Houthi Red Sea Attacks and the Impact on the Global Order
SUBSCRIBER+EXCLUSIVE INTERVIEW – For months, Yemen’s Houthis have been launching repeated missile and drone attacks againstcommercial and military ships in the southern Red Sea and […] More
The cyber landscape is drastically changing and the threats of today will pale in comparison to those our nation will face tomorrow. With the development of the internet of things (IOT) and faster connectivity through the advancement of 5G, cyber attacks will increase in volume and severity as we see an expansion in the vulnerability surface area and complexity of cyberspace. To position the country for this new reality, the exchange of information among U.S. stakeholders needs to mature so organizations can quickly and accurately respond to cyber threats and prevent isolated attacks from becoming a pandemic.
Communication among stakeholders is now critical because the U.S. has not operated in a conflict environment where the activities of citizens, the private sector and nation states are so intertwined. As we saw through the unprecedented collaboration between federal, state and local government with the private sector to secure the 2018 elections, communication and coordination across organizations yields tangible results. Despite these pockets of communication, largely facilitated through the Department of Homeland Security (DHS), for the majority of stakeholder organizations, the risks associated with attribution weigh heavier on the minds of leaders than the implications of massive cyber vulnerabilities. With mobile carriers expecting to implement 5G by 2020, time is running out for this imbalance in priorities to continue.
Although forecasted IOT technical developments do provide more prescriptions in the cyber defender’s medicine cabinet, with every benefit comes a new vulnerability that can only be nullified by human interactions outside of cyberspace. These remedies and their side effects include:
For every technological advancement created with good intentions, there is a bad actor waiting in the wings to repurpose the capability. Even if an organization is prepared and develops a cyber playbook, there is the risk that the organization could fall victim to data exfiltration and those playbooks could be used against them. Communication can be the antidote to these unintended side effects of progress. While it may be impossible to protect one organization from becoming patient zero, sharing threat indicators and intelligence can help to isolate the attack and prevent the damage from spreading throughout the U.S. economy.
We recently witnessed the power of communication in preventing cross-sector contamination in 2018, when Russian hackers targeted and gained access to control the U.S. power grid. Initial indicators revealed hackers were primarily focused on the energy sector, but understanding the cyber adversary and patterns, sharing information across sectors allowed other industries to become wary of potential infiltration. As a result, that intrusion campaign also targeted, but failed to compromise, nuclear, commercial facilities, water, aviation, critical manufacturing and transportation industries, largely because of the inter-sector communication.
Towards the end of the WCR’s December roundtable event on boundary security, attendees and speakers shared the idea that today boundary security is nearly impossible because borders no longer exist in cyberspace. While borders are easy to secure through defense-in-depth strategies the challenges lie in protecting all actors along the supply chain. Neither the private nor public sector can only be concerned with protecting their own boundaries, but must consider how their networks interact with other environments and what controls are in place further down the supply chain.
In the increasingly globalized environment this means organizations not only need to worry about their own expanded networks, but those of the organizations they interact with by a third and fourth degree. According to the National Intelligence Assessment, many VPN services are owned by corporations outside the U.S.—meaning data could pass through providers’ servers unencrypted and be vulnerable.
Collectively embracing the idea that companies and sectors no longer exist in siloed architectures will be a major step forward in facilitating an environment where intersecting strategies can emerge that transform this weakness into a strength. The first step organizations can take is to join in the current dialogue within the community through DHS’ Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).
As the volume and variety of conversations increase among stakeholders, we will see a natural maturation in the cyber topics discussed. These conversations will establish trust between actors and ultimately, nurture a strong communication network that enables U.S. organizations to coordinate in a crisis and quarantine the threat. While there may not be a cure for every future cyber attack, together U.S. stakeholders can use communication to begin strengthening our immune system and identifying treatments for when we need to heal.
Related Articles
SUBSCRIBER+EXCLUSIVE INTERVIEW – For months, Yemen’s Houthis have been launching repeated missile and drone attacks againstcommercial and military ships in the southern Red Sea and […] More
SUBSCRIBER+ EXCLUSIVE — When U.S. and British officials filed charges of cyberespionage and imposed sanctions against China Monday, for a campaign which they said had […] More
OPINION / EXPERT PERSPECTIVE — On the night of March 22, four masked individuals armed with automatic weapons entered the Crocus City Hall in the […] More
SUBSCRIBER+ EXCLUSIVE INTERVIEW — While wars rage in Ukraine and Gaza, the past week has seen a spike in tensions over a global conflict that […] More
SUBSCRIBER+ EXCLUSIVE ANALYSIS — Along with expressions of sympathy for the victims and pledges to bring the perpetrators to justice, Russia’s response to Friday’s deadly […] More
OPINION / EXPERT PERSPECTIVE – The death toll from last week’s terrorist attack inside a concert hall in a suburban Moscow neighborhood is now at […] More
Search