A virulent strain of malware attacked critical infrastructures throughout Europe today. Croatia has been hardest hit so far, reminding many of the Christmastime episode two years ago when the country’s electric power grid in the Ukraine went black due to cyber attack.
Today’s attack seems to employ a kind of malware called ransomware. Ransomware has been around a long time, but it was recently brought to popular attention thanks to an attack earlier this year called Wannacrypt. That attack encrypted the data of unsuspecting victims and demanded that they pay a ransom to regain access to it. The worrisome thing about today’s attack is that it seeks to compromise not individuals’ data, which may or may not have value beyond that particular person. Instead, it goes after systems on which an entire society depends: the power grid, logistics and shopping, and financial networks. That raises the stakes and broadens the impact to an entirely different, more dangerous level.
Redundancy our best defense in protecting against such kinds of attacks. Critical infrastructure networks need to be designed to provide multiple pathways for operating data to flow. So, if one particular pathway gets compromised because of a ransomware attack or some other malware, data can be routed and continue flowing through the parallel channels. No doubt, this is expensive. But the alternative – a wide-scale, long-lasting outage – is likely far more expensive.
I also wonder whether we are seeing a pattern emerge. Are attacks first load-tested on individuals and then expanded to cover broader and more critical networks? If that is the strategy of cyber attackers, it makes perfect sense, in the same way that honing a weapons system at a smaller scale readies it for its ultimate purpose. During these test phases – if that is, indeed, what they are – we need to be vigilant in thoroughly analyzing how the weapon affects individual networks and extrapolate the results to determine what possible pathways that attack might follow to compromise a critical network.
Attackers’ reconnaissance efforts – figuring out what works and what scales – may provide a vital opportunity for those who defend systems to learn lessons that could help avoid more serious repercussions. And, when that fails, we have to be able to rely on thoroughly redundant systems to keep the data flowing.