No man is an island entire of itself; every man
is a piece of the continent, a part of the main;
if a clod be washed away by the sea, Europe
is the less, as well as if a promontory were, as
well as any manner of thy friends or of thine
own were; any man’s death diminishes me,
because I am involved in mankind.
And therefore never send to know for whom
the bell tolls; it tolls for thee.
Reading this poem again, or even if this was your first time, really makes you consider how interconnected society is. When John Donne wrote these lines in 1624, it would have been impossible to imagine the degree to which society is connected today, almost 400 years later – yet here we are. The fact we are interconnected is often overlooked as we go about our daily lives until some catastrophic event brings us together or interrupts our communications infrastructure.
This week we will look at that idea as we discuss Protecting Critical Infrastructure from Cyber Threats. Critical infrastructure are the “sectors whose assets, systems, and networks are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”2 These sectors include transportation, energy, food and agriculture, financial, emergency services, and water to name a few. All of the systems we take for granted and assume service will continue as long as we pay our bill and pay our taxes – delivery of food to grocers and restaurants, clean water, online banking, electricity in our homes and offices with available internet service – all of these are part of the critical infrastructure protected by our federal government. Because we are now so digitally connected, the threats to these sectors has greatly increased.
In recent years, there have been significant intrusions upon industrial and government facilities that show us how vulnerable systems are to outside malware attacks. The Stuxnet worm, Havex, and most recently the attack on the Ukrainian nation’s power grid, show how sophisticated and debilitating these attacks can be. However, it is important to note that these attacks came through their control systems’ weakest link – people.3 The Stuxnet worm hit the Iranian nuclear systems through a thumbdrive, the Havex RAT used spam emails and an infected app4, and it appears the Ukrainian intrusion, though complex and intricate, was introduced through a phishing email that had a malicious attachment.5
From these and other news reports, we can see there are a myriad of ways our communications networks can be jeopardized. It is up to each member of that network – not just the IT and OT systems controllers – to be vigilant and aware of threats. Protecting the network starts by protecting yourself. This is not someone else’s job. Each of us must protect and defend ourselves from cyberattack, not just in our own personal interest, but in the interest of others as well.
While cyber-specific careers are clearly a necessary element of an overall defense plan, the number of jobs integrating and administering cyber aspects are growing. Everyone from teachers, police, doctors, and lawyers to engineers, food service, salespeople, and airline pilots – almost every career you can imagine – has a growing digital footprint that requires constant vigilance on the part of the individual. If we all do our part, we are, as a whole, made stronger.