Focus on all the right places – all places.
November 8, 2016 marks not the first attack to the United States’ critical infrastructure. The date, however, is the first and clear milestone from whence we know that we, as a nation, are aware we are living under a persistent and real cyber-siege.
As of today, there is a shadow hovering over our democratic process and our electoral system infrastructure. We have focused so much effort on Russia and electoral process interference that as citizens, I am afraid we are missing the greater picture; our whole critical infrastructure is at risk, and we are doing very little about it.
This is not new behavior. Here is what I mean….
After September 11th, 2001 we changed our security protocols to board aircrafts around the world. We laser focused ourselves on physical security. Suddenly pocket knives, water bottles and lighters were “verboten” and we needed to plan for 40 minutes of additional screening for any domestic flight. After December 22nd, 2001 we were forced to take our shoes off because of the failed shoe-bomb attempt on AA flight 63. Ever since, we have had to nearly strip down to our shorts and take our shoes off; thinking that a savvy enemy would attack in the same way twice.
While I believe we are doing more than strip searches to increase our air travel security, there are many checks that I am sure the public remains unaware of; at least I hope so. What I do know for sure is that seventeen years later, TSA is still clearly focused on those shoe-bombs.
In March 2018 the ransomware hack on the City of Atlanta significantly impacted many of their departments and affected 30% of applications considered “mission critical”. It also included the courts and police and prevented the city from being able to offer core city services. At the time of this writing, the city is still trying to determine the extent of the attack but the costs to fix their infrastructure and prevent future attacks are reaching upwards of $50M+. Are we sure that we eradicated all the threats from the system after that attack? Do we know for sure that other parts of the city infrastructure including utilities and transportation have not been seeded with dormant malware, waiting for the right moment to attack?
As a nation we are not only reactive in nature, but also narrow in our response.
We are looking for more shoe bombs rather than looking at other ways for the enemy to strike. Are we actively looking at our critical infrastructure for deeply hidden threats? What if instead of a shoe-bomb the next rogue entity directs air traffic control to vector two aircraft to the same airspace? What would happen if our power grid was compromised? What about sea-lanes and maritime traffic control; how would ships get in and out of port? What about potable water plants and public works… what would happen if we were to go from running water to “out houses” in a city like Atlanta because a rogue nation like North Korea secured control of our sewage plants?
It is adding insult to injury that we refuse to actively protect our electoral system when we know it is still under attack; that is a blog in and by itself. It is beyond belief that we are not more actively engaged in protecting our other critical infrastructure - all of it - involving industry and the public alike in a quest to outlive the cyber-siege we are living today.
We are reactive in nature, and laser focused in our response to prove that we are “in control” of the known problem. We continue to react directly to the threat in front of us, and we fail to expand our scope to prepare for the unexpected, from other threat vectors and timelines..
A savvy enemy does not attack twice in the same way. Only a fool expects this behavior. What is your company doing to anticipate the next attack? What if anything is your company doing to find dormant threats? Are we just looking for more shoe-bombs?