Three things I’m reading this week:
Defending the Power Grid: For years, the prospect of an attack on the power grid has been one of the greatest boogeymen of cybersecurity. We have debated the threat, prepared for it, and obsessed about how exposed we are. The threat transitioned from theoretical to real in 2015, when an attack took down parts of the Ukrainian power grid, and was punctuated in 2016 when Russian hackers blacked out part of Kiev.
But for all the dangers that intrusions into the US power grid could pose, the problem that has dogged this debate is that we often pay little attention to why an enemy would target the power grid, and are instead fascinated with the risk that they could. But like any other threat – cyber-enabled or otherwise – it will only become real if someone with the power to do it sees value in it.
Rob Knake’s new piece analyzing the threats facing the US electric grid is a useful read for many reasons, but its most valuable contribution is that it doesn’t just consider the threat. It also identifies factors and scenarios that could make the threat real. The most common scenario has always been in coordination with a kinetic strike on our shores, but Knake assesses three other goals: discrediting a US administration; distracting US attention from overseas operations; and retaliating for US actions. Each of these is much more likely – in the short term – than any coordinated military operation targeting the United States, and so an extremely important threat for us to evaluate and understand.
If we’re going to protect ourselves against the expanding danger posed by cyber-enabled operations targeting our critical infrastructure, this is exactly the sort of analysis that we need more of.
I'm reading: "A Cyberattack on the U.S. Power Grid."
Long, Long Ago Through a Backdoor Far, Far Away: Today, it seems like every intrusion is new and more sophisticated than the last. But the most sophisticated organizations can trace their tools and techniques back decades. A recent investigation by a group of academics and cybersecurity experts shows how far back these roots can go. The researchers have suggested a link between the modern Turla intrusion set (a modern-day team of Russian hackers) and Moonlight Maze (a team of Russian Hackers from the late nineties).
Cybersecurity doesn’t have all that much history yet, but for what we’ve seen so far, this is almost as far back as it goes. A fascinating read to understand where we’ve come, and perhaps get a better sense of where we might be going.
I'm reading: "Russian Hackers Have Used the Same Backdoor for Two Decades."
- Linking Privacy and Cybersecurity: It’s hard to find two more different approaches to privacy than juxtaposing the recent vote by the US Congress to let American broadband providers sell sensitive data about their users with the European Union’s General Data Protection Regulation (GDPR). A sharp piece by Chris Finan from earlier this week highlights not just this contrast, but the substantial implications both regimes – and the potential conflicts between them – have for security.
The US bill enables ISPs to monetize user data, thus encouraging them to store and trade in more and more sensitive information. This, in turn, creates greater stores of such data online, which creates more tempting targets for theft and misuse. By increasing supply, it increases demand.
It’s harder to tell the impact that the GDPR will have on security. It imposes substantial burdens on companies around the world to control the way they handle and exchange sensitive data about EU citizens. The liability for failure is significant, and the complexity of the task set to these companies is significant. But depending on how these requirements are implemented and enforced, they could drive smart security choices or poor ones.
Regardless, what is clear is that the two approaches seem almost completely at odds. How companies will navigate these two conflicting demands remains to be seen, but it’s likely to create more complexity in their compliance and security processes. And complexity is what intruders thrive on.
I'm reading: "The privacy tsunami rolling across the Atlantic."