By Rob Strayer
It is an unfortunate modern reality that cyber attacks are commonly used to steal money from businesses and individuals. Cyber attacks that disrupt or destroy physical assets, on the other hand, have been rare up to this time. The news over the weekend that a terrorist organization was able to finance its activities by hacking AT&T business customers’ telecommunications accounts represents a new and disturbing development in the use of cyber attacks by terrorists.
November 29th, 2011 - by Guest Contributor
By Rob Strayer
As happy/relieved as I am to know that the Russians aren’t out to disrupt our water services, it is important to note that a water system in South Houston was the victim of a real cyber attack. (You’ll recall it occurred in direct response to DHS downplaying of the reported situation in Illinois).The would-be attack, and the actual one, are stark reminders that the threat of cyber attacks are real.
I have read several articles on the recent water plant cyber intrusion that damaged a pump in a small utility firm’s facility in Illinois. I am not a digital forensics analyst, but I do find the reactions very interesting. Frankly, I don’t know what the Water Plant incident really means, but at this point neither does anyone else. Can we afford to dismiss it, even if it turns out to be amateur hackers? I have said this before; the sky is not falling! However, we still need to up our vigilance and recognize that we have enormous vulnerabilities and competent adversaries.
October 4th, 2011 - by Jeff Gaynor
In the wake of “National Preparedness Month,” over the weekend the first edition of the National Preparedness Goal (NPG) was released. The NPG correctly recognizes resilience as a fundamental component of national preparedness – a desired outcome. The issue, however, is not what America can do but rather what America will do. There can be little doubt that since 9/11, America is far more physically protected. However, contrary to the assertion in the NPG, and as protected infrastructure failures and nature-driven consequences continue to demonstrate, America is anything but more prepared.
Again the other day, another of our government cyber leaders delivered the usual canned speech about how we must increase our defenses – read expand budgets/personnel – to defend ourselves against an “electronic Pearl Harbor.” And so, once again, the muscles in the back of my neck begin to stiffen wondering when they are going to stop saying this and if, some day, they will arrive in the 21st century. Cyber attacks – they are not wars – are not about total destruction but death by a thousand cuts.
The world has faced tragic events of late: the Japanese earthquake and tsunami; the tragic bombing and shooting in Oslo, Norway; and post-Hurricane Irene floods along the U.S. East Coast. With these and other ever-present threats to our critical infrastructures and way of life, the National Defense Industrial Association’s (NDIA) 2011 Homeland Security Symposium is “Disasters: Preparing, Surviving and Responding to Dynamic Threats.”
August 24th, 2011 - by L. Vance Taylor
In response to a recent DHS report citing concerns about the ability of insiders to cause significant damage at water utilities, Sen. Chuck Schumer is set to introduce legislation that would mandate FBI background checks for employees at drinking water and wastewater plants. While I understand Senator Schumer’s logic, Congress would be wise to hit the “pause” button before introducing new regulatory mandates so it can reexamine our current national approach to addressing water security.
August 10th, 2011 - by James Carafano
An electromagnetic pulse (EMP) attack – produced by a nuclear weapon detonated at a high altitude or by a geomagnetic storm – has the potential to decimate America’s electrical and technological infrastructure. The Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack found that an EMP is a threat to our society and military. Yet, despite broad consensus, Congress has yet to act in a substantive manner. For the most part, U.S. government agencies have not taken planning for their response to an EMP attack out of the theoretical stages.
July 29th, 2011 - by Jeff Gaynor
Despite near-continuous pronouncements on the topic of resilience, the Administration decided not to define resilience in its latest Presidential Policy Directive/PPD-8: National Preparedness. It is precisely the difficulty of nationally defining resilience that should compel the government to do so. Deciding not to define resilience and its application to the Nation’s infrastructure condemns America to continuous validation of Einstein’s definition of insanity: “Doing the same thing over and over again while expecting a different result.”
July 28th, 2011 - by Guest Contributor
By Michael Hendrix
Critical infrastructures are the veins and arteries carrying the lifeblood of America’s economy and society. In a recent National Chamber Foundation event, Admiral Thad Allen described critical infrastructure as especially susceptible to “Black Swans.” To minimize the unexpected risk to critical infrastructure, we need a set of best practices, a sort “Black Swan toolkit.”
July 21st, 2011 - by Rich Cooper
There was a time when the United States’ transportation infrastructure was the envy of the world. Times are changing and U.S. infrastructure isn’t. This poses a significant threat to America’s profitability, economic recovery and international competitiveness. Recognizing this, the National Chamber Foundation – the U.S. Chamber of Commerce’s think tank – put on a program in conjunction with the Chamber’s Let’s Rebuild America initiative, “Infrastructure: What We Want, What We Need.” Here’s a breakdown.
July 7th, 2011 - by Rich Cooper
America’s infrastructure could use a makeover. Many of the things that help this country “GO” – roads, bridges, utilities and more – are in poor shape and in many places, crumbling before our eyes. Yet, the country has seen little in the way of real change when it comes to building a stronger, more resilient America. Not enough of us are talking and thinking strategically about infrastructure investment priorities, how risk and resilience are considered, and how we are going to pay for these much-needed updates. Enter Adm. Thad Allen, former commandant of the U.S. Coast Guard.
June 28th, 2011 - by Jeff Gaynor
Yesterday, the Homeland Security Advisory Council (HSAC) released the recommendations of its Community Resilience Task Force (CRTF), which argue that it is impossible to build a resilient nation upon protected yet aged, overstressed, exploitable and consequence-amplifying infrastructure foundations.
One of the more interesting parts of the rejuvenated Anarchist movement has been the adoption of Guy Fawkes as a hero. The Internet movements like Anonymous and a number of other Lulzs have been doing their level Guy Fawkes’ best to flex their muscles against the man. And so Uncle Sam, in the guise of the U.S. Government, is finding out the wild frontier of cyber space is not about to be intimidated by Washington laws or declarations. We focus on nation states. In the new frontier, all the Guy Fawkes are the same.
It’s a basic lesson any semi-decent carpenter or weekend handyman knows. If you have the right tools, you can do your job a lot easier and a whole lot better. As basic as this premise might be, it is one that we have failed to follow in terms of dealing with fire and ice in this country. With a median age of several decades and enormous wear and tear, the reliability and safety our firefighting planes is in serious question.
Black swans are another name for Secretary Rumsfeld’s famous category of “known” unknowns, things we know we don’t know – but maybe we should. The Japanese anticipated the double-shot of earthquakes and tsunamis, but not the triple whammy of earthquake-Tsunami-massive release of low-dose radiation from nuclear power plants. It is hard to believe that Washington would not screw up a nuclear incident just as badly as Toyko, particularly if the event happened in the midst of another catastrophe.
It has been a busy couple of days for me, but they have been good ones. I flew down to Maxwell AFB in Alabama to offer the Industry Perspective on Cyber as part of the AF Cyber Operations Executive Course. I also served as moderator for an Executive Luncheon sponsored by the Homeland Security and Defense Business Council, where the guest was Assistant Secretary of Defense for Homeland Defense, the Honorable Paul Stockton.
Regardless of circumstance or event, be it flood, fire, tornado or terror, the American Red Cross has always been there. With the release of the Ready Rating Program, the American Red Cross has once again shown their capacity to do just about anything they set their mind too. When you compare this effort to those of DHS in its Private Sector Preparedness (PS-Prep) Program, it’s not even a fair comparison.
Many commentators will point out that the biggest hindrance to wide acceptance of the cloud model for enterprise computing is doubts to its security. For many folks, this concern is real. Can the cloud be secured? Absolutely yes! But we should not be unwise. If the cloud is beckoning you, you have responsibilities as a potential consumer.
The cyber conference world continues to grow. There are several dozen cyber-specific events in the next few weeks. This is indicative of a couple things. First, it shows the entire cyber field is still growing unabated and that we are taking it seriously, and second, it shows that lots of conference builders are riding the train. For my part, I’ll be participating in some upcoming cyber events this month.