The United States was only strengthened by the information revolution bought by the Internet and its connectivity. This country’s greatness comes from connecting its diverse citizens, inspiring them and providing a creative environment to build a societal synergy found nowhere else on earth.
But the benefits are not without risk.
While America is able to use the newfound Internet capability to generate prosperity for mankind, others see it as an opportunity to gain advantages for illicit and manipulative purposes. The conundrum remains: How do we expand collaborative capability for prosperity, while protecting against those who would do us harm?
In the words of former President Ronald Reagan we need to “Trust, but verify.” The threats might not be where you think they are — or what the media reports. Most people assume cyberattacks are limited to the financial sector. This might come as a surprise, but the majority of all cyberattacks have been against the energy sector (nearly 60 percent) followed by critical manufacturing (nearly 20 percent).
Government has an important role manifested through the Department of Homeland Security Industrial Control System Cybersecurity Emergency Response Team. The agency does tremendous work identifying threats, conducting vulnerability assessments and sharing pertinent information within the community. But it is the responsibility of private-power generators and critical infrastructure manufacturers to use the information to improve their cybersecurity resiliency. Despite a few successes, the challenge is to maintain constant vigilance to an ever-increasing threat. Realistically, it is only a matter of when a devastating attack will occur.
Imagine: Your electricity goes out, your natural gas or water stops flowing. What would you do? A likely first response is there will be minor irritation during a two-hour outage. If it continues for a couple of days, families will start having barbeques to cook the food in their freezer and share it with neighbors. Neighborhoods will hold festive block parties — at least until all of the food and beverages are gone. If the outage lasts weeks, there will be accusations of hoarding food, followed soon after by physical violence. Next, we’ll see a deterioration of our social fabric and people will move to places with more resources.
It is not my intent to be a fearmonger, but to provide awareness of the increased risk our society has accepted by being connected through the Internet. The exceptional advantages our society enjoys are associated with real and substantial risks. Many in our society have the misconception the freedom provided by the Internet is without risk.
The key is to remain ever vigilant to potential threats. We must develop individual and societal resiliency.
According to DHS, the top three cyber vulnerabilities in rank order are:
1. Credentials management. A lack of formal credential documentation inhibits vendors from providing timely and accurate software updates and patches.
2. Weak firewall rules. ICS access should be restricted to those who have a requirement. Replacing all default passwords with strong ones is an easy way to strengthen firewalls.
3. Network design weaknesses. Network layouts should be designed to take full advantage of virtual private networks. Also, implementing a layered network will help keep critical communications separate and secure.
The price of a prosperous and civilized society is eternal vigilence. It is up to us all to take action to secure our critical infrastructure and build resiliency for the day when the lights go out.
Arthur Glynn is an entrepreneur, seasoned executive, consultant and retired senior naval officer. Glynn currently serves as a consultant with Booz Allen Hamilton and is a member of the Pikes Peak Cyber Champions.