By Brian Erickson, Vice President or Strategy and Solutions and retired U.S. Navy Captain, Vidoori
Today’s battlefield has expanded to a digital landscape, and the impact affects the general population as well as government agencies. America’s enemies now aim to access sensitive information, disrupt critical infrastructure, or stop the maneuverability of our armed forces.
As the battlefield continues to evolve, so too do the types of attacks. Phishing attacks, voice bot scams, and crypto-ransomware are examples of how the world of cyberattacks has evolved in recent years.
With these increasingly complex attacks comes new legislation to defend against them. For example, President Biden’s May Executive Order and the Defense Information Systems Agency (DISA) and Department of Defense’s (DoD) new Zero Trust cybersecurity reference architecture display the efforts to help mitigate and fight against these threats.
However, with large-scale ransomware attacks – such as the Colonial Pipeline and Solar Winds – going after our nation’s critical infrastructure and putting citizens’ lives at risk, cybercriminals have already displayed the willingness to escalate ransomware attacks to levels previously unheard of.
This new kind of ransomware attack goes after a person’s physical safety and can even take someone’s life and has been called “killware” by Alejandro Mayorkas, Secretary of the U.S. Department of Homeland Security (DHS).
The Dangers of Killware
Killware is defined by its result, not by its methods like malware and ransomware are and is intentionally designed to cause real-life harm or death by targeting the health of its victims.
In a Gartner blog titled, The Emergence of Killware, the Lethal Malware, it is predicted that by 2025, cybercriminals will have weaponized operational technology (OT) environments to intentionally and successfully kill people.
As our reliance on digital resources increases so does the likelihood of cyber-attacks. And incidents in the digital world will have a much more significant effect on the physical world as the cyber-physical world evolves with IoT, smart buildings/cities, and autonomous vehicles. According to Gartner, the predicted monetary impact of cyber-physical systems attacks will reach over $50 billion by 2023.
However, our critical infrastructure is currently most vulnerable to killware targets. Systems and service providers like hospitals, water and waste suppliers, power grids and dispatch operations that would result in physical harm or death should they be compromised in a killware attack.
This malicious cyber activity has already begun to take place. In October, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Agency, the Environmental Protection Agency, and the National Security Agency issued a joint advisory highlighting attempts to compromise the system integrity of U.S. Water and Wastewater Systems (WWS) Sector facilities. This advisory indicates a larger problem, as cyber threats continue to increase across all critical infrastructure sectors.
A Military Problem
While the term may be new, the intended outcome of killware is not new to members of the military – adversaries have been targeting defense systems for decades to disrupt communications and endanger the lives of our armed forces.
Historically, adversary tactics, techniques, and procedures (TTP) are as varied as an individual’s choice in an automobile purchase – they depend on the desired outcome. If the objective of the attack is financial gain, then the attackers will use ransomware. If the attacker simply wants to disrupt operations and cause chaos, then malware intrusions into OT systems, such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) may be chosen tactic. Stuxnet, a malicious computer worm first uncovered in 2010, is one of many examples of malicious malware designed to attack these systems.
However, as killware attacks become more prevalent, our defense agencies will have to evolve to ensure the safety and security of warfighters here and abroad. 5G, future 6G and the Internet of Things (IoT) introduce a whole new set of rules that may cause lethal results from non-kinetic actions.
The most effective way to defend against these threats is to develop and deploy a Zero Trust Architecture across the enterprise. An effective ZTA can be found in the Office of Management and Budget’s recent Federal Zero Trust draft strategy. It creates an environment of trust and, depending on the technology, can create IP cloaking that prevents adversaries from striking what they cannot see.
ZTA is a solution that can be used across all agencies and environments. Although networks may have certain unique qualities depending on the function and system, all networks are simply a combination of 1’s and 0’s that all require the same basic needs (power, space, cooling, processor) to operate. Thanks to the similarities, good cyber hygiene addressing all key securing concerns can be applied not only across agencies, but across industries, from Federal to DoD to commercial.
The current administration and legislators understand this potential, and have made it a point to prioritize cybersecurity, allocating around two billion in funding for cybersecurity in the recently passed Infrastructure Bill and releasing a series of Zero Trust guidance. The new Infrastructure Bill also includes funding for a state and local Cyber Grant Program and over $100 million for the Cyber Response and Recovery Fund.
The DoD and DISA are also taking large strides to sure up cybersecurity, creating a new Zero Trust security portfolio office, and sharing cross-agency guidance by creating a Zero Trust cybersecurity reference architecture.
What’s Next?
Looking ahead, the DoD and defense agencies must continue to combat this new threat by implementing a comprehensive ZTA, recruiting and retaining cyber talent, ensuring employees are taught and have effective cyber hygiene, and continually assessing their systems through proactive testing and integration.
Agencies must have organic staff, educated in the art of hacking and cybersecurity, that are able to routinely test networks using past and present TTPs. The key to successful network protection is to continue a defensive posture and think strategically to predict where future attacks may come from given the course of technology (6G, exascale and quantum computing, hyper-converged drone warfare).
With cyber threats ever evolving and killware being designated a concern by the DHS, the federal government should leverage lessons learned from the DoD to get ahead of our adversaries. Continuing to make cybersecurity a legislative priority and taking a forward-looking approach to defensive and offensive tactics is critical in protecting critical infrastructure from lethal attacks.
About the Author
Brian Erickson is Vidoori’s Vice President for Strategy and Solutions.
In this role, he oversees the company’s west coast operations and brand expansion. Prior to Vidoori, Brian served 26 years as a Senior Naval Officer (Captain/O6) in the aviation and information warfare communities.
Brian earned a Bachelor of Arts degree in Economics from San Diego State University. He also earned a Master of Science degree in Information Technology from the Naval Postgraduate School. Additionally, he holds numerous professional certifications in business and cybersecurity.