Should we be preparing for cyber war?

By on
Should we be preparing for cyber war?

[Blog post] How not to become collateral damage.

Late last year, while most of us were winding down for the break, security entrepreneur and wannabe US Presidential candidate John McAfee, was contemplating World War III.

He was pre-occupied with an imminent cyber doomsday that could leave the west spiraling into chaos without power, communications, even Facebook.

McAfee’s online rants are often recognised as owing as much to Hollywood blockbusters as reality, but are these fears unfounded?

Could an organisation, such as ISIS really use hackers to shut down the White House, cripple NATO, and leave ASIO wondering who turned off the lights?

If 2015’s data breaches have taught us anything it is the majority of IT system are exposed to risk and the problem seems to be escalating.

It’s true that most companies have security technologies and personnel who detect attacks, analyse logs and respond when incidents occur, but security is about more than just technology – it’s a continual process of assessing and managing risks to information and systems; and the security programme must be holistic and pervasive enough across the business to see where all threats and vulnerabilities exist.

This is why most security programmes, under the strain of sustained attack, will fail.

So, in theory, John McAfee could actually be right. Should ISIS, or some other terrorist organisation wish to cause mass panic, then a sustained cyber-attack on our power plants, communication systems and the stock exchange may be the way to go.

Even a hit on a less apocalyptic scale could have devastating impacts.

So, what can you do to be prepared?

Plan for the worst

There really is no secret recipe.

Dust off the business continuity plans and make sure they are up to date. Ensure your communication plans account for the loss of critical services, such as mobile networks and email, and make sure there are contingencies in place for all aspects of your operations.

Should the power fail in your data centre, where is your backup? How long can you survive without your primary business systems? Do you have backups and have you tested your ability to recover from an outage?

There is no better way to make sure your current staff know how to operate and act in the thick of an incident than running some drills. You often have to evacuate your building because it’s a regulation for you to run a fire drill. So, build your business continuity testing into your annual test plans. It’s the only way to be sure you can survive should the worst happen.

Keeping systems and applications patched and up to date, keeping antivirus systems updated with the latest signatures and making sure you teach all staff about basic security awareness matters are key to you being safe.

And the Cyber War?  

If John McAfee’s predictions of global cyber war come true, the world will certainly become a frightening place.

We’ve already seen instances of so-called cyber warfare emerging over the last ten years, with malware such as the infamous Stuxnet and the more insidious Flame almost certainly originating from nation state actors.

The primary targets will always be governments and national critical infrastructure, such as power, water, banking, communications and transport.

But no war will ever be fought and won in cyberspace alone, however, and the possibilities for instigating disruption, intelligence gathering and propaganda dissemination using technology is always increasing as our reliance on communications systems increases.

For this reason, businesses will undoubtedly suffer in times of conflict, often as nothing more than collateral damage of the overarching conflict.

A bit of preparation for the worst, no matter how outlandish it may seem, may keep your organisation from becoming an incidental casualty.

Tags:
Tony Campbell
Tony Campbell has been a technology and security professional for over two decades, during which time he has worked on dozens of large-scale enterprise security projects, published technical books and worked as a technical editor for Apress Inc.

He was was the co-founder of Digital Forensics Magazine prior to developing security training courses for infosec skills.

He now lives and works in Perth, where he maintains a security consulting role with Kinetic IT while continuing to develop training material and working on fiction in his limited spare time.

Read more from this blog: Unpatched

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?