Header_Ad

Sunday, January 16, 2022

Are You Cyber Resilient?

 

Ukraine hit by cyberattack, Russia moves more troops after talks hit ‘dead end’
The developments came after no breakthrough was reached at meetings between Russia and Western states, which fear Moscow could launch a new military attack on its neighbor.

There is a lot of talk about an upcoming war with China and Russia in the future. There is speculation that, unlike any previous war, this upcoming conflict will be preceded by cyber-warfare, designed to cripple the vast swathes of our country’s information systems before we see missiles and bombs raining on the ground.

Since everything in modern society, including our national infrastructure (e.g. water, electricity, fuel and communications), is controlled and administered through information systems, any crippling of the latter will have a dire consequences for civilization as we know it.

Remember the infamous Colonial Pipeline ransomware attack that caused extensive fuel shortages in the southeastern United States? That was not even a full-blown cyber-attack. It was just a greedy criminal. Imagine what can happen in a full-blown cyber-war!

So, how do you prepare for cyber-warfare?

First, assume that basic services like water, electricity and fuel will be affected. Supply chains will be disrupted, resulting in empty shelves in supermarkets and drug stores, along with empty gas tanks. Other writers at Peak Prosperity address how to be resilient in this area and so I will not delve further into it. But in this article, I will talk about resilience in the cyber-realm.

Have we taken Internet availability for granted?

When you turn on your tap, you expect water will always flow out. When you flip a switch, you expect the light bulb will always shine. When you press start on your microwave oven, you expect it will always warm your food.

Likewise, we take Internet availability for granted. We assume our smartphone is always connected. For many of us, the first thing we do when we wake up in the morning is to check our phones for notifications. When we turn on our computer, the first application that we launch likely connects to the Internet.

What if the Internet is not available?

As part of your resilience planning, you must assume that in the event of a major war, the Internet will not be available for an extended period time. I am not talking about annoying outages that ruin your mood for the day. I am talking about extended outages that can last for days, weeks and possibly months.

When the Big Tech servers go down

Unavailability of the Internet is one possible scenario. Another is the denial of service of important Big Tech infrastructure.

In a major war, state-sponsored cyber-attacks may put important infrastructure servers out of action. Although the Internet was originally designed to be robust in the event of a nuclear war, today’s Internet is dominated by servers from a small number big companies. In other words, the major tech companies represent a small target that impacts

To give you a taste of what can happen, consider the outcome of a recent power failure in a single data centre. Just a few weeks ago, Amazon Web Service went down hard. As a result, it had a knock-on effect on these services: Slack, Asana, Hulu and the Epic Games Store.

Can you imagine a concerted state-sponsored cyber-attack that brings down multiple critical data centres simultaneously? You can bet the “Internet” and the connected services that the vast majority of the population rely on will grind to a halt.

Monoculture of server software

In agriculture, monoculture is a bad practice. A virus can sweep through and devastate the vast majority of farmland, endangering food security.

In the same way, software monoculture is also a bad idea. A bug in critical servers running the same software all over the Internet can be exploited by an adversary to bring most of the Internet to its knees.

The recent Log4J cybersecurity bug is an example of software monoculture. Log4J is the software used to record all manner of activities that go on under the hood in a wide range of computer systems in millions of computers. It records events – errors and routine system operations – and communicates diagnostic messages about them to system administrators and users.

A malicious state-sponsored adversary could have released a computer worm to exploit the bug in Apache Log4J. A computer worm is a self-replicating malicious software that can spread on its own from computer to computer, server to server. A worm exploiting Log4J could have been weaponized to bring the “Internet” down. Fortunately, it didn’t happen.

But in a cyberwar, you can bet it will happen. Make no mistake, Log4J is not the only software monoculture.

What can go wrong and what can you do about it?

Cashless payments

We are largely living in a cashless society today and it requires payment terminals to work. What if the Internet goes down? Without it, we can rule out using fintech like PayPal, Cash app, Internet bank transfers, and so on.

Therefore, keep some cold hard physical cash. It will be the only payment method that will work. You may also want to keep some physical silver and gold coins, just in case.

Cryptocurrency

If payment terminals stop working and we run out of physical cash, can we then rely on cryptocurrencies to function as money?

Without the Internet, that’s a hard no.

Documents in the cloud

What about the documents that you store on the cloud? If there’s no Internet, will they all disappear?

If you use cloud storage services like iCloud, OneDrive and Google Drive, only some of your documents are cached locally on your device by default. They are only downloaded on the fly when needed to save storage space on your device or computer. While that is convenient, it also means that whenever there is an Internet outage, you will not have access to your documents. Most cloud storage services have a switch somewhere to make your documents available “offline”. Find and turn that switch on.

As an example of resilience planning, let’s take Box as a case study. They provide Box Drive and Box Sync to allow you convenient access to your documents from your computer. The former caches some of your files in your computer. The latter syncs every document from Box cloud storage to a folder in your computer. Although the latter is deprecated by Box, I will still choose to use it because it helps me to be more resilient. Should the Internet go down, I still have a copy of every document on my computer.

Memories

I know of many people who keep their memories on Facebook. They have tons of photos and videos stored there. What if Facebook goes down or becomes inaccessible for a long time? That is a lot of sweet memories gone!

Therefore, download a copy of all your Facebook data and carefully organise and sort all your memories on your computer (and back them up too). Also, make sure that from now on, you have a copy of it offline before uploading to Facebook.

Entertainment

If you rely on streaming media to listen to music and watch movies, how will you enjoy entertainment without the Internet?

Most streaming media services like Spotify, Netflix, and Apple Music allow you to download your media to listen or watch offline. The tricky part is to move your downloaded media to an external storage or network-attached storage (NAS) and stream from there in the event of an Internet outage. This will require planning and tinkering on your part.

Electronic books and magazines

Ebook services like Apple Books and Amazon Kindle allow you to download your books to a device for offline reading. For some other services like Apple News, you may not have such an option for electronic magazines.

Connection with people

If you rely on Facebook, WhatsApp and Zoom to communicate and connect with people, how are you going to do so if the Internet goes down?

Here are some non-Internet alternatives:

  • Two-way radios – Perhaps it is a good idea to invest in walkie-talkies and long-range ham radios?
  • Mesh network chat apps – Several apps allow you to communicate “off-the-grid”. Some of these apps allow multiple users to connect in a mesh and “piggy-back” on each other’s communication traffic beyond what is physically possible with a smartphone’s radio. Take a look at this link for ideas.
  • BearTooth – This is an interesting product. It is a device that works with your smartphone to communicate off grid via text and voice messages. You can also share maps with other users. Multiple BearTooth users can connect to form a network.
  • Satellite phones – This is the most expensive option. But it will work without cell coverage. On second thought, maybe not. State-sponsored adversaries already have the means to shoot down or disable communication satellites.

Does your app work without the Internet?

Some apps require an Internet connection to work.

A great example is Grammarly. It does not check the grammar on your device. Your text is sent to the cloud to be reviewed before the results are returned to your device. If the Internet goes down, Grammarly will not work.

Notion.so as another example. It is a wonderful product. But you need an Internet connection to access your documents. That will be problematic in terms of resilience.

To be cyber-resilient, you need to audit your software and apps and find out whether they will still work without an Internet connection. It is quite easy to find out whether this is the case. Just turn on airplane mode and see if they still work. You may want to turn on airplane mode for the entire day to simulate an Internet outage and see how far you can go without an Internet connection. Very soon you will have a list of important apps and software that is dependent on the Internet to work. The next step is to come up with a Plan B.

Important links and information on websites

Over time, you will have accumulated links and web-browser bookmarks to important informational websites, news articles, documents, and so on.

If the Internet goes down for an extended period or a massive cyberattack wipes out those websites permanently, get in the habit of saving downloaded documents and printing the content of web pages into PDF documents. Then systematically organize them into folders. Your computer’s operating system will have the functionality of indexing the contents of all these documents to allow you to search later on.

Emails

Most of us have our emails stored in the cloud. Over the years, you will have accumulated at least tens of thousands of emails, maybe even hundreds of thousands. Nowadays, emails are not just a record of your correspondence. For most people, it has become an important filing cabinet containing bills, notices, contracts, important information and so on. Email has become an archival store of your life.

What if you lose access to your filing cabinet?

Most email apps only keep a cache of some of your messages. The rest will only be retrieved from the cloud when needed. So, what can you do to ensure that all of your emails are available offline in the event of an extended outage of the Internet?

If you are on the Windows platform, I recommend a free software called MailStore Home. It can download every copy of your emails into your computer in the form of a searchable database.

If you are on the Mac platform, Apple’s default Mail app can do the job. It downloads your entire email history into your Mac.

Finally

As our lives continue to grow more entwined with the Internet, we need to seriously consider how cyber-resilient we are should the Internet go down for a long time. Although it has happened temporarily (e.g. in natural disaster situations), we have yet to experience a long outage. If we are ever at war with any of the cyberwarfare-capable states like Russia, China, Iran, North Korea you should expect long Internet outages.

Cyber-resilience is something that requires a personal audit, planning and time to implement. I hope this article will give you some food for thought.

This article was written for Peak Prosperity by Terence Kam, founder and cybersecurity consultant at iSecurityGuru.com. You can follow his company on LinkedInOr subscribe to his writings on Medium, where he writes on a wider variety of topics.

The post Are You Cyber Resilient? appeared first on Peak Prosperity.



from Peak Prosperity https://ift.tt/3Kamb1I