Two weeks ago we saw United Airlines grind to a halt for well over an hour due to technical challenges with the booking system, so severe that at one point they were forced to issue tickets by hand. This ultimately led to many being people having travels delayed, missing flights, and having to be rescheduled. Later that same day, trading was halted on the NYSE due to a “technical glitch”. The nations pundits started screaming “We’re under Cyber Attack!”
Last week it was the Office of Personnel Management. They are a government agency that investigates people’s backgrounds for eligibility for security clearances. My personal data and literally everyone who has ever held a clearance since 2000 was compromised – most likely by China. This week it seems to be that Ashley Madison (the online dating site for people looking to cheat on their spouse) is the latest victim of an attack. An anonymous hacker conducted this one as he has an axe to grind about the company making false claims about the security of the data its customers enter.
From national entities, to private companies, and professional services to interpersonal relationships, we have become seemingly dependent on IT infrastructure. I can’t remember the last time I actually walked into a bank, and I’m fairly certain Ashley Madison has streamlined the process considerably for those too busy to search the physical world for a fellow adulterer. Hand written airline tickets? My guess is they are still trying to figure out who was really on what plane. The impacts of disabling the NYSE for even a few hours are severe. Yet, we managed to build all of these systems without that technology in place.
A “cyber attack” is a disruption to the convenience-based technology on which we have become dependent. In most cases, it is that and nothing more. We used to dispatch everything from police to ICBM’s without computer systems. Certainly it was not as efficient as it is today, but we managed to get things done. Slower and less efficient, but still functional. I am confident that the Nuclear Command Structure has the ability to work around “Cyber Attacks” and cell phone outages, as do most police and emergency services. I am equally confident that most Americans would be incapable of functioning without those conveniences for an extended period of time. (Culture of Dependence?)
Regardless of how inconvenient it becomes, the shutdown of the entire electronic system on which we survive causes zero casualties. It is the civil unrest, looting, and rioting that is generally associated with prolonged power and convenience outages that get people hurt or killed. Over longer periods, it is the inability to get food and clean water. Rest assured that FEMA and state agencies have a plan to deal with this potential as well… We need only look to Katrina to see how effective we can expect that plan to be.
I am not trying to minimize the real impact of a long-term network shut down. We would expect that there would be many casualties from the ensuing civil unrest. Corporations spend billions on cyber security. Their profit margins (the reason they exist and can provide jobs) depend on it. When we compare that to the expenditures to prevent workplace violence, physical security threats, and threats to the people they employ, those expenditures are minimal.
Strangely, in the pre-computer based economy, people were the source of mission critical functions and transactions, and pencils, paper, and smoke signals were simply commodities used to pass that information. In the automated world of today, the system operator and maintainer is the commodity, it is the ability to transfer relevant information that has become the mission critical link.
Cyber Security is the mission critical function and what we as a society place value on because of the impacts on our economic engine. When it comes to your personal safety and security, you are now and really always have been on your own. At least I haven’t seen the app that will take care of that for you. Yet…
Author – Howard Hall
Patrick received his operational training and experience from the U. S. Government, 22 years of which were spent in the Marine Corps where he served in the Reconnaissance, Infantry, and Intelligence fields. Patrick has worked as a contractor and as the Director of Operations at a private paramilitary firm specializing in training military special operations forces and providing protective services to select private clients. His education consists of an MBA from the University of Southern California (USC), and a BS from San Diego State University in Biochemistry, Cell and Molecular Biology and a minor in Psychology.
He holds an extensive list of security and training related certifications. He is an active member of Infraguard and the American Society of Industrial Security (ASIS). He has been a guest speaker at ASIS, the San Diego Industrial Security Awareness Council, The Counter Terrorism Symposium hosted by New York’s Mobile Trauma Unit, and other private organizations on physical security, travel security, and competitive intelligence collection counter-measures.