Warnings of a “Cyber Pearl Harbor” attack on the critical infrastructure of the U.S. have been issued by a parade of experts and high-level government officials for decades. And given events of the past several months — major ransomware attacks on both fuel and food suppliers — those warnings seem both prescient and more urgent now.

But what hasn’t been a component of those warnings is that the U.S. might not be able to tell if a major cyber event that took down a significant portion of the nation’s critical infrastructure was simply a catastrophic accident or a malicious attack…


There are multiple reasons why the U.S. is in the grip of a ransomware tsunami.

Ransomware attacks are relatively easy because so many organizations have software with exploitable vulnerabilities.

It’s lucrative. Encrypt the data of your victim (also steal it for further blackmail leverage) and walk away with tens of thousands to millions of dollars after they pay you for the decryption key and a promise not to post their data online.

It’s relatively risk-free. A majority of the most devastating ransomware attacks are committed by perps beyond the reach of U.S. law enforcement, operating in hostile nation states. It’s…


Software can make you or break you.

It’s made the creators of Microsoft, Google, Amazon, Apple, Facebook Twitter, and many others into billionaire tech titans.

But when software has exploitable defects, it can make cyber criminals rich while devastating victims ranging from individuals to public and private organizations to the critical infrastructure that modern societies need to function.

Exhibit A this month in the “break-you” category is the July 2 ransomware attack by the Russian hacker group REvil against Kaseya Ltd., a Miami-based company that supplies software to other businesses to help manage their networks.

Part of managing networks is…


For a while, it looked like CD Projekt Red might have the last laugh on video game critics who mercilessly savaged the company’s release last December of Cyberpunk 2077 over its rampant security and quality bugs.

Not that the criticism was undeserved. A week after the release, Sony removed the game from its PlayStation Network. PlayStation and Xbox, along with GameStop and Best Buy, offered full refunds.

It rapidly became a punch line — many punch lines — thanks to glitches that ranged from maddening to hilarious. …


It’s no surprise that McDonald’s is an attractive target for hackers. The iconic burger chain is the world’s second-largest employer, after Walmart, with 1.7 million employees in 39,000 locations across 100 countries.

Its assets are worth more than $33 billion but its brand value is more than four times that, at $143.8 billion, the seventh highest of all U.S. corporations. Its annual revenue is more than $21 billion.

It long ago gave up bragging about how many hundreds of millions of customers it has served — now if it mentions it at all it’s just “billions and billions.”

That’s a…


Nathan Van Buren, an ex-cop from Cumming, Georgia, probably doesn’t see himself as a crusader for the rights of computer security researchers, investigative journalists, and activists.

He’s just been trying to stay out of jail for the past three years.

But in managing to do so through a successful appeal to the U.S Supreme Court, his case has become cause for widespread celebration by long-time critics of the Computer Fraud and Abuse Act (CFAA).

Van Buren is an inadvertent hero — there’s no dispute that he did something wrong. According to the U.S. Attorney’s office for the Northern District of…


To the average person, “intelligent orchestration” might sound like what a conductor does to make sure the clarinets don’t stomp all over the violin solo at the New York Philharmonic. If music is going to sound good, have meaning, and generate an emotional response, all the instruments have to work together in harmony. The musicians have to play the right notes at the right time.

That applies to more than music. …


A wake-up call? Seriously?

That would imply that anybody who has anything to do with critical infrastructure in the U.S. could have been blindsided by the recent ransomware attack on the Colonial Pipeline.

But the attack that led to the shutdown of nearly half the fuel supply — gasoline, diesel, jet fuel and heating oil — to the East Coast for almost a week, causing panic buying and major price spikes, shouldn’t have surprised anybody. Not unless they hadn’t been paying attention for the past several decades.

That’s how long it’s been since the start of a steady stream of…


For the past year-plus, the main goal of the U.S. public education establishment has been to keep teachers and students safe from the virus — the coronavirus.

Which is indeed a top priority. But there are other viruses and infections targeting schools as well — the digital kind — that have spiked during the pandemic. And while they aren’t physically lethal, they can disrupt online classes, hold school departments for ransom, and steal the personal and financial data of students, teachers and staff.

Cyber criminals are, after all, opportunistic. And they are disciples of that political axiom originally attributed to…


The fight against ransomware is going global — maybe.

An 81-page report released late last month by the Institute for Security and Technology’s Ransomware Task Force (RTF) and backed by dozens of tech organizations including giants like Microsoft, Cisco, Amazon Web Services, and FireEye, is calling for a public/private coalition to “disrupt the ransomware business model,” which it says has become “an urgent national security risk around the world.”

Among the government agencies represented in the RFT are the U.S. Department of Justice, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Secret Service, the FBI, Europol…

Taylor Armerding

I’m a security advocate at the Synopsys Software Integrity Group. I write mainly about software security, data security and privacy.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store