A recent article in Information Age, titled
“As the digital and physical worlds collide it’s time for a security refresh,” offers cybersecurity readiness advice from Mike East, CrowdStrike’s vice president for EMEA. The article, written by Nick Ismail, argues that as cyber threats continue to evolve, organizations must have the people, training and technology to respond in kind. Although many may assert that the digital world is replacing the physical, the article explains that a more realistic perspective is that the two worlds are coming together, creating challenges for which many organizations simply aren’t prepared. In the case of cybercrime, the article states that it isn’t displacing physical acts of crime — they are occurring in concert. Criminals who might once have used explosives to cripple critical infrastructure,
such as transportation, power grids or water systems, for example, may be able to achieve their goals remotely by attacking the computers that operate those systems — incurring less risk in the process. To support this premise, the article cites two recent events: an attack on the Ukrainian power grid, and the Iranian hack of a New York dam. The power grid attack successfully compromised the information systems of three Ukrainian energy distribution companies, temporarily disrupting power for a significant number of consumers. In the New York attack, hackers were able to break into the command and control system of the Bowman Avenue Dam in Westchester County in 2013 via a cellular modem. This gave them control that could have allowed them to release millions of gallons of water behind the dam. However, the dam sluice gates had been manually disconnected for maintenance just as the hackers gained entry, so their plans were thwarted. In each of these cases, however, the entry gained via digital means enabled potentially destructive physical actions. In light of these frightening scenarios, East suggests several steps organizations can take to help them be better prepared to prevent cyberattacks:
- Gain visibility into the threats you face:
- Know your adversary:
- Understand what’s being exploited: