A Paranoid Person’s Guide to Preparing for Digital Danger
What if the lights go out? Or A.T.M. networks go down? Or digital giants like Google that I trust with vital information come under attack?
These are normal questions to have right now, as Russian tanks move through Ukraine and upend our expectations of global stability. After all, Russia and those who might act on its behalf have already shown the ability to strike our digital infrastructure, and we don’t know what President Vladimir V. Putin might be willing to do if escalating sanctions make him feel cornered.
But first, let’s be clear about one thing: There’s no sign of immediate danger to you. That’s not true for people who live in Ukraine or have had to flee, so consider helping them first if you can.
National security officials say there have been no specific, credible cyberthreats against the United States homeland. The United States also maintains its own extensive cybercapabilities, including forays into the Russian electrical grid, that could make Mr. Putin wary of setting off a kind of mutually assured disruption.
However, the federal Cybersecurity & Infrastructure Security Agency has urged organizations and individuals to be prepared for the possibility that the situation could change.
It has name-checked industries and organizations at particular risk, including coronavirus researchers and the health, pharmaceutical, defense, energy, video-game and aviation industries. Some of those are not surprising: Federal officials suspect that Russian nationals were behind ransomware efforts like the ones that led to fuel shortages in the wake of the Colonial Pipeline shutdown last year and technology meltdowns at hospitals in 2020.
The good news — if there can be any at a global moment like this one — is that many of the precautions you should be taking now are the same ones you’d take in preparation for a natural disaster or any power outage. Others are the kinds of things you should be doing no matter what.
Defending (and Duplicating) Your Data
Digital brinkmanship involving global powers may leave you feeling that there’s only so much you can do to help. But good digital hygiene really is its own form of civil defense.
The hacking of Hillary Clinton’s 2016 campaign began with something we can all understand: a phishing email requesting a password change. If you work in any kind of sensitive job, you could be vulnerable too, even on personal email.
“They want your passwords,” said Karen Walsh, who runs a marketing company that helps cybersecurity companies explain their capabilities in plain English, “because people reuse passwords between home and work.”
Eric Gosh, an Air Force veteran who spent part of his time shielding sensitive technology from Russia, now runs a Chicago technology consulting firm. He constantly reminds clients to ask themselves three questions when strange emails arrive, and the answer is supposed to be yes to all of them: Is it from someone I know? Is it what I was expecting? Is it in the format I was expecting?
“If the answer is no, pick up the phone and call,” he said.
Ms. Walsh recommends a tried-and-true 3-2-1 plan for backups: Three copies of any essential data in two different formats or types of storage media, with one of them in a cloud.
If you’re undergoing sensitive medical treatment right now, for instance, it’s wise to maintain multiple copies of your records, keeping in mind the mess that malware made of hospital systems in 2020. Your health care provider might have them, sure — but you can ask for and keep your own copy in the cloud as well as on a thumb drive or in a paper folder.
There’s more. Update the operating systems on your devices, or better yet, enable automatic updates. Write down, screenshot or photograph essential street addresses and phone numbers, just in case.
As for everything you may have personally stored via Google, Phil Venables, chief information security officer for Google Cloud, offered some reassurance this week.
“We exhibit a healthy paranoia,” he said of his team. There is what he called “massive” replication and distribution in its systems, so wiping the cloud clean of everything, everywhere, would be a tall order.
And there’s a decent chance that wouldn’t be the goal, anyway. “Attacks that come from nation states and certain criminal groups often go after targets with things that they want — defense or media or dissidents,” he said. “They come at those accounts rather than the overall infrastructure.”
Russia-Ukraine War: Key Things to Know
Expanding the war. Russia launched a barrage of airstrikes at a Ukrainian military base near the Polish border, killing at least 35 people. Western officials said the attack at NATO’s doorstep was not merely a geographic expansion of the invasion but a shift in Russian tactics.
Dealing With Disruption
The power and communications infrastructure that allows technology to function isn’t something that mere individuals can defend. Here, any preparations for a lights-out aftermath are hopefully those that you’ve already made in case weather or any unforeseen disruption upends your life.
That means flashlights for every person in the house, fresh batteries every so often, candles and matches, solar-powered sources for small devices, portable power stations and backup generators if you can afford and find one. Not letting your car’s gas tank sit at half-empty or below is always a good idea, too.
Setting aside a small pile of emergency cash makes sense only if you will remember where you put it. More likely than not, you won’t need it — and if you don’t have an obvious place to stash it, like a safe, it could easily slip your mind. Share the location with someone you trust, and set a quarterly calendar reminder so you don’t forget that it’s in a little-used shoe that could end up at Goodwill when you make a donation run two years from now.
Besides, David N. Tente, an executive at the industry association for people who concern themselves with A.T.M.s, reminded me this week that there is no single A.T.M. network, since some have independent operators while banks control others. “If someone was able to disable your favorite A.T.M., you could almost certainly find another A.T.M. to use for your withdrawal,” he wrote.
Other precautions are of the basic variety that make sense in the face of a big snowstorm. A few jugs of water are never a bad idea. And Mr. Gosh, the Air Force veteran and technology consultant, said that most people already have enough nonperishable food around that they could feed a family in a pinch for at least a couple of days, a reasonable amount of time for the proper authorities to sort out digital disruptions. He keeps his freezer stocked with chicken broth for pho, the Vietnamese soup.
My conversation with him this week was marked by a kind of serenity. He wasn’t about to ransack Costco or pile his shelves with items from prepper.com.
“Stay calm,” he said. “It’s easier to be calm if you’ve done a little bit of preparation. This isn’t a new idea.”
And if something unexpected does happen, take care of one another. It’s why he tells clients to print out the addresses of colleagues and others you might not visit often enough to have committed their locations to memory.
“If they don’t show up for a few days,” he said, “go check on them.”