A top government official has said that the threat of cyber attacks has left the U.S. in “crisis mode”.
Homeland Security Secretary Kirstjen Nielsen made the comments in an interview with Axios, where she compared the potential damage of a cyber attack to a Category 5 hurricane. She isn’t alone in her fears, with intelligence chiefs from the last three administrations agreeing that there is no bigger threat to the US than an incoming cyber attack.
Former US Army general and CIA director David Petraeus said: “What worries me most is a cyber equivalent of a weapon of mass destruction falling into the hands of extremists who would, needless to say, be very difficult to deter, given their willingness to blow themselves up on the battlefield to take us with them.”
Leon Panetta, another former CIA director, said his biggest national security concern was “a cyberattack that could paralyze the nation,” and former Homeland Security Secretary Michael Chertoff said “cyberattacks on critical infrastructure from state or state-sponsored actors are the biggest threat right now.”
What’s at risk?
Almost everything that we use to navigate the world is vulnerable to an attack. If crooks target power suppliers, millions of people’s electricity or gas could be knocked out. If they go after public transport links, trains and subways could grind to a halt. If they go after Internet service providers, untold damage could occur.
However cyber criminals attack, the economy is bound to suffer. Those affected won’t be able to access essential services, preventing them getting into work and shutting down their offices. They will also experience knock-on effects, such as being unable to spend money on goods or services, either because they don’t have access to them or because the supplier is experiencing disruption.
All of this is without mentioning a potential attack directly on the financial sector, which could cause monumental damage. If financial records are compromised, the best-case scenario is that thousands of people become fraud victims. This obviously sounds bad, but it’s a lot easier to deal with than the prospect of crooks manipulating bank records and making money disappear.
A cyber attack could also cause health emergencies, not only by cutting off power or water, but also because of potential disruption to health care facilities. Medical equipment might be inaccessible, medicines might not be able to be delivered, and doctors and nurses might not be able to get into work.
Frances Townsend, homeland security adviser to George W. Bush, also pointed to the social unrest that could follow a cyber attack. “There will be tremendous media coverage and assigning of blame after there is a catastrophic attack on US critical infrastructure that results in the loss of American lives, but we need to spend more time now covering what is at stake and the magnitude of the growing risk,” she said.
Preparing for the worst
Townsend is right that more people need to be aware of the risk of cyber attacks, but awareness doesn’t always equal resilience. The main worry about cyber attacks is that sometimes they simply cannot be stopped. There are just too many cyber criminals looking for vulnerabilities, and they are bound to find something at some point. Organizations can dedicate themselves to cybersecurity and still be caught out by a cyber criminal who stumbles across a weakness.
That’s not to say that it isn’t worth investing in cybersecurity defenses. Effective controls can thwart most incidents and prevent unnecessary damage. However, it’s essential that organizations accept that breaches will happen and prepare for that eventuality by implementing a BCMS (business continuity management system).
A BCMS helps organizations manage risks to ensure that mission-critical functions continue to operate even in the event of a major disruption. It’s essentially a form of insurance, giving organizations the comfort of knowing that even the biggest disaster won’t be devastating.
The system provides a framework for creating, updating, controlling, and deploying response strategies to a variety of incidents. This includes cyber attacks and data breaches, as well as technological failures, natural disasters, and infrastructural damage.
Those who want to learn more about business continuity and how they can implement a BCMS should consider our books, toolkits, consultancy services, and free green papers. We also offer a variety of products and services tailored to ISO 22301, the international standard that describes best practice for business continuity.