PDF LINK
#16,649
Yesterday the White House released two statements on the very real risks of increased cyber attacks against both the private and public sector, which could have profound economic, and societal impacts.
MARCH 21, 2022MARCH 21, 2022
While the events in Europe have no doubt increased the threat level, this is a concern we've revisited often over the past decade, and one that is only likely to increase over time. A few past blogs include:
As vulnerable as our infrastructure (power, water, banking & finance, etc.) is to natural disasters - like hurricanes, ice storms, earthquakes, and even severe space weather - perhaps the greatest threat comes from our vulnerability to cyber attack.
From Ransomware attempts, to distributed denial-of-service (DDoS) attacks - to malicious code which could potentially shut down power plants, interrupt communications, or destroy financial records - tens of thousands of cyber attacks are launched against the United States each day.
In 2015, journalist Ted Koppel published a book called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, that explores this nightmare scenario. You can find hours of interviews with Ted Koppel about his book on YouTube, including with PBS, Charlie Rose, and the following hour long discussion with the National Press Foundation.
Despite congressional committees and national GridEx preparedness drills - a 2018 Congressional Research Service report warned that the US power grid remains vulnerable to attack. A year before that, in the DHS: NIAC Cyber Threat Report - August 2017, we looked at a 45 page report that addressed urgent cyber threats to our critical infrastructure and called for `bold, decisive actions'.
Although the worst-case scenario would be regional or nationwide power outage, less ambitious cyber attacks could be highly disruptive as well, such as those targeting credit/debit card transactions, 911 call centers, internet access, or air traffic control centers at major airports.
If all of this sounds far-fetched, this is what the Department of Homeland Security has this to say about the threat.
Physical Infrastructure Failure
U.S. critical infrastructure includes all physical and virtual assets, systems, and networks which underpin national and economic security as well as public health and safety. A cyber-induced physical infrastructure failure could disable multiple essential functions, isolating academic communities and restricting their access to energy, food, clean water, and other emergency services. These resources serve to prepare IHEs for physical infrastructure failures and mitigate the subsequent loss of life and property.
Preparedness (Prevention, Protection, Mitigation)
Obviously, it is important for all of us to take personal and business cyber security seriously (ie. use strong passwords, don't click on unknown links, make frequent backups, etc), but there is not much the average citizen can do to mitigate these big ticket concerns.
- Prevention: This mission area focuses on the ability to avoid, prevent, or stop an imminent threat.
- Protection: This mission area focuses on the ability to secure and protect a community against a variety of threats and hazards.
- Mitigation: This mission area focuses on the ability to reduce the loss of life and property by lessening the impact of a disaster.
While governments and big businesses spend huge amounts of money and resources in hopes of thwarting cyber attacks, it just takes one successful, high impact attack to ruin your whole day.
So . . . if a disaster struck your region today, and the power went out, stores closed their doors, and water stopped flowing from your kitchen tap for the next 14 days . . . do you have:
- A battery operated NWS Emergency Radio to find out what was going on, and to get vital instructions from emergency officials
- A decent first-aid kit, so that you can treat injuries
- Enough non-perishable food and water on hand to feed and hydrate your family (including pets) for the duration
- A way to provide light when the grid is down.
- A way to cook safely without electricity
- A way to purify or filter water
- A way to stay cool (fans) or warm when the power is out.
- A small supply of cash to use in case credit/debit machines are not working
- An emergency plan, including meeting places, emergency out-of-state contact numbers, a disaster buddy, and in case you must evacuate, a bug-out bag
- Spare supply of essential prescription medicines that you or your family may need
- A way to entertain yourself, or your kids, during a prolonged blackout
If your answer is `no’, you have some work to do. A good place to get started is by visiting Ready.gov.
While preparedness may seem like a lot of work, it really isn’t. You don’t need an underground bunker, an armory, or 2 years worth of dehydrated food. But you do need the basics to carry on for a week or two, and a workable family (or business) emergency/disaster plan.For more information on how to prepare, I would invite you to visit:
FEMA http://www.fema.gov/index.shtm
READY.GOV http://www.ready.gov/
AMERICAN RED CROSS http://www.redcross.org/
