Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in Panama (the “Panama Papers”) opened the window into offshore holdings of individuals and companies, and showed the high cyber risk law firms bear. A new type of Distributed Denial of Service (DDos) attack, using tens of thousands of Internet of Things (IoT) devices, took down a significant part of the US internet infrastructure for hours. Hospitals, police departments, and many companies and individuals were the subject of ransomware attacks – and many of those learned how to obtain Bitcoins to get their data and systems back. Attacks on banks using the SWIFT network resulted in over $100 million in thefts from banks, and concerns about the security of the underpinnings of the financial system as a whole. Yahoo! announced two breaches, with the second resulting in the disclosure of information on over 1 billion accounts. The National Security Agency (NSA) was reportedly hacked by a group called the Shadow Brokers (perhaps a Russian group), who stole secret NSA hacking tools and put them up for sale. Portions of the Ukrainian power grid were taken off-line in winter by a cyber-attack – for the second time. A cyber-attack against a UK Bank, Tesco, resulted in millions of dollars stolen from accounts. The list goes on and on.
Cybersecurity professionals are fighting an uphill battle. There is little to no regulation on cybersecurity. The strongly negative response by the financial services companies to the New York Department of Financial Services (NYDFS) proposed Cybersecurity Regulation shows that consistent regulation in this area is unlikely in 2017 – although a revised NYDFS Cybersecurity Regulation is expected on December 28. Critical infrastructure in the United States and around the world is at risk. For example, reports of malware on control systems that controls peortions of the energy systems and electric grid abound. The worry is that 2017 will be the year of some cyber event where some institutions are crippled, and perhaps where large numbers of people will be injured or killed. With the increase in IoT devices with poor or no security, the advances in cyber attack capabilities, including the sale of those capabilities as services (Phishing as a Service was reported in 2016), and the lack of official standards and requirements for cybersecurity, together with increased international political tensions and terrorist ambitions, the possibility of a major cyber event is increasing. The Great Fire in Boston in 1872, the Great Fires in London in 1212 and 1666, the Great Fire in Chicago in 1871, the Great Fires in New York City in 1776 and 1835, and the Great Fire in Tokyo in 1923, among others, led to substantive building and fire codes in most of the world. Many experts worry about the Great Cyber Fire.