Pages

17 September 2021

Why the Next Cyber War Should be Fought by the Heartland

NICHOLAS LALLA

With Afghanistan in the news, national security is once again a subject of national debate, engaging even those of us who normally focus their attention on more domestic concerns. This is why it's the right moment to pause and inquire whether the challenges we're imagining are the actual ones we're likely to face. Ask average Americans to describe the ultimate national security nightmare scenario, and they would probably reach into their collective, Hollywood-inspired imagination to come up with a script that involves foreign foes invading our shores or any other combination of dramatic doomsday scenarios unfolding at a fast and furious pace.

But as we learned earlier this spring, the threats we face are far less cinematic in nature, involving nothing more than a few strokes of a computer keyboard. On May 7, a cybercriminal organization known as DarkSide attacked the Colonial Pipeline, which runs out of Houston and carries gas and jet fuel to several southeastern states. The hackers demanded 75 bitcoin—or $4.4 million—in ransom, and then watched as mayhem ensued. Fuel shortages kept planes grounded and rerouted at least two flights midair. Panicked drivers lined up outside gas stations in Alabama, Florida, Georgia and the Carolinas, with many turned away. In Washington, D.C., a whopping 88 percent of filling stations had no fuel to offer. As a result, fuel prices spiked to the highest rate in nearly a decade, crossing the $3-per-gallon mark.

The assault—the worst cyberattack on an infrastructure target in American history—was so impactful that even the perpetrators were caught by surprise, issuing a half-hearted apology and saying they only intended to make money, not disrupt the lives of so many innocent people. And it should leave us with three urgent conclusions to contemplate.

First of all, we should realize that our critical infrastructure is facing a clear and present danger. Just before COVID-19 sent the entire world into paralysis, the multinational conglomerate Siemens surveyed 1,726 professionals overseeing cybersecurity at utilities including gas, solar and water throughout the world. More than half reported at least one shutdown or operational data loss per year, and a quarter detailed mega-attacks involving nation-state actors. Nearly all agreed that attacks on utilities were likely to continue and rise exponentially in years to come.

Second, this alarming reality calls for immediate and robust government response. Thankfully, the Biden administration seems to be stepping up to the challenge. Recently, the president introduced the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, which calls for "a voluntary, collaborative effort between the Federal Government and the critical infrastructure community to significantly improve the cybersecurity of these critical systems."

The administration's awareness and resources are a critical component of winning this particular war, while welcome, it is far from enough. Which leads to the third urgent conclusion: As 90 percent of all critical infrastructure in America is privately owned, it is up to companies to meet the challenge with investment and ingenuity.

The Colonial Pipeline Houston Station facility in Pasadena, Texas, taken on May 10, 2021.FRANCOIS PICARD/AFP VIA GETTY IMAGES

Energy corporations in particular need to radically rethink the way they do business. Rather than see themselves as mere suppliers of one key resource—oil or electricity—these traditional companies should now help lead the effort to make our infrastructure safer. The safe delivery of the substances that fuel our economy used to be as elemental as laying down pipes or cables; the same undertaking now involves sophisticated cyber-defense capabilities.

To ensure it continues to thrive, the energy sector should seek not only to buy ready-made cybersecurity solutions, but also to help invest in industry-specific start-ups, giving our best and brightest minds the resources they need to address the particular challenges that come with defending our most vulnerable grids. And they need to work with their local universities to grow cyber and analytics talent to keep their businesses and their consumers safe from attacks.

Do that, and you may soon see the center of gravity of American technological innovation shift from Silicon Valley to cities like Tulsa, Okla., traditionally a big oil and gas town which is already busy establishing itself as a hub of energy tech and cybersecurity innovation.

In just one example, Team8, an Israeli cyber venture company, recently chose Tulsa to stand up its "Cyber Fellows" program, an effort to help University of Tulsa PhD students create cybercompanies from their research projects. This is all that homeland security should be, an enterprise based in the heartland that uses the latest tools and grows in a generation of tech talent to protect the most fundamental resources.

Interested parties everywhere, from investors to policy-makers, should pay attention. Save for all-encompassing legislation, which is unlikely, there's a limit to what federal and state governments, for all their considerable resources, can do to address a challenge of this magnitude. If we are to remain safe, it's time for a critical infrastructure moonshot moment, matching ingenuity and resources and injecting both with a sense of crackling urgency. We have no choice but to make protecting our energy grids our top priority, and no better plan than approaching this undertaking with all of our creativity and our capabilities. Our very safety depends on it.

No comments:

Post a Comment