In global finance — money talks. Over the past decade, the true believers of the cryptocurrency revolution have turned what was once considered an oddball nerdy concept in the financial world into the next trillion-dollar asset class.
These true believers were considered fringe technologists — although coming from varied sometimes non-tech backgrounds, they clung to the hope of their Bitcoin investments paying off.
Today, Bitcoin is soaring to new heights — surpassing $US40,000 ($F81,079) per coin and pulling in a stampede of followers from mainstream finance and society.
Last week, Bitcoin had actually surpassed Facebook in market cap Makes sense that a digital money network would be more valuable than a digital social network. People have been steadily losing faith in their government currencies for years, and the monetary policies resulting from the economic impact of COVID-19 have only accelerated this decline.
The point is well made that with the central banks pushing low rates and ignoring the potential for inflation at the moment, there is every potential for the purchasing power of the dollar to decline. In developed nations, writing stimulus cheques — effectively paying money for no work — can also diminish the purchasing power of currency.
At other times in history when the purchasing power of currency fell — such as the 1970s when oil prices spiked and inflation was high — it can be a good investment option to hold real assets such as gold, commodities, real estate and shares. Bitcoin has joined this group! Over the past year, the gravity-defying stock market has given most investors a reason to smile, but none are smiling wider than Bitcoin holders.
While the major stock markets have jumped 20 per cent from the start of January 2020 through January 11, 2021, Bitcoin has spiked 400 per cent in that same time, breaching $US40,000 a coin and sweeping other digital assets into its rising tide. All cryptocurrencies collectively are worth more than $US1 trillion ($F2.03t), although this fluctuates.
One key factor driving the frenzy: As COVID-19 led the central banks to print trillions of dollars to stimulate their economies and head off a recession, investors increasingly saw Bitcoin as a hedge against inflation.
Unlike the 2017 Bitcoin price spike from $US1000 ($F2026) to $US19,000 ($F38,499), which was driven by retail investors, the recent upsurge has been propelled by large institutional investments and a proliferation of ways to buy and store cryptocurrency securely.
I foresee Bitcoin breaking the $US100,000 ($F202,627) mark in the next couple of years as financial markets adjust to cryptocurrencies and Bitcoin mining also slowly reaches its limits – the total supply of Bitcoin is 21 million with about 18.5 million mined to date! Back to the SolarWinds hack — the information that is emerging about Russia’s extensive cyberintelligence operation against the US and other countries should be increasingly alarming to the public.
The magnitude of the hacking, now believed to have affected more than 250 US federal agencies and businesses — primarily through a malicious update of the SolarWinds network management software — may have slipped under most people’s radar during the holiday season, but its implications are stunning. Although there has been some talk of retaliation there really isn’t much the US can do beyond what it already does.
Cyberespionage is business as usual among countries and governments, and the United States is also aggressively offensive in this regard. The more realistic approach is to ramp up on cyber defences.
The initial focus will likely be on how to clean the hackers out of compromised networks and perhaps even investigating why the NSA, US Cyber Command and others failed to detect this intrusion.
Although these results will unlikely be made public as they impact National Security. Software has become incredibly complicated. Most of us don’t even know all of the software running on our laptops and smartphone – most of it just came with the device!
We don’t know where it’s connecting to on the internet — not even which countries it’s connecting to — and what data it’s sending. We typically don’t know what third party libraries are in the software we install.
And we’re rarely alone in our ignorance. Finding out is incredibly difficult.
This is even truer for software that runs our large government networks, or even the internet backbone itself. Government software comes from large companies, small suppliers, open source projects and everything in between — usually the lowest bidder! Obscure software packages can have hidden vulnerabilities that affect the security of these networks, and sometimes the entire internet.
Russian intelligence’s hacker teams leveraged one of those vulnerabilities when it gained access to SolarWinds’ update server, tricking thousands of customers into downloading a malicious software update that gave the Russians access to those networks. The fundamental problem is one of economic incentives. The market rewards quick development of products and new features.
It rewards spying on customers and users: collecting and selling individual data. The market does not reward security, safety or transparency. It doesn’t reward reliability past a bare minimum, and it doesn’t reward resilience at all. This is what happened at SolarWinds.
An initial report noted the company ignored basic security practices. It moved software development to Eastern Europe, where Russia has more influence and could potentially subvert programmers, because it’s cheaper. Short-term profit was seemingly prioritised over product security. Companies have the right to make decisions like this.
The real question is why the US government and industry leaders bought such shoddy software for its critical networks. To reiterate, software is now critical to national security.
Any system for acquiring software needs to evaluate the security of the software and the security practices of the company, in detail, to ensure they are sufficient to meet the security needs of the network they’re being installed in. These must also come with substantial penalties for misrepresentation or failure to comply.
The government needs detailed best practices as standard for government and other companies. This scrutiny can’t end with purchase. These security requirements need to be monitored throughout the software’s life cycle, along with what software is being used in government networks. None of this is cheap, and we should be prepared to pay more for secure software.
This is important, but it isn’t enough. We need to set minimum safety and security standards for all software: from the code in that Internet of Things (IoT) device you just bought to the code running our critical national infrastructure.
It’s all one network, and vulnerability in your coffee maker’s software can be used to attack the national power grid! Long gone are those idyllic days when we can let the software industry decide how much emphasis to place on security.
Software security is now a matter of personal safety: whether it’s ensuring your car isn’t hacked over Internet WiFi or that the national power grid isn’t hacked by the Russians or even accidently by some kid playing around in some part of the world!
This regulation is the only way to force companies to provide safety and security features for customers — just as legislation was necessary to mandate food safety measures and require car manufacturers to install and mandate the use seat belts. Smart regulations that incentivise innovation create a market for security features. And they improve security for everyone.
It’s true that creating software in this sort of regulatory environment is more expensive. But if we truly value our personal and national security, we need to be prepared to pay for it.
The truth is that we’re already paying for it in kind! Today, software companies increase their profits by secretly pushing risk onto their customers. We pay the cost of insecure laptops and Smartphone, just as the US government is now paying the cost to clean up after the SolarWinds hack. Fixing this requires both transparency and regulation.
And while the industry will resist both, they are essential for national security in our increasingly computer- dependent worlds. As always be blessed and stay safe and secure in both physical and digital worlds.
Ilaitia B Tuisawau is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati. com
