An underworld of anonymous platforms and cryptocurrency dealing is placing new pressures on infrastructure stakeholders.
An exciting new dawn may be rising for global infrastructure, with governments sharpening their focus on investment as a path to economic growth and new technologies creating innovative ways to accelerate development and control costs. But as the horizon brightens, new threats are emerging beneath the cover of the dark web.
The alarming reality is that, as the infrastructure world continues to embrace opportunities for remarkable current-day approaches and capabilities, the dark web is providing a covert, decentralised, unregulated `black cybermarket'
Today's infrastructure systems are becoming digitally interconnected and automated as never before. There is increasing reliance on sophisticated, often remotely managed, industrial control-system architectures designed to manage infrastructure via networked computers and data communications. Sounds complex? It can be.
Simply put, our infrastructure is now computerised and networked - an interconnected digital web controlling everything from transportation, telecommunications and power utilities to healthcare, financial systems and the internet itself. At the same time, a sordid array of anonymous hackers-for-hire, cybercrime syndicates
The dark web's threat to critical infrastructure is real and rising. And the currency of choice that's keeping cyber-mercenaries in business is Bitcoin and countless other virtual currencies in circulation - each anonymously held and exchanged for illegal services rendered. Ransomware attacks illustrate just how well cryptocurrency serves as the ideal tool for dark web cybercrime to flourish, protecting perpetrators under a cover of anonymity as they demand these currencies from victims and then cash in the proceeds undetected.
“The ability of cybercriminals to trade information, collaborate on projects or pay for attacks is much greater than it used to be as a result of the dark web and the unregulated environment and anonymous transactions it provides today,” says Professor Talis Putnins, a professor of finance and co-author of Sex, Drugs and Bitcoin: How much illegal activity is financed through cryptocurrencies?
“The exchange of information on how to engage in illegal activity is greater than ever and allowing many types of illegal behavior and transactions to go a little more mainstream. It takes the threat beyond a handful of highly specialised, well-trained computer scientists to include many more players, dramatically broadening the pool of people engaged in cybercrime.”
Should we view last year's WannaCry ransomware cyberattack - crippling hospitals, banks and businesses around the globe - as a harbinger of what's to come for infrastructure? Perhaps so when you consider, as just one example, the emerging potential for dark web cybercriminals to access today's rapidly advancing transportation infrastructure. Authorities have already warned of this possibility. Or consider a scenario in which a major urban center is paralysed by hackers disabling an entire network of traffic signals.
The possibilities are alarming, disturbing and increasingly real as the threat to interconnected infrastructure systems widens and advances. Witness recent terrorist attacks on so-called `soft targets' in places like Canada, the UK, Spain, Sweden, Germany and France, forcing authorities to rethink how they secure today's mass transit, public spaces and heavily
Unfortunately, no sooner do law enforcement and authorities marshal enough resources to train some light onto the dark web's cybercrime marketplace, organised cybercriminals are already pursuing sophisticated new methods and platforms. The problem becomes a rapidly moving target that authorities have struggled to keep up with so far.
The closure of the so-called Silk Road is a classic example. The online black market serving as a platform for illegal drug sales was shut down by the FBI in October 2013. By early November 2013, Silk Road 2.0 came online, run by former administrators of Silk Road. It, too, was shut down, but that murky ecosystem's remarkably quick re-emergence illustrates the challenges facing law enforcement and authorities today - not to mention critical infrastructure owners, operators and stakeholders.
While a trend toward increased investment to improve cybersecurity and combat criminals targeting infrastructure is underway, efforts to strengthen
We've moved quickly from yesterday's `IT issues' - involving servers, networking gear, local IT infrastructure, PCs, laptops, tablets
Regulators are increasingly concerned and playing catch-up amid the confusion that has reigned over the explosion of digital currencies in circulation globally and across the dark web.
“Regulators and governments have so far been bamboozled by digital currencies, unsure whether to treat them as personal assets, derivatives, shares or investment schemes,” says Kate Allman, a multimedia journalist at the Law Society of New South Wales who authored an article titled The Dark Side of Bitcoin. “But there is definitely a sense of urgency to exert a greater level of control and authorities are closing the gap thanks to the focus they are placing on digital currencies and their illegal uses on the dark web.”
The good news for authorities, and an increasing area of
Meanwhile, the World Economic Forum has proposed global cryptocurrency strategies that include: enforceable new international rules; virtual currency providers verifying who their customers are; creation of an international e-forfeiture fund to combat money laundering; and modernising existing authorities like the Financial Action Task Force (FATF).
The FATF is a global policy-making body whose stated objective is to set standards and promote
President Santiago Otamendi says that among the FATF's network of 204 countries and jurisdictions, all are committed “at the highest political level” to implementing FATF recommendations. He adds that financial innovation in the form of cryptocurrencies carries new risks that must be mitigated to ensure they are not abused.
“The cross-border nature of this new industry requires a global response,” he says. “So far, there has been a wide range of government responses. This has resulted in a patchwork of regulatory approaches, which is increasing the risk of money laundering and terrorist financing. In the coming months, with the support of the G20, the FATF will review its guidance on virtual currencies - or crypto assets - and consider if changes to its recommendations are necessary.”
The caveat on managing
While regulators and law enforcement are zeroing in on organised cybercriminals and working to shrink their dark web playing field, it's time for infrastructure owners, operators and stakeholders to step up their game as well.
Unfortunately, we still see an alarming gap between the risk perception of regulators versus that of infrastructure players, many of whom seem unable to acknowledge the severity of today's threats from organised cybercriminals and nation states. In KPMG International's 2018 CEO Outlook, we saw only 14 percent of 79 CEOs say that
That's a serious disconnect that has authorities in many cases worried about the potential for catastrophic - and life-threatening - disruption of sprawling infrastructure systems. There's no more time to lose for infrastructure owners, operators, stakeholders and future investors to become better informed and more closely aligned, in order to respond strategically to today's and tomorrow's risk realities. A new way of thinking is needed now. A wait-and-see stance will only court disaster that puts public safety and lives at risk.
In Europe, the NISD - Network and Information Security Directive - is just coming into law across the continent, placing new cybersecurity obligations and best practices on critical national infrastructure providers. It essentially introduces
If we are to see infrastructure's full emergence into a bright new era of progress and advancement, an informed and strategic approach to security should be at the top of the agenda for everyone involved.
Every infrastructure sector needs to take a more aggressive and strategic stance today to ensure that increasingly complex and interconnected infrastructure systems are adequately safeguarded. This includes: