from patients makes it a target rich environment. Hospitals have already been the subject of numerous ransomware attacks, and they often pay the ransom because critical infrastructure necessary to operate and sustain life has been threatened or forced to stop functioning. It is a certainty that more and more civil infrastructure will become the subject of cyberattacks in the future. The question really becomes, whether any type of infrastructure is safe from cyberattacks?
How big a threat are hackers to electronic payment systems like PayPal & e-currencies like Bitcoin? Are they no more of a nuisance than bank robbers or could they potentially steal billions at a time from companies and consumers?
Financial services are also, not surprisingly, the target of frequent cyberattacks, despite the billions of dollars banks around the world spend in an effort to achieve cyber resiliency. If sophisticated hackers want to target any e-payment system or crypto currency, they can do so. Given the amount of money at stake, there is little reason to believe they would not become a target going forward. It has been estimated that the cybercrime ‘business’ is already larger than the global drugs trade, which is itself a multi-trillion-dollar business. Cybercriminals have already successfully stolen hundreds of millions of dollars from the sector.’
In the concluding chapter of your book, you talk about imposing legal liabilities on software companies whose software gets hacked. Where would you draw the line on this complex, amorphous issue?
This is a great example of how the nexus between the lobbying business in Washington can end up making an already difficult challenge even worse. It is the desire of software companies and other firms in the cyber sphere to avoid legal liability in general that prevents more progress from being made in crafting a more robust response to virtual terrorists. My view is that it is incumbent upon these developers to take greater responsibility when things go wrong with their products. If they are doing their jobs well, the likelihood of being attacked would be greatly reduced. If their products are knowingly produced with flaws, it seems reasonable to me that they be held to account. That said, they cannot be held responsible for every instance of hacking, or for product flaws that were not known when they were produced. As is often the case with ‘the law’, we should seek to introduce the concept of reasonableness in an attempt to get everyone to agree to a more palatable approach to this important issue.
What advice would you give to lawmakers & law enforcement officials wishing to crack down on The Deep Web’s international contraband markets?
I was heartened to learn, earlier this summer, that the US government had closed AlphaBay – one of the largest and best known “Dark Web” marketplaces. It illustrated that it is indeed possible to crack down on thriving underground marketplaces. The issue boils down to how many resources can be devoted to fighting a single marketplace, how the Dark Web can be monitored, and whether meaningful laws can be crafted and enforced. This evolving landscape is so broad and deep that it is tough to imagine them all being shut down, but I would certainly like to see more, and additional significant marketplaces, similarly shut down to force both buyers and sellers to modify their sales and purchasing habits.
You briefly mention the fact that AI will revolutionize the labor force. Will AI merely enhance the average worker’s experience & create new job opportunities like in The Jetsons, create unparalleled income inequality like in Elysium, or wipe out all work and create a race of infantilized humans like in Wall-E and The Time Machine?
I should think it will be some combination of the three, with varying degrees of labor force penetration by sector and job type. While I do not believe that AI will ‘wipe out’ work, I do think there is every reason to believe that it will ultimately make humans generally less essential to getting things done. In the book I discuss the dangers of hacking robots, drones, and AI. Anything linked to the Internet can be hacked, so as AI becomes more prominent and more powerful, the potential ramifications of such hacks have frightening implications.
You mentioned in passing China’s “social-credit system.” Can you go more in depth about what it tried to accomplish and why it failed?
China is attempting to create a system in which it ‘knows all’ about its citizens – from their spending habits to their political persuasions – and it is doing so by combining data with extremely personal applications. While currently being deployed on a limited basis, the Chinese government intends to roll the idea out nationwide. Since India’s Aadhaar national electronic identification system has been successfully used to register more than one billion Indians in a central electronic data system, there is no reason to believe that the Chinese government’s intentions in this regard cannot be achieved. Earlier versions of the social credit system failed for a variety of reasons, but the government intends to learn from earlier mistakes to generate a system that is even broader in scope.
How does China’s Great Firewall work?
China’s censorship system, known as the Great Firewall (also known as the Golden Shield), is its effort to attempt to restrict the free flow of information in and out of the country via the Internet. The Chinese government is doubling down on its effort to maintain control of the Internet within its borders, while also endeavoring to increase the amount of control it has over the Internet outside of its borders.
How can VPNs (virtual private networks) help individuals protect the online security of individuals?
Millions of Chinese citizens have for years circumvented the Great Firewall by using a VPN, which allows unfettered access to any website…The Chinese government will completely block access to much of the Internet inside the country as part of its effort to suppress dissent and maintain the Chinese Communist Party’s control on power. In 2017, the government ordered China’s three telecommunications companies—China Mobile, China Telecom, and China Unicom (all state-owned)—to block access to VPNs by February 2018.
What are the particular benefits of VPNs for people in Internet-censored countries like China and Saudi Arabia?
Individual Internet users can benefit from use of a VPN to circumvent government censorship or connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology.