INDIANAPOLIS — If you knew what U.S. Sen. Dan Coats knows, you’d think twice before sending that next email.
What the Indiana Republican knows about the woeful state of cybersecurity, from his role on the super-secretive Senate Select Intelligence Committee, might blow your mind.
Or at least make you put away your smartphone and credit card, pay with cash and meet people in person, as he does.
An avalanche of high-profile hack attacks over the past few months — from the no-longer private emails of Sony Pictures executives to the breach of records at Anthem Inc. — is just a fraction of the bad stuff known to have happened, he said.
Coats isn’t paranoid, but these days he taps into his training for the diplomatic service — he was U.S. ambassador to Germany — when he talks about how we could better protect our privacy with more discretion and less public sharing.
“It’s that old spy remedy of, ‘Let’s go take a walk in park,’” he said. “I think about that all the time.”
Coats is briefed at least weekly by the National Security Agency on terrorist threats to the nation. The details are classified, but their nature is not.
“Cyberthreats have moved to the No. 1 spot as the most direct threat to America,” Coats said.
Americans got a glimpse this month when hackers infiltrated the networks of Anthem, the insurance giant based here. More than 80 million financial records were sucked out Anthem’s systems, reportedly by a sophisticated program that the cybercrooks used to access to the login credentials of an employee.
That’s bad, Coats says, but not as bad as what he fears will happen when the next polar vortex takes a paralyzing hit. He envisions hackers breaching infrastructure, cutting off the water supply, communications or the electric grid. It would surely cause physical destruction and loss of life, he warns.
“Then we are really at war,” he said.
Coats’ fears don’t surprise Indiana Attorney General Greg Zoeller. Both he and Coats have spent years working on different foils for hack-attackers, who can be slowed but not likely stopped.
Zoeller’s office worked quickly to get information to Anthem customers on how to put a credit freeze into place. He’s called on lawmakers to require companies to quickly report security breeches and stop collecting and keeping so much of their customers’ personal and financial data.
Like Coats, Zoeller doesn’t have to be convinced the threat is real. Not long ago, he fell for a scammer disguised as an online Microsoft repairman promising to kill the viruses on his home computer.
Zoeller figured out it was an attack before it was too late. The threat appeared to originate out of the country, maybe in India, beyond Zoeller’s jurisdiction.
“I can’t fix what needs a federal approach,” he said.
There was a recent glimpse of that in Washington, when President Barack Obama acknowledged the threat with an executive order encouraging the private sector to share information about threats with each other and with the government.
But more is needed. Coats has long worked on bipartisan legislation to beef up cybersecurity standards and compel breached businesses to work with government agents to ferret out the cybercriminals, home and abroad.
The bill’s been paralyzed in the past by partisan gridlock plus opposition from anti-regulatory advocates as well as big-business lobbyists, telephone companies and utilities loathe to reveal their breaches. But Coats is convinced he’ll soon see movement.
“We’re close, very close,” he said.
That cheers him, he said, but only so much.
Asked if it’s possible to truly defeat cyberterrorists, Coats is cautious.
“It’s a chess game,” he said. “We make a move, they make a move. We make a countermove and they make countermove. We just need to be one move ahead.”
Maureen Hayden is statehouse bureau chief for CNHI newspapers. Send comments to [email protected].