Law Enforcement evidence held for ransom, utilities taken offline and transportation derailed. All have happened in the last 12 months. Sometimes it feels like TV supervillains from our childhood have come to life; CHAOS, Cobra and, worst of all, the dreaded Legion of Doom. But in a world of international terror organizations and state-run subversive groups, such supervillains would likely do less damage.
It turns out that watching Saturday morning cartoons was actually a history lesson of our future. Evil organized into productive, self-governing cells, determined to wreak havoc in return for profit or power. Some operating as a quasi-government entity (Cobra). And perhaps some funded by multi-national corporate tycoons (Lex Luthor). But there is a twist to the simple plots we enjoyed: the Internet of Things (IoT).
The IoT is creating a massive threat landscape that State and Local Governments must deal with. As driverless vehicles, cloud computing and embedded sensors are added to the mix, we’ll see our communities exposed to attack methods we’ve yet to dream of. But there are three major players on the horizon that State and Local Governments should prepare for before it’s too late; government-backed cyberattacks, corporate-backed cyberattacks, and conflicting algorithms.
Cyberwarfare between nation-states and quasi-states is a real and growing threat (think North Korea, Iran, ISIS or Al Qaeda). For smaller nations unable to field large militaries or nations isolated financially and culturally, it can rapidly level the playing field against larger opponents and enable blackmail of critical services.
Larger nations (think Russia and China) are also developing cyber units to deal with enemy threats – and to use for offensive purposes – targeting State and Local Government agencies in other nations. Add state sponsored terror organizations to the mix and the potential for large-scale, targeted and potentially lethal cyberattacks by government funded units should be taken seriously.
To prepare for government-backed cyberattacks, CIOs and IT leaders should start collaborating across governments to share information about attacks and develop a regularly updated threat-response. They should also implement resilient networks to ensure continuity of services.
Trade wars and over-aggressive competitors may also open the door to corporate sponsored attacks. Unfortunately, some companies have already shown their willingness to secretly monitor and censor viewpoints that interfere with their commerce. Many have also shown a willingness to work with foreign governments to censor news and factual data plus they have highly trained cybersecurity personnel familiar with attack methods. This method has precedence: during the late 1800s our nation’s first large trans-national corporations (such as steel, train and banking) employed armed forces to push their will on various groups during the westward expansion. Same concept – different weapons.
It would be beneficial for government to get ahead of this threat by seeking open dialogue with stakeholders and industry associations. Also, to develop working groups within government specifically dedicated to the issue that can adopt defined threat-response processes and push resilient networks. Responsible corporate leadership in today’s competitive environment should work to pre-empt such behavior by those who come after them. This can be done by looking to industry associations as the primary force of change, not individual lobbying efforts. Also, by developing and encouraging processes for reporting and correcting unethical behavior against competitors.
Algorithms are now being used to drive automated actions to reduce response times and increase efficiencies across a variety of public and private organizations, including critical infrastructure for transportation, utilities and energy. But what if two or more algorithms interact and unexpected results happen? Throw any of our various villians into the mix and there is great opportunity to wreak havoc among the populous.
Luckily, there is a way to short-circuit this approach. By deploying a threat-centric cyber defense, State and Local Governments can help reduce the impacts of conflicting algorithms that may naturally occur or that are exploited by attackers. This can be done by empowering increased visibility across their entire networks, especially at the edge where unmanaged devices are constantly connecting. By deploying a solution that is constantly on the defense, searching for threats rather than just reacting to them, they can dramatically increase their capability to pre-empt serious damage.
Ok, so much for the future – what about today’s threats?
Check out our new State and Local Government Mid-Year Cybersecurity Report, focusing on Law Enforcement, Transportation and Utilities.
And get up to speed on The Rise of Ransomware in Law Enforcement.
Also, bookmark Cisco Talos Threat Intelligence for the latest alerts and updates on cyber threats facing agencies like yours.