Cyberattacks launched by China, Iran, North Korea and Russia cost the U.S. upwards of $109 billion in 2016, according to a new Trump administration report. The White House Council of Economic Advisers figured the attacks, which aren’t limited only to foreign bad actors but also include organized crime, corporate competitors, company insiders and hacktivists, cost the U.S. at least $57 billion, the report said.
The Council, which advises the president on economic policy, said “common vulnerabilities” among organizations that make cyber attacks “difficult to anticipate.” In addition, the Council suggested that the private sector may be under-investing in cyber security. Viewed through a wide lens, it’s cyber attacks on companies in critical infrastructure sectors that could have the largest negative impact on the overall economy, according to the report.
Here are some of the report’s highlights (the full report is here):
- Malicious cyber activity directed at private and public entities manifests as denial of service attacks, data and property destruction, business disruption (sometimes for the purpose of collecting ransoms) and theft of proprietary data, intellectual property, and sensitive financial and strategic information.
- Damages from cyber attacks and cyber theft may spill over from the initial target to economically linked firms, thereby magnifying the damage to the economy.
- Firms share common cyber vulnerabilities, causing cyber threats to be correlated across firms. The limited understanding of these common vulnerabilities impedes the development of the cyber insurance market.
- Scarce data and insufficient information sharing impede cyber security efforts and slow down the development of the cyber insurance market.
- Cyber security is a common good; lax cyber security imposes negative externalities on other economic entities and on private citizens. Failure to account for these negative externalities results in under-investment in cyber security by the private sector relative to the socially optimal level of investment.
- Cyber attacks against critical infrastructure sectors could be highly damaging to the U.S. economy.
The Council concluded that effective measures to combat cyber attacks by the public and private sectors would boost domestic GDP growth. “However, the ever-evolving nature and scope of cyber threats suggest that additional and continued efforts are critical, and the cooperation between public and private sectors is key,” the report said.
U.N. Seeks Cyber Warfare Rules
Meanwhile, U.N. Secretary General Antonio Guterres called for global regulations to reel in the damage to civilians from cyber attacks, Reuters reported. In remarks delivered Monday at his alma mater Lisbon University, Guterres reportedly said that no “regulatory scheme,” such as the Geneva Convention or international law, yet applies to cyber warfare.
“Episodes of cyber warfare between states already exist,” he said. “I am absolutely convinced that, differently from the great battles of the past, which opened with a barrage of artillery or aerial bombardment, the next war will begin with a massive cyber attack to destroy military capacity... and paralyze basic infrastructure such as the electric networks.”
Guterres said the United Nations could serve as a platform for governments to frame rules that keep the internet “an instrument in the service of good.” His words were well timed. Last week, U.S. Special Counsel Robert Mueller indicted 13 Russians on charges of meddling in the 2016 presidential election by planting bogus information on social media.