Russian election meddling. North Korean hacking. Malicious malware pointed at nuclear programs. Cyber-warfare once seemed like science fiction, though it’s now becoming the modern battlefront. We’ve seen all the scary headlines, but how do we know what’s hype, what’s a genuine threat, and how to defend ourselves (and our clients) from the digital wars of the future? Let’s break it down.
Cyber War: Overhyped or Underhyped?
We’ve seen what can happen online. From attacks that exposed communication between Hillary Clinton’s campaigners to Russian cyber-meddling, all the way to a more recent leak of CIA cyber tools from WikiLeaks, some shady things are happening in the cyber world. While there are reasons to be concerned, all-out cyber warfare isn’t on our doorstep quite yet. As former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, Richard A. Clarke, noted in an interview with Columbia University, “… A government engaged in destruction against another within cyberspace; it hasn’t really happened yet. The few instances of cyberattacks that have occurred (that we know about) have been executed with only limited objectives in mind.”
Clarke also mentions that cyberwar would likely only happen as part of a more significant military conflict. “Governments will only engage in ‘total’ cyberwar within the context of a war that they were already going to fight militarily otherwise,” he says. So really, we shouldn’t be concerned about cyberwar any more than we should about a conventional war.
If two countries engage in conflict, cyber warfare would be a significant component, and attacks on critical infrastructure could feasibly disable power, stop water supplies, and more. Hackers have already demonstrated through many smaller-scale attacks that critical infrastructures are vulnerable, and scarily enough, simple attacks using infected emails are surprisingly effective.
Whether from foreign governments or rogue hacker groups, there is certainly the risk of cyberwar in the future, but how do we defend against potential attacks and what can we do today that may prevent them from ever happening at all?
Preparing for the Cyberwars
As with any large-scale conflict, there are things you can do, but there are larger political things that are out of your hands. However, you don’t have to stand idly by. Here are some things you can do to address the threat of cyberwar.
Take Security Into Your Own Hands
While we’re not sure how or when a large-scale attack might take place, it’s still wise to take measures to minimize the impact for you or your clients. As we know, disasters come in all shapes and sizes. You can think of cyberwar as a man-made disaster and plan accordingly by having iron-clad security, heavy-duty encryption, and both onsite and offsite backups. Beyond that, including contingencies for warfare as part of your detailed disaster recovery plan. Your business probably won’t be attacked directly, but if power, water, and the Internet are disabled, what actions must you take?
Speak with Your Representatives
Let your leaders know you’re concerned about cyberwar. Make it clear you feel strongly about that threat and urge them to support legislation that helps us defend ourselves against potential attacks. The more people voice their concerns, the more likely they’ll be to act. You can find contact information for your local and federal elected officials here.
Support Cyber Defense Causes
When elections come around, consider making a difference by supporting leaders with a strong stance on cyber defense. Similarly, pay attention to new legislation that might beef up cybersecurity, and support programs that will keep our digital lives safe. Also, sites like Change.org let you sign petitions for various cyber causes you might care about. Whatever the case, acting now and doing your part can help us all better defend against future cyber threats.
Don’t Forget to Relax
When scary headlines are featured so prominently, fear can be consuming, but there’s a lighter side to this. According to a site called Cyber Squirrel 1, “Of all the claimed nation-state (i.e. human) cyber-attacks that have impacted critical infrastructure (Brazil Blackouts, Turkey pipeline explosion, German Steel Plant event, etc.), only two (the Ukrainian power outages and the US lead Stuxnet operation) can be confirmed as ‘cyber’ at this time.” Squirrels, birds, snakes, and other animals have been far more successful at bringing down power grids than people. So, who’s the real enemy here?
With a great DR plan, and some good old-fashioned political participation, you’ll be as ready as you can be for the digital wars of the future, but with some luck, we can avoid them altogether.