Last month, it was reported that an Iranian hactavist group, SOBH Cyber Jihad, accessed the controls of a dam in upstate New York in 2013.
This Is Serious
Cyber warfare is real and is being waged every day. It's serious. And it's not just government facilities that are being attacked.
If you are a baby-boomer, you will remember the air raid drills in grammar school, where you were told to hide under your desk in the event of a nuclear attack. Those nuclear bombs were aimed not just at military targets, but at you, your parents, your siblings and your friends. It was personal.
So it is with cyber warfare. Though we are accustomed to seeing and hearing about how our government tries to avoid civilian casualties when bombing our enemies, don't expect that consideration to be returned. If ISIS uses children as shields, the terrorists we are forced to fight have no concern about limiting civilian casualties. And as we saw in Paris and San Bernadino, "soft" targets are just as appealing (or maybe preferred) when trying to terrorize a population. I'm sure someone is dreaming of crippling our economy, one family at a time, with a cyber attack.
Getting Our Act Together
In response to the reality of cyber warfare, the Cybersecurity Information Sharing Act of 2015 (CISA) was signed into law this past month. Though many privacy advocates have criticized it, it provides the beginnings of an infrastructure to fight cyber attacks, with companies and governments being able to share information and best practices without fear of civil liability for the disclosure of personal information.
The concept behind the law is similar to the creation of Joint Terrorism Task Forces, where local police share information with the FBI, the military and others to keep tabs on potential terrorists and catch many of them before they can act. Given the successes of the JTTFs, let's hope CISA will be able to produce similar results.
In The Meantime
It will take some time for CISA to have an impact. In the meantime, the large financial institutions, utilities, and our federal, state and local governments are certainly targets, and even though their defenses have occasionally been breached, they have the resources available to help fend off future attacks or minimize damage.
But you are a soft target. You can be attacked while you hang out in a social network, open an email, or download a file. And what are your defenses? Here are a few tips to help you.
- Use a unique strong password for all your online accounts. A password manager like Lastpass or Dashlane can help tremendously with this.
- Change passwords at least twice a year and definitely after a breach. (This can be done easily with a password manager).
- Don't use your social media accounts to log into games and Apps.
- Steer clear of those quizzes that ask for permission to access your Facebook account.
- Keep personal and financial documents off of computers, tablets and smart phones.
- Freeze your credit (one of the best ways to protect your financial and personal identity).
- Use two-factor authentication on online accounts that offer it.
- Don't download any files from an email you're not familiar with. Even then, proceed with caution.
When you are in a public space, like an airport, a train station or a sports stadium, you are asked to stay alert. Do the same in cyberspace. Check you bank accounts and credit card statements. If you shop online, every so often, go through your purchase histories with the companies you shop with.
Like in the physical world, if you see something, say something. If you think there is a problem and you speak up, not only will you be protecting yourself, but you might be helping others. Like your local law enforcement officers, your bank, credit card company or online retailer will appreciate knowing about suspicious activity.
We're all in this together. Maybe if we stay alert and watch each other's backs (even the backs of the banks and credit card companies we might not have much love for) we won't be such "soft" targets after all.