by Charles Miller

This week the United States observed its quadrennial ceremony marking the date on which tens of millions of voters hope that the incoming governing administration will be better than the outgoing one. The queue of citizens and lobbyists hoping to somehow have their concerns addressed is obviously a long one and I fear that my concerns about cybersecurity might not be high enough in the order of priorities for the new administration.

For tech-savvy citizens few issues stand as glaringly urgent as America’s cyber vulnerabilities. In spite of this reality, cybersecurity almost never seems to get the funding or attention it deserves. For both government and the private sector, policies tend to be reactive rather than proactive. The U.S. and the rest of the free world are woefully unprepared for the cyber onslaughts ahead.

A short while ago I saw a subtle reminder of this on one of the cobblestone streets of San Miguel where I went to pay a utility bill. The machine, I will call it an ATM, was working as it should, but its screen also displayed a subtle message reading “Go to Settings to activate Windows.” The English translation of that might as well have been “Warning! This ATM might not be receiving critical software security updates that could be necessary to safeguard your credit card information!”

That might seem a trivial concern, but rest assured that China's Gelsemium cyberwarefare group, Russia's Cozy Bear and Fancy Bear hacking groups, and North Korea's Lazarus Group all exploit attack vectors discovered in unpatched and out-of-date computers and smart phones. Did I forget to mention Iran? These state-sponsored hacking groups operate as arms of the military to create cyberwarfare tools to cripple economies, down power grids, and compromise national security. Did I forget to list all the many nations harboring relentless cybercrooks not interested in waging war, but only stealing all your money?

Ominously bearing down on a majority of all Microsoft Windows users worldwide is October 14, 2025. That is the date on which Microsoft plans to discontinue supporting Windows 10; a decision that could leave almost two thirds of all PCs in the world vulnerable to exploitation. Microsoft’s tacit message to consumers is we should just send approximately 1.5 billion (with a B) computers, tablets, and ATMs to the landfill and buy new ones; problem solved!

Of course that will not happen. Everyone uses their computers, phones, tablets, ATMs, gas pumps, refrigerators, light bulbs, and other internet-connected devices until they wear out or are otherwise no longer serviceable. Very few customers buy a new device as soon as the manufacturer ends support; they use it so long as it works. This leads to a patchwork of outdated systems, no longer being updated with protections against cyber attacks that could potentially lead to catastrophic failures in critical infrastructure, from energy grids to financial networks.

And YES! Your out-of-support Mac or PC or smart phone could be used by hackers as an attack vector through which one of those nation-state hacking groups could attack your bank the next time you log on to your account. All out-of-support devices connected to the internet are a part of that global network, and if infected could conceivably infect other systems on the internet.

The new administration in the U.S. has an opportunity to begin to turn this around. A good place to start would be to work toward requiring that Apple, Microsoft, and Google should all be obligated to continue providing critical security updates for all of their “discontinued” Operating Systems (OS) so long as their failing to do so creates a significant risk to large numbers of internet users. Doing this would not necessarily encourage people to continue using their old outdated hardware; they are going to do that anyway whether it is safe to do so or not. What requiring OS makers to provide continuing support would do is make the entire internet safer and more secure for everyone.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar