The term "cyberwar" is being bandied about more and more. While some appears to be just more hyperbole, FUD and clickbait, there's something going on; capabilities are catching up with intent - and not just by nation-states. The commoditization of attack tools has made it possible for anyone with a grudge to conduct denial of service, locate and track targeted individuals, and suppress the free flow of information.
Yes, the Russians penetrated a dam, a water utility in Illinois was compromised, and the energy sector is known to have other countries extant within computing systems since 2011. That's bad enough, but now activists are using GPS to track women entering Planned Parenthood, 60% of domestic violence victims have spyware on their phones and are being tracked by their abusers, and anti-government fanatics are waking up to the fact that they can buy their way into capabilities that were once reserved for technical experts.
This does not bode well for the operators of critical infrastructure at the local scale - traffic management, communication systems for law enforcement and public safety, water and waste treatment, dam operations - the list goes on. While ransomware is an annoyance, it's not personal. Intentional disruption is, and I believe that as we are watching for signs of North Korea and ISIS activity, we need to be vigilant on the domestic front as well. Our infrastructure, our freedom of speech, and the fidelity of our election systems are all being threatened.
Some news references that support the assertion:
- Clueless kiddies using exploit kits are behind ransomware surge
- Right wing cyber attacks on Healthcare.gov website confirmed
- How to Hack an Election
At Critical Informatics we have initiated threat research as a division of SOC operations. We'll keep the radar up, and will monitor and communicate on events and trends that may impact our collective ability to provide life-safety, life-sustaining, and quality of life services.