IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hackers Attack When Communities Are Most Vulnerable

Natural disasters like hurricanes and wildfires are increasingly followed by ransomware attacks. Full-scale drills will help states be prepared to fight back when hackers take advantage.

A flooded street after Hurricane Irma hit Fort Lauderdale, Fla.
A flooded street after Hurricane Irma hit Fort Lauderdale, Fla.
When natural disasters strike — hurricanes, wildfires, earthquakes, floods — communities are at their most vulnerable. People are alarmed and distracted. Sadly, cyber criminals see the opportunity in the chaos. They take advantage of the confusion to create more havoc by targeting physical infrastructure like electric grids, fuel pipelines and water systems with ransomware attacks.

Increasingly, when natural disasters happen, the number of cyber attacks immediately spikes. Indeed, many cyber events are now directly linked to physical events. For example, states like Louisiana and Florida routinely see an exponential rise in cyber attacks following hurricanes.

But the government and business are fighting back. They’re organizing cybersecurity efforts like Operation Homeland Defender, a drill at Muscatatuck Urban Training Center in Indiana, to test preparedness and bolster defenses. The most recent event this summer included the Indiana National Guard, local first responders, Indiana Task Force One and others.

Muscatatuck is the Department of Defense’s largest urban training facility. It is a “real” city that includes a built physical infrastructure, including a water distribution and pump station with multiple active supervisory control and data acquisition (SCADA) systems, 3G and 4G meshed networks, IoT testing grounds, a hospital, and even a U.S. “embassy.” It is an ideal place to run realistic training and testing scenarios in the event of a cyber event and see firsthand how defenses hold up. It’s a war games facility built for the modern era of cyber attacks, blending both physical and cyber into a common realm.

The Operation Homeland Defender drill involved a simulated earthquake followed by a cyber attack, with hackers swooping in amid the chaos. Specifically, the bad guys attacked the water system and tried to shut it down as the National Guard deployed its defense tools to protect networks, people and property.

During any natural disaster, there will be network outages and various other disruptions. Most will be the result of physical damage. But others may be caused by opportunistic hackers. For instance, if the water system goes down after an earthquake, it’s normal to assume that the outage is due to the quake, not a cyber attack. It is critical that IT and security personnel don’t miss the true cause of the outage amid the “noise” which could obviously lead to an extended outage which would, in the real world, result in hundreds if not thousands of lives lost.

In the Operation Homeland Defender drill, it was indeed the bad guys who attacked the water system, in an attempt to sow more chaos and demand a multimillion-dollar ransom to turn the system back on. The exercise was designed to help security personnel differentiate between cyber impacts and physical impacts. The objective was to introduce an unknown variable — i.e., a ransomware attack — and demonstrate how failing to identify that variable can have a prolonged and devastating impact.

Imagine, for instance, a major winter storm across the eastern U.S. burying communities under 5 feet of snow. And imagine, at the same time, a cyber attack on the power grid that leaves impacted communities without heat. It’s hard to comprehend the tremendous amount of hardship and even death that this kind of attack would cause. Cyber criminals know this — and they can force communities to pay a very high price to turn the power back on.

That’s why it is so important for every state in the nation to hold full-scale disaster drills like Indiana’s Operation Homeland Defender: to test and better prepare their response. The reality is that many of our systems — systems that are fragile to begin with — are even more vulnerable to attack during a natural disaster or other physical event.

There is a saying in sports: The best defense is a good offense. On the field of a cyber battle, the reverse is true. State and local governments must better prepare their defense by regularly running disaster drills and simulations that combine threats posed by physical and cyber events. The more they practice, the better their response will be and the fewer surprises they'll encounter.     

It is no longer good enough to rely on a manual or checklist that nobody ever reviews or tests. No response plan works well unless you’ve picked it up and practiced it. How should you respond to a request for ransom? How and when should you engage your cyber insurance group? How can you quickly mitigate any damage?

Ideally, your incident response plan should be reviewed and audited continuously. In addition, key stakeholders should be involved in the planning and execution process of the IR plan to ensure that they are prepared for a cybersecurity incident.

Also, assess your security team and determine if your internal security operations center has enough analysts to monitor, detect and respond to threats on a 24/7 basis. This can help determine whether you have enough staff on hand or need to implement a managed detection and response (MDR) service to help fill the gaps, mitigate blind spots in your security posture, and provide log activity of your digital landscape.

Our nation’s infrastructure systems are increasingly interconnected and linked to computer networks. As cyber attacks continue to evolve, there is a need for heightened vigilance and more effective response procedures. Drills like Indiana’s Operation Homeland Defender should serve as a reminder that we need to do everything in our power to keep pace with cyber threats and stay one step ahead of those who would do us harm.

Doug Howard is CEO of Pondurance and has over 30 years of experience as a technology leader and innovator in security with a background in business development, M&A, operations, engineering, marketing, sales and executive leadership. Former member of the U.S. Air Force, Doug holds a bachelor’s degree in management and marketing from Strayer University. He is the author of Security 2020: Reduce Security Risks This Decade.