The October 2022 issue of IEEE Spectrum is here!

Close bar

A few weeks ago, there was a story appearing in the Atlanta Journal-Constitution about cyber criminals being able to penetrate the computer system of Nationwide Mutual Insurance Co. and steal the names, Social Security numbers, drivers’ license numbers, dates of birth, and marital statuses of more than 28 000 policy and non-policy holders residing in Georgia. The article went on to say that the data breach affected other states such as California, but that Nationwide refused “to say how many clients elsewhere have been affected and in how many other states.”

No wonder.

Last week, when the California Department of Insurance announced that it was launching an investigation into the Nationwide breach, it also disclosed that the total number of persons affected by the breach numbered 1 million along with noting that residents of all 50 states were affected (about 5 000 in California). After some prodding from the press, Nationwide confirmed the total number as being closer to 1.1 million. There have a scattering of mostly local news reports on the data breach in other states such as Iowa (90 000 affected), Ohio (29 050 affected) and South Carolina (12 500 affected), but that is about it. Nationwide must be breathing a sigh of relief at how sparsely the national press has covered such a massive breach.

According to a Nationwide account on its website, it took nearly a month for the company to be able to confirm what information was stolen. By all appearances, it says, the attack looked to be the work of cyber criminals from outside the United States, and per usual, the FBI is investigating. Also per usual, Nationwide is offering free-credit monitoring and identity theft protection for a year.

The insurance company also said, “We are very sorry for this situation and are committed to enhancing our defenses against these kinds of attacks.” But those enhancements don't come with any guarantee that this won’t happen again. “There is no such thing as perfect security," the company continued. "And no computer network can ever be completely safe against a sophisticated attack such as occurred here.”

It is a bit hard to tell how sophisticated the attack was, given that Nationwide won't discuss any details. However, if the company truly believed that a data breach was really just a matter of time, maybe it should have encrypted its policy holders’ and non-policy holders’ personal information so that the consequences of any such inevitable successful attack might have been significantly lessened. Maybe California's Department of Insurance can ask why Nationwide why its client data wasn't encrypted.

South Carolina, after learning its lesson the hard way, is now spending US $5 million to encrypt its resident and business tax data after a September breach in which cyber thieves almost effortlessly stole tax return information for 3.8 million taxpayers, 1.9 million dependents, and 700 000 businesses going back to 1998. In addition, the state is spending another $25 000 to install a dual password system to access its tax system that the U.S. Internal Revenue Service requires but South Carolina did not bother to ever implement. Security experts looking into the South Carolina breach reported last week that the dual password system would have likely closed off the attack vector used by the cyber attackers.

The total cost likely to be incurred by South Carolina for the breach is expected to hit nearly $30 million when all is said and done, a thousand times more than that dual password system. Nationwide, do you have any interest in a three-orders-of-magnitude savings that also might prevent your next breach?

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}