Recently I was asked to give a presentation to a large defense contractor working on the issues surrounding cyber warfare. After my presentation, we had a roundtable discussion and the talk quickly focused on the topic of cyber countermeasures to protect supply chain systems. This is one of the areas that deserve a lot more attention than it has been given to date.
A cyber countermeasure is defined as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber attack against a computer, server, network or associated device. To put this into context it is a potential threat or actual aggressive action or event that is malicious in nature and one that can compromise the integrity of digital assets of an organization.
We typically think of cyber countermeasures as firewalls, anti-virus, anti-spyware, anti-malware, anti-adware and so forth. Advances and some recent cyber attacks require a more aggressive posture when it comes to cyber countermeasures. In the last several months a new and much more malicious style of attack has emerged. This style attack does not steal or delete data nor does it compromise or disrupt computer or network operations. Its mission is much more sinister.
The attack modality changes data stored on, processed by a system or communicated via a network. Consider this -- what if instead of stealing passwords, they change them? The disruption on high volume transaction systems operations when the users cannot get on would be substantial. That being said, this attack modality can have much more significant implications.
Consider an attack against a Supply-Chain Management (SCM) system. When you look at supply chain system their function is core to operations at the majority of organizations in the public and private sector. When we ran this through our Scenario-Based Intelligence Analysis discovery process we identified the following major impacts (partial list).
Top Three Military Impacts:
- Operational disruption due to inventory outages
- Mission delays due to perceived shortages of critical inventory items
- Substitution of an approved vendor with a covertly hostile supplier of compromised products
Top Three Business Impacts:
- Overstating or understating inventory values on the balance sheet
- Increased out-of-stock conditions thus impacting customer service and loyalty
- Expending cash on inventory that is already in an overstock condition
The supply-chain example is not the most damaging. How about an attack on a hospital system that changes medication dosage levels? That could actually kill people. When you start to really think about this style cyber assault, you want to ask the question -- what would we do if we could not rely on the information on computer screens?
The military as well as the public and private sectors are increasingly dependent on electronic systems. At the same time, the vulnerability of these systems to attack from malicious individuals or groups is growing. We have to conclude that companies should consider increasing security and monitoring of SCM systems to ensure the integrity of the information we rely on.
The United States is the most computerized country in the world. That is what makes cyber warfare and cyber terrorism so concerning. When you add the fact that most of our security professionals' egos make them believe their systems can't be compromised because they are better and know more than everyone else and that seems to be pervasive in that discipline, the risk becomes extreme.