As society becomes more reliant on digitally integrated systems, the threat posed by cyberattacks continues to grow. In the United States alone, a variety of high-profile cyberattacks have occurred within the past several years, including numerous incidents of data theft, bot attacks, denial of service attacks, distributed denial of service attacks, malware infections, ransomware, and other malicious cyber activity targeting public and private entities. While attacks have resulted in security breaches and the loss of sensitive data, their potential to affect critical infrastructure and key resources (CIKRs) poses an arguably non-digital, large-scale threat.
Efforts to plan and prepare for cyberattacks mainly emphasize cybersecurity and the digital realm, and the majority do not focus on the potential impacts on communities if and when cyberattacks occur, especially as they relate to the disruption or destruction of CIKRs, or the systems that operate them. As a community of professionals, emergency managers need to develop new scenarios that consider the cascading impacts of cyberattacks, especially in the context of increasingly digitally interconnected CIKRs. These impacts could include a loss of warning time, intensified consequences, and greater damage to dependent systems that go beyond scenarios developed for natural disasters.
Scenarios depicting increasing interconnectedness
Computer networks have become critical for governing CIKRs. As outlined in the White House’s 2009 Cyberspace Policy Review, large segments of the nation’s infrastructure now rely on the Internet and other digital control mechanisms. Even if an attack were to focus on a single system, cascading failures could result in secondary consequences. For example, impacts from disruptions to thepower grid quickly move beyond the grid itself. These impacts could range from casualties due to a shutdown of cooling systems during a heat wave, to accidents from a failure of traffic control networks, to patient vulnerability due to power loss at healthcare facilities.
All of these examples present issues that emergency managers would need to address. Efforts in the field of critical infrastructure interdependency modelling have suggested similar potential impacts. Regardless, there has been little focus on combining modelling for a potential attack and modelling of the consequences.
The potential consequences from failing or targeted CIKRs are not simply conjecture. For example, while the Northeastern US and Canadian blackout of 2003 was unintentional, the effects mirror potential impacts resulting from a cyberattack on the energy grid. In this case, the blackout resulted in multiple fatalities, a breakdown of transportation and utility infrastructure, and the failure of communications networks, which affected millions.
Examples of cyberattacks pervade the international community as well. In December 2015, the electrical grid of much of Western Ukraine went dark, affecting roughly 27 power stations and over 225,000 Ukrainian customers. Attackers used malicious commands hidden in Microsoft Office files to shut down service, while blocking communication between operators and substations. System records and backup logs were also deleted using a form of the “KillDisk” virus.
Despite the potential damage cyberattacks can cause, they are often given inadequate attention in emergency planning in favor of more tangible, “known” threats. While hazards such as severe weather or terrorism provide multiple historical examples to learn from, cyberattacks are a relatively new development which emerged with the advent of the Internet. However, this does not excuse emergency planners from giving cyberattacks consideration. Developing an approach to cyberattacks is imperative if planners want to fully consider the impact of attacks throughout the planning process.
A failure to recognize potential outcomes from cyber-driven disasters could be as devastating–if not more so–as natural hazards.
Predictive modelling
One possible approach to planning for cyber threats is developing consequence modelling. By simulating the impacts of a cyberattack, emergency management professionals may be better able to build effective preparation and response mechanisms. Models already exist for other hazards, such as predicting the spread of a contagious illness or simulating the release and dispersion of a hazardous substance.
Applying this approach to cyberattacks could provide critical insight into how to prepare and respond. While attempts at modelling the consequences of cyberattacks have occurred, they have been mostly limited to single, private systems, such as one company’s computer network, and have not considered how failures can result in secondary consequences or even secondary disasters (e.g. the failure of a dam resulting in a flood). The interconnectedness of CIKRs necessitates an understanding of these societal-level implications of cyberattacks in order to improve our readiness and planning efforts.
Research into the interconnectedness of our CIKRs, and the potential for cascading impacts from one system to another, known as critical infrastructure interdependency modelling, has included modeling approaches such as effects-based models, agent based models, models developed to engage game theory, and input-output models. If models used to understand the interconnectedness of CIKRs could be leveraged to model specific failures that match the characteristics of cyberattacks, further information could be garnered when considering potential risks and consequences, and these characteristics could directly impact emergency management planning and response efforts.
For example, a predictive model for a specific jurisdiction can be used tomodel the interconnectedness of CIKRs, and if a cyber attack were introduced, identify and predict points of failure and consequences. In turn, these models will enable development of practical actions and adjustments in planning efforts in all phases of the emergency management cycle.
An integrated approach
Exploring and developing connections between cybersecurity and emergency management could yield major benefits for both fields, and for society as a whole. Addressing issues of cybersecurity will promote a better understanding of the full threat profile that society faces, and encourage planning that takes cyberattacks into account. One potential avenue for this kind of integration is through the incorporation of methods like consequence modelling into emergency planning products already in use, such as risk assessments or Threat Hazard Identification and Risk Assessments (THIRA). Consequence modelling for cyberattacks can provide an avenue to better understand cyber-related risks. With these models, emergency managers can build and maintain the necessary capabilities to address cyber risk and vulnerabilities, specifically those related to CIKR.
Michael Goldsbury is an Emergency Management Associate at IEM, a global security consulting firm specializing in homeland security, emergency management, defense and information technology. His consulting background includes hazardous materials planning, local and state government emergency plan development and biological incident response planning. He has a Master’s in Public Administration and Emergency Management. He reached at [email protected].
Lee Zelewicz is also an Emergency Management Associate at IEM. His background includes experience in public affairs and a variety of emergency management topics, including regional-level operational program management, risk assessment and assessment of evacuation behaviors. He has a Master’s in Sociocultural Anthropology and completed additional graduate research at the Disaster Research Center at the University of Delaware. He can be reached at [email protected].
