In a previous blog, I spoke of how being patient can be rewarding to a cyber attacker. By laying in wait and planning their attack in a more coordinated manner, the payout - be it financial or simply plain revenge (e.g., cyber terrorism) - can be much larger and indeed have a far greater impact. It’s in these scenarios where early warning truly becomes crucial.
So let’s consider the idea of a “Perfect Storm”. Traditionally, a perfect storm is one where multiple disastrous forces by chance combine and dramatically multiply the impact. It was originally used to reference storms that happened in the open sea, where waves and winds and heavy rains and whatever else you can imagine would combine to deliver a fatal blow to any unlucky seafaring vessel in the path of destruction.
Now in the world of networked computer systems and their interface with any of the many physical systems and devices that are necessary to support our modern critical infrastructure, one could indeed imagine a scenario where a perfect storm could happen. We are not prepared, so would be a kind of a black swan event.
I want to start with a recent traditional perfect storm scenario in the USA in the winter of 2022. The United States Northeastern region was hit with a “Bomb Cyclone”, where bitter cold and hurricane-force winds combined to deliver massive amounts of snow and drifts that have essentially buried vehicles and completely barricaded people in their homes.
The storm led to a complete closure of everything from grocery stores to schools and a complete inability for any vehicles to travel safely on the roads, including first responder vehicles such as fire trucks, police cars, and ambulances. Not even snow removal equipment could do its job. Quite sadly, it resulted in many deaths. In and of itself, this is effectively the definition of a perfect storm in the classic sense.
The cybersecurity aspect of the perfect storm can be either intentional or unintentional. An enterprising attacker could launch something akin to the now infamous “WannaCry” ransomware attack of 2017 where over 300,000 computer systems in over 150 countries were affected. Crucially, affected organizations included many medical critical care facilities in the UK, forcing the relocation of critical condition patients to other facilities due to the crippling of the networked systems in the affected hospitals.
Mind you that this particular attack happened without any of the other “perfect storm” factors in place. Imagine, if you will, if such an attack were to take place during this kind of winter storm hitting the affected areas, where not only are the systems taken out of commission, but there is effectively no way for anyone to get over to the unaffected locations physically, or move patients to unaffected hospitals.
Okay, that was a scary scenario. The purpose of this article is not intended to make you afraid but rather meant to point out that the current spate of ransomware and other cyber attacks are not anywhere close to being as bad as they could be if the attacker were to choose to sit in a network and wait for the perfect opportunity to cause the maximum amount of damage.
I am certainly not the first person to posit such a scenario. We live in an age where the risk of something awful happening is increasing, and it certainly makes a lot of sense to, at a minimum, look closely at how big a risk of such disasters exists in networks as they continue to grow.
This is why we at Arctic Security firmly believe in early warning systems and think that they are a concept that must be extended to the cybersecurity world. Early warning of the storm weather system allowed authorities and citizens to prepare for the upcoming distress several days in advance. Suppose there is an upcoming cybersecurity event or multiple cybersecurity problems coinciding that are making each other more damaging. In that case, people must have as much lead time as possible to prepare.