Meeting Security Challenges Through Vigilance, Readiness and ResilienceVice President for Government Relations & Marketing for Sutherland Global Services
In 2017 we are facing a new and more sophisticated array of physical security and cybersecurity challenges that pose significant risk to people, places and commercial networks. The nefarious global threat actors are terrorists, criminals, hackers, organized crime, malicious individuals, and, in some cases, adversarial nation states. Everyone and anything is vulnerable, and addressing the threats requires incorporating a calculated security strategy.
According to Transparency Market Research, the global homeland security market is expected to grow a market size of $364.44 billion by 2020. A large part of the spending increase over the past year is directly related to cybersecurity in both the public and private sectors.
A security strategy to meet growing challenges needs to be both comprehensive and adaptive. Defined by the most basic elements in managed risk, security is composed of:
- Layered vigilance (intelligence, surveillance);
- Readiness (operational capabilities, visual command center, interdiction technologies);
- Resilience (coordinated response, mitigation and recovery).
The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.
Because society is undergoing such a rapid technological change, the traditional paradigms for addressing threats are evolving with the security challenges. Two particular security challenges characterize the current and future connective landscape in both the public and private sectors: protecting critical infrastructure, and protecting the Internet of Things (IoT) and Smart Cities.
The Security Challenge of Protecting Critical Infrastructure
In the U.S., most of the critical infrastructure, including defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking and finance, is owned by the private sector (about 85 percent) and regulated by the public sector. Protecting the critical infrastructure poses a difficult challenge because democratic societies by their nature are open and accessible. According to the National Consortium for the Study of Terrorism and Responses to Terrorism, a Department of Homeland Security Science and Technology Center of Excellence based at the University of Maryland, between 1970 and 2015, 2,723 terrorist attacks took place in the U.S.; of these attacks, 2,055 (75 percent) targeted critical infrastructure.
Securing soft targets in public places such as airports, trains, buses, malls, schools, stadiums and hospitals necessitates layered vigilance such as security personnel, sensors, cameras, access controls (in some cases), and public/private information and threat sharing with law enforcement.
Among many terrorist incidents, the Paris and Brussels attacks, the Boston bombing, the Orlando nightclub shooting, and especially 9/11 demonstrated the importance of readiness. In those incidents, gaps in training, information sharing, planning, and the lack of interoperable communications between different jurisdictions of first responders led to confusion, and unfortunately risked additional casualties.
Lessons learned from those incidents have not only highlighted the requirements for stronger preparation that includes situational awareness and operational training, but also resilience. A key component of any reliance plan should include scalable communications platforms, geo-location mapping and incident management. Whether an incident is caused by an active shooter or a natural disaster, the ability to securely alert the endangered community, account for the location of threat actors and victims, and coordinate resources, is paramount for mitigation and saving lives.
It is not only physical security that is vulnerable, but the cybersecurity of critical infrastructure. Cybersecurity relies on the same security elements for protection as physical security: layered vigilance, readiness and resilience.
U.S. critical infrastructure systems experienced a 20 percent increase in attempted cybersecurity breaches in fiscal year 2015, according to an end-of-the-year report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.
In an ecosystem of physical and digital connectivity, there will be vulnerabilities. A breach could be catastrophic.
Types of cyber threats include phishing scams, bots, ransomware, and malware and software holes that leave vulnerabilities in networks.
Globally, the power grid has been subjected to both physical and cybersecurity attacks in recent years. Cyber attacks have harmed elements of the critical infrastructure in the U.S. and elsewhere, including Ukraine where a successful attack knocked out part of the power grid. The energy industry provides a good case study for examination of the cyber threat to critical infrastructure. According to a Ponemon Institute report, three-quarters of energy companies and utilities have experienced at least one recent data breach.
Protecting industrial control systems used by utilities from both physical and cybersecurity threats is a component of the dynamic threat environment and response matrix that constitutes their security environments. During escalating events, like downed power lines, pipeline leaks, or cyber attacks, real-time on-the-scene intelligence and operational alarms to relay critical information to the appropriate response personnel are an essential part of that response matrix.
In an ecosystem of both physical and digital connectivity, there will be always be vulnerabilities, and a breach or failure could be catastrophic. In all cases of critical infrastructure protection, the requirements of situational awareness and the ability to safely access, alert and message principals and communities cannot be underestimated.
The Security Challenge of the Internet of Things and Smart Cities
When you think of security challenges, there are none quite as daunting as the Internet of Things (IoT). Cisco estimates that there will be around 50 billion devices and sensors connected to the Internet by 2020. The enormous amount of endpoints in the IoT ecosystem allows for hackers to exploit them in a variety of ways. The research firm Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT.
There are dire implications of having devices and networks so digitally interconnected. Last October, hackers attacked domain name service (DNS) provider Dyn, causing disruption to major components of the Internet’s infrastructure, and temporarily bringing down hundreds of websites. The breach was the result of a distributed denial-of-service (DDoS) attack that sent millions of bytes of traffic to a single server to cause the system to shut down. The Dyn attack leveraged IoT devices, and some of the attacks were launched by common hardware like digital routers, webcams and video recorders infected with malware.
The DDoS cyber attack is an example of using a broad spectrum for a high profile and potentially deadly result. It is also a growing trend. DDoS attacks rose 71 percent between the third quarter of 2015 and the third quarter of 2016. The Internet was designed for ease of use and not with security purposes in mind. IoT’s system of endpoints and devices also allows for theft of data and ransomware installations (particularly frightening for hospitals using networks of medical devices and monitors).
Smart Cities are being developed as components of the universe of the IoT. The term “Smart City” connotes creating a public/private infrastructure to conduct activities that protect and secure citizens. The concept of Smart Cities integrates transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services. They are the cities of the future.
The functions and services of Smart Cities depend upon the secure networking of embedded sensors. These sensors can also be corrupted and breached like any digitally connected device and require strong cybersecurity software applications, hardware and protocols.
The more digitally interconnected we become in our work and personal lives, the more vulnerable we will become. Mitigating the cyber threats will grow as a priority and requires security awareness and that data be secure and reliable.
Protecting critical infrastructure and IoT/Safe Cities are just the beginning of security challenges as we adapt to the technological and cultural changes taking place in 2017 and onward. Every country, governmental jurisdiction, industry, company and individual has their own unique threat landscape to address. A security strategy based on the pillars of vigilance, readiness and resilience needs to be actualized against those threats. This is not only critical for risk management and incident response, but it is an imperative for mitigating harm in an increasingly connected and precarious world.