May 30, 2020

May 29, 2020

Subscribe to Latest Legal News and Analysis

May 28, 2020

Subscribe to Latest Legal News and Analysis

May 27, 2020

Subscribe to Latest Legal News and Analysis

Privacy Tip #221 – How Do We Personally Prepare for a Cyber-Attack on Critical Infrastructure?

Pretty much the only time I don’t feel like I am Chicken Little predicting a massive cyber-attack is when I am with my colleagues at the FBI, Secret Service, NSA and my students in the Brown Executive Masters of Cybersecurity who are members of the military. They don’t respond to my thoughts and fears of cyber-attacks with a cocked head or raised eyebrow like everyone else in my life.

I am concerned that at some point in the future, we will experience a massive cyber-attack that may affect critical infrastructure that we depend on every day. It will not be total and complete. There won’t be a large loss of lives. It will not affect us for a long period of time. But when it happens, it will be effective in disrupting our lives and causing chaos like we have never before experienced. It will be chaotic because we are completely dependent on technology. If our technology is disrupted, our lives will be in massive disorder.

This scenario became more real this week with the increased tensions between the United States and Iran. Iran has had sophisticated cyber capabilities for years and has been behind many cyber-attacks around the world. Sanctions have not had an impact on the effectiveness of Iranian-backed hackers, much the same as those imposed on North Korea.

I am not Chicken Little. The Department of Homeland Security warned this week of the heightened risk of Iranian-backed cyber-attacks on critical infrastructure in the United States. The New York Department of Financial Services (DFS) warned banks of the increased risk of an Iranian backed cyber-attack on the financial services industry. This also could mean  power, electricity, water, financial services, hospitals, chemical plants, schools, manufacturing facilities—you name it. How do we personally prepare for an attack that may affect those systems and services?

Preparing for a cyber-attack on critical infrastructure is much the same as preparing for a natural disaster in the face of Mother Nature. Think about what you would need if you were not able to have access to electricity or water, or not able to pay for things through your credit card or debit card or even get access to your online bank account. What would you need if cell service were not available? I often think of what I would have needed following Hurricane Katrina. But in a cyber-attack, you can’t get in your car and drive to another city or state to avoid the disaster.

Some things to consider in this time of increased threat from Iran and the warning from DHS and DFS would be to have on hand extra water, cash, non-perishable food, candles, a generator, prescription medication, a flashlight and other basic daily necessities that will help get you through a week or two of disruption. Just picture not having access to your online bank account, or the ability to use your credit or debit card or your cell phone. What do you need if the electricity is out? How would you survive “Naked and Afraid?”

Heed the warnings from DHS and DFS – examine your daily routine to determine what you would need and prepare now. That way, whether it is a cyber-attack from Iran, or a threat from Mother Nature, you will be prepared.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353