WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week.
There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet’s development. The reason for making this connection is because they provide the way to get the global cyber threat under control. Not just to keep ourselves and our vital systems and services protected, but to reverse the erosion of trust in the Internet.
The attack impacted financial services, hospitals, medium and small size businesses. It was an attack that will also impact trust in the Internet because it immediately and directly impacted people in their day-to-day lives. One specific environment raises everybody’s eyebrows: Hospitals.
Let’s share a few takeaways:
On Shared Responsibility
The solutions here are not easy: they depend on the actions of many. Solutions depend on individual actors to take action and solutions depend on shared responsibility.
Fortunately, there are a number of actors that take their responsibility. There is a whole set of early responders, funded by private and public sector, and sometimes volunteers, that immediately set out to analyze the malware and collaborate to find root-causes, share experience, work with vendors, and provide insights to provide specific counter attack.
On the other hand, it is clear that not all players are up to par. Some have done things (clicked on links in mails that spread the damage) or not done things (deployed a firewall, not backed up data, or upgraded to the latest OS version) that exaggerated this problem.
When you are connected to the Internet, you are part of the Internet, and you have a responsibility to do your part.
On proliferation of digital knowledge
The bug that was exploited by this malware purportedly came out of a leaked NSA cache of stockpiled zero-days. There are many lessons, but fundamentally the lesson is that data one keeps can, and perhaps will, eventually leak. Whether we talk about privacy related data-breaches or ‘backdoors’ in cryptography, one needs to assume that knowledge, once out, is available on the whole of the Internet.
Permissionless innovation
The attackers abused the openness of the environment – one of the fundamental properties of the Internet itself. That open environment allows for new ideas to be developed on a daily basis and also allows those to become global. Unfortunately, those new innovations are available for abuse too. The uses of Bitcoins for the payment of ransom is an example of that. We should try to preserve the inventiveness of the Internet.
It is also our collective responsibility to promote innovation for the benefit of the people and to deal collectively with bad use of tools. Above all, the solutions to the security challenges we face should not limit the power of innovation that the Internet allows.
Internet and Society
Society is impacted by these attacks. This is clearly not an Internet-only issue. This attack upset people, rightfully so. People have to solve these issues, technology doesn’t have all the answers, nor does a specific sector. When looking for leadership, the idea that there is a central authority that can solve all this is a mistake.
The leadership is with us all, we have to tackle these issues with urgency, in a networked way. At the Internet Society we call that Collaborative Security. Let’s get to work.
See also: