The state government’s computer systems are attacked 90 million times a day. Rep. Elissa Slotkin says it’s time to get serious on cybersecurity.
LANSING, Mich.—Computers are embedded in Michiganders’ everyday lives.
From the obvious things like cell phones, to less noticeable things like cars, electricity, and even washing machines, these mini computers help families along.
But they also pose a threat, and that worries security experts like Michigan’s Rep. Elissa Slotkin (D-Lansing).
“The issue of cybersecurity has seeped into the American consciousness,” she said. “They’ve hit our gas, they’ve hit our video games, they’ve hit our hot dogs. People are asking me at the ground level what we’re going to do about it and they don’t see us responding.”
Slotkin was an analyst for the Central Intelligence Agency (CIA) and served on the National Security Council for George W. Bush. She then served as Assistant Secretary of Defense for Barack Obama before moving back to Holly, where she ran for Congress.
In Congress, Slotkin serves on the Homeland Security committee, is a member of the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation and leads the Subcommittee on Intelligence and Counterterrorism.
She also holds a Secretary of Defense Medal for Outstanding Public Service.
All three examples Slotkin cited, from infrastructure to entertainment to food, fell victim to the same kind of digital threat: ransomware. What ransomware does is lock a company or government out of its access to critical information or systems until the attackers are paid a large sum of money, and sometimes the attacker will sell sensitive data to the highest bidder to further pad their ill-gotten gains.
Held for Ransom
An average Michigander likely won’t be a victim of ransomware because the gains for the attacker would be small relative to a business, but hobbling those businesses can prevent Michiganders from accessing needed products or services, endanger jobs, and wound the financial wellbeing of the community around that business. And ransomware attackers might get personal information about a company’s customers.
In 2016, Lansing’s Board of Water and Light (BWL), which is in Slotkin’s district, was hit with a ransomware attack that shut down its customer service line. It also encrypted, but not stole, customer information.
In 2019, Genesee County was victim of a severe ransomware attack. The attack was particularly aggressive and kept business at the county in a standstill for days. Even after they originally thought the program was defeated, it persisted and kept the county locked out of essential information.
Now, in 2021, the state government says it fights back about 90 million attempts to hack it’s servers every single day. This is both because of how prolific these attacks have become and the massive amount of data that state governments have on hand.
“Even if the intent behind an attack is only to steal money or hold data for ransom, the broader consequences can be enormous for our national and economic security, as we’ve seen from public panic and subsequent gas shortages in a number of states on the East Coast [after the Colonial Pipeline attack],” said Slotkin.
Worse still, cybersecurity experts are losing the battle against ransomware. These kinds of attacks have been on the rise and even when companies pay up (which they often do), not everyone gets their data back. Those payouts not only make ransomware more appealing to digital thieves, but help them fund increasingly sophisticated ransomware tools, outpacing the work of those fighting to put an end to the practice.
There are even criminal enterprises who develop and rent out the software to those looking to launch a ransomware attack but not tech-savvy enough to develop a program on their own. And that is far from the worst potential use of tools like ransomware software.
In June, President Joe Biden had a private meeting with Russian leader Vladimir Putin. MSNBC’s Morning Joe had Slotkin on to talk about that meeting given her CIA training and experience. And she did provide historical context for the conversation.
“We’ve always talked to the Russians, at the height of the Cold War we talked to the Soviets,” Slotkin said, “It’s just a good thing when nuclear powers have conversations.”
Her analysis of the meeting brought up an issue that Slotkin is deeply invested in—discussing American cybersecurity. Cybersecurity has been an issue since before the internet was widely used, with the first computer virus being confronted in the 1980s, but as the connectivity of the world grew so too did the kinds of threats faced in the digital world.
And while cybersecurity can mean things like antivirus programs for the average user, there are much more devastating threats that can impact Michiganders when organizations get targeted, Slotkin explained.
Developing a Cybersecurity Strategy
In May, Slotkin introduced a bill that would give businesses and governments tools to test how robust their cybersecurity systems are as well as introduce the National Cyber Exercise Program to test preparedness for digital threats on a national scale. This would help hone strategies when attacks like ransomware strikes.
“Cybersecurity is no longer just a ‘tech’ issue — it’s at the very heart of protecting the systems that power our daily lives as Americans,” Slotkin said in her announcement of the bill. “We have to make sure the federal government is working hand-in-glove with state and local authorities and private industry to deter these attacks and minimize their impact. This bill can be a step in ramping up that coordination, ensuring that our government is preparing for the full range of cyber threats, and providing our communities and businesses the tools they need to be secure and resilient.”
Another tactic suggested by Global Financial Markets Center executive director Lee Reiner is to crack down on cryptocurrency. Things like Bitcoin and Dogecoin, while popular among a niche audience, serve as a backbone for the ransomware economy. Because these digital currencies are notoriously hard to track, they make money laundering exceptionally easy for criminal enterprises. Although illegal activity makes up only a small portion of the cryptocurrency market, Reiner argues that regulation of those coins would be a devastating blow to cyber criminals.
“Ransomware can’t succeed without cryptocurrency,” said Reiner. “Before cryptocurrency, attackers had to set up shell companies to receive credit-card payments or request ransom payment in prepaid cash cards, leaving a trail in either case. It is no coincidence that ransomware attacks exploded with the emergence of cryptocurrency.”
The Michigan State Police Cyber Command Center has advice for Michiganders looking to strengthen their personal cybersecurity.