It could be the tipping point. Some are calling it America’s “Sputnik” moment. The Colonial pipeline attack. It brings back images from the 1970s of the oil embargo, rationing, and long lines at the gas pumps. Should the attack on the Colonial pipeline be considered an act of war? Is this the final act in a long string of events that will change how we think about cybersecurity?
If this is truly America’s cyber “Sputnik” moment how will this devastating attack on American infrastructure change how we think about cybersecurity? How will we prepare for this new (some say not so new) battleground? Can we defend or train our way out of it? Will the changing dynamics of a post-pandemic workforce add to cybersecurity – or will our new practices make us more vulnerable?
The attack on the Colonial pipeline – which left more than a thousand stations without gas – makes clear the need to modernize infrastructure, to ensure our systems are not static targets, and to make our responses more agile. In the past six months, there have been three major attacks – SolarWinds, the Microsoft Server attack, and the recent assault on the Colonial pipeline. What’s next? What have we learned? What can we do to avoid another cyberattack on our infrastructure?
Cyber-attacks are a multi-trillion-dollar threat. It’s not like this is something new. The warnings have been coming for decades. A recent issue of Slate noted that in 1984, a national-security directive, signed by President Ronald Reagan, warned that computer networks, which were just then emerging, were “highly susceptible to interception, unauthorized electronic access, and related forms of technical exploitation” by “terrorist groups and criminal elements.”
To adapt, companies, educators, and trainees will need flexibility. Also these rising attacks happened during a pandemic that has changed how and where we work. Companies are rethinking workplaces, trying to design in-person work environments that people might want to return to. The future of work will most likely be a combination of in-office, virtual, and work from home – which will pose cybersecurity challenges. According to Fortune, this hybrid model comes with built-in dangers. Hybrid workplaces will allow us to create organizations that are more flexible, productive, and accessible than ever before. However, cybercriminals know this and are finding ways to take advantage of these vulnerabilities.
With more people continuing to work off-site or in hybrid ways, cybersecurity experts will have to do more to support the workforce and protect companies and infrastructure. Employers will need to step up their cybersecurity training, including looking for outside support. What’s more, employers will need new methods and avenues to attract workers due to a shortage of both people with degrees and people with effective knowledge and training for what to do in a cyber environment.
That means the future will include some exciting developments. There will likely be more consortiums, like the recent cloud initiative, Cloud Security Notification Framework Detector, which is seeing companies like Microsoft, Google, and IBM teaming up. Fortune reports that these cloud rivals are working together on a project that will help companies better defend against hackers and additional cybersecurity threats. According to this same article, the initiative “involves tracking and recording attempts by hackers to infiltrate corporate systems.”
Each cloud-computing vendor records security incidents differently, Daniel Conroy, chief technology officer for the digital unit of aerospace giant Raytheon explained (which is also part of the project). As a result, “companies can have a hard time getting the full picture about the latest cybersecurity attacks.” Many companies use several cloud services for multiple IT projects – and these can include operating both internal and external apps. These businesses have had to create their own software to interpret alerts sent to them by their cloud providers, Conroy said. But the new collaborative initiative would change this. And the fact that so many companies, many of them competitors, have teamed up for this project – Microsoft, Google, IBM, Raytheon, Goldman Sachs, Pfizer, Cisco, FedEx – should reveal how urgent the need for cybersecurity is. (Though, of course, they also have a vested interest in more businesses feeling safer about adopting cloud-computing services.)
There is also a need for more federal support for cybersecurity, especially given the recent attacks on infrastructure. This month, lawmakers told the House Appropriations Committee that the Cybersecurity and Infrastructure Security Agency (CISA) needs at least 400 million dollars more in funding for the 2022 budget. MSSP reports that “the Congressional members said that the nation-state cyber conflagration moves CISA from the wings to center stage to ‘build meaningful security in federal networks and national resilience to significant cyber incidents.’”
The request for more funding was bipartisan. Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI) wrote a letter to the Committee that “praised CISA’s response to the massive SolarWinds Orion attack tied to Russian-backed cyber operatives and the vast Microsoft Exchange Server infiltration carried out by the China-sponsored Hafnium hacking crew, as the lawmakers lobbied for a fatter funding package for the agency.” They noted that CISA played a central role in the US government’s response, “providing cyber defenders in its sister agencies and critical infrastructure providers across the country with timely and reliable information on the threat and indicators of compromise.” CISA needs additional funding so it can continue “to provide services to the rest of the U.S. government to identify threats and harden federal networks against future attacks, to the extent that their resources allow.”
In conclusion, the workforce environment is changing; there are more attacks on critical industries; and there is a growing response from and collaboration by both industry and government to address these attacks. Obviously, cybersecurity training must continue to adapt going forward too – moving to hybrid models that meet workers where they are, including both in person and virtual training, and improving the real-world scenarios to match the challenges we face. The recent critical infrastructure attacks mean our industry is under attack – and education and training must meet the challenge.
CYRIN can help. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 50 interactive labs where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial control networks. Each student or trainee receives his/her own virtual instance of the CYRIN cyber range and completes “learn by doing” courses.
Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!