Some Thoughts on the Second Order Effects of Ransomware and National Security


“Everyone is entitled to his own opinion, but not his own facts.”  – Daniel Patrick Moynihan

Kevin J. Buckley retired from the Central Intelligence Agency as a member of the Senior Intelligence Service. He is a recipient of the CIA Career Intelligence Medal and served for over 24 years supporting the Intelligence collection effort in East Asia, Africa, Latin America, the Middle East, Europe and Eurasia. 

OPINION – A recent ransomware attack directed at the Colonial Pipeline Corporation resulted in the payment of a $5 million ransom (part of which has been recovered by the diligent efforts of US authorities). A second order effect of the ransomware event was the panic buying of gasoline which itself generated shortages of fuel in the affected distribution areas.  The initial ransomware attack and the resulting effect on behaviors is worth studying. As is asking the question, ‘how does it affect national security on a broader level? The

It’s safe to say that ransomware appears to be among the latest figurative plagues to befall us. According to DHS’ Cybersecurity & Infrastructure Security Agency (CISA),“Ransomware is an ever-evolving form of malware designed to encrypt files on a device…Malicious actors then demand ransom for decryption…(the actors) continue to adjust and evolve their ransomware tactics over time…”.

The lack of agreed upon and enforceable standards across the private and public sectors and the emergence of Cryptocurrencies are complicating factors. In the former, bottom-line driven business decisions may indicate that paying ransom is the least costly and most logical alternative. With the latter, Cryptocurrencies appear to exist for the potential benefit of speculators and additionally as an ideal finance vehicle for criminal enterprises.

It appears that the ransomware threat will be increasing in frequency and intensity for the foreseeable future. Former SECDEF and DCIA Leon Panetta presciently warned us of this in 2012.

At first review, the Ransomware phenomenon is just an updated extortion scheme with the goal of extracting money from victims without getting caught. It is not narrowly speaking, a deliberate terrorist event designed to demoralize, instill fear and spread distrust. However, the countries harboring the criminal gangs that engage in these attacks may come to see the potentially destabilizing effects of repeated ransomware attacks as useful, effective and malevolent terrorist tools.

Panic buying, an irrational yet entirely predictable human behavior has always been with us. Residents who live further north are often witness to the silly spectacle of panic buying whenever snow is predicted. More recently, during the early stages of the pandemic, consumers rife with fear uncertainty and misinformation engaged in extremes of panic buying that included violence in some places. This irrational, panicked, hoarding behavior is theorized to have multiple causes. The maladaptive primitive fight/flight/freeze response to perceived threats to survival may be at the root of some of it. We are no longer being stalked by

saber-toothed tigers and in truth, very little threatens our immediate survival today. That primitive response mechanism, however, is still in play. There are other variables in the mix as well and the complex chain of behavior draws the research interests across many disciplines. The most sophisticated analysis is in the area of Behavioral Economics and in particular, the work of Nobel Laureate Richard Thaler, University of Chicago, whose work explores the influence of cognition, emotion and irrationality on consumer behavior.

All behavior occurs in a context, including panic buying. Primitive survival mechanisms do not explain it all.

First, we are (we hope) emerging from a costly and painful pandemic. As a global community, we’ve experienced death, isolation, vaccine queues and massive disruption of our personal and professional lives.

Second, due in part to the ubiquitous phenomenon of social media, conspiracy theories and a rejection of hard sciences, research and solid medical advice are common. There are fringe theories, some more ludicrous than others, that influence personal decisions.

Third, a decidedly authoritarian tilt of certain political groups in society is noted. Demonizing ‘the others’, dogmatic, inflexible beliefs, elevating loyalty as the most important behavior in a cult-of-personality dynamic are at work. Most serious is the rejection of truth and facts to the exclusion of any information deemed contrary to the message.

Fourth, bad actors, both domestic and foreign, exploit and further inflame societal divisions to weaken the country or to hold onto power. The increasing risk of domestic fringe group violence is one effect (The January 6 assault on the US Capitol and the ascendancy of various white supremacist groups are exemplars here). Some want us to believe that two plus two now equals five. What is true? What is propaganda? Who can we trust?

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

As ransomware attacks increase and target public utilities, the financial sector writ large, and critical supply chains, we might expect an uptick in consumer anxiety, irrational and misdirected bouts of panic buying and a further erosion of confidence in our system of government. This could also be the cue for those domestic bad actors to use this as an excuse to assert themselves.

What to do?

Irrational behavior by consumers is a given for all of the reasons mentioned above. Appeals to logic are rarely useful to ease anxiety, fear, or anger. What might work: a collective focus on clear, calm, truthful messaging. Use the sandwich technique. Tell the audience what you are going to say, then tell them and finally tell them for a third time. Be reasonably consistent. Avoid surprises if possible as we get enough unplanned mayhem already. (Recall the recent decision by the current administration to ease up the face covering policy. While apparently scientifically sound, the surprise announcement undercut the message and gave ammunition to the naysayers.) Give people an assignment and appeal to their better angels. Be hopeful. Expect that trolls, conspiracy theorists, internet crazies and political dirty tricksters will still be hard at work.

A serious issue must be treated as such. If cybersecurity is now the Achilles heel of our era, strong leadership by words and deeds is indicated to protect, educate and reassure the citizenry. Give people something to do, an assignment to involve them collectively in a solution.

Public-private sector partnerships are vital. We should expect vitriolic pushback and resistance from the authoritarian and conspiracy theory endorsing elements who prefer an angry, easily-led electorate to a nation of critical thinkers and involved citizen. No cyber Pearl Harbor please. To be continued.

Have an expert-driven opinion to share?  Drop us a note at [email protected] 

Read more national security opinions, insights and analysis in The Cipher Brief


Leave a Reply