During this time of pandemic, uncertainty, and vulnerability it is essential that we take every precaution to protect ourselves. This comes with many rules that are not at all convenient. Washing and disinfecting our hands incessantly is needed. Social distancing is another directive society is following to ensure safety. Across Pennsylvania, Governor Wolf has directed all residents to stay in their homes unless carrying out essential work or life sustaining tasks. It can be said that convenience is the virus’s best friend. However, there are threats that can derail our efforts beyond hygiene.
On February 9th, Forbes reported that the country of Iran sustained a nationwide cyberattack on its internet infrastructure. The NetBlocks Internet Observatory, which maps internet freedom, reported extensive internet disruption. NetBlocks also reported that another disruption was confirmed on March 3, 2020. Forbes reported that the nature of the February attack was a Distributed Denial of Service Attack (DDOS). There are two reasons this attack was so dangerous. The first reason is that Iran is in a battle against coronavirus. When their infrastructure is compromised, the free flow of information stops. The infrastructure is critical. Without it, people will die. The second reason is the history that Iran has with cyberattacks. In 2010, Iran was hit with a virus that damaged its uranium enrichment capabilities. The name of the virus was Stuxnet. This attack is widely considered the first cyberattack that effected a physical machine, otherwise known as ground zero. Politically, at that time, there was stress between Iran, the US and Israel over Iran’s nuclear capabilities. This attack set Iran’s capabilities back years. Whether the US and Israel were behind this attack is irrelevant. The attack exacerbated an already stressful situation. Any ensuing attacks, such as the ones in February and March, serve to destabilize the world even further.
It can be argued that this attack is Iran’s problem. As Americans, we could say that Iran is our enemy and what is bad for them is good for us. I would argue that this view is shortsighted and dangerous. If the entire country of Iran can be affected by a cyberattack, our county, state and country could be at risk. Just as the case of Iran, we are amid a battle where information is crucial. If an attack stops the flow of information, the consequences could be devastating.
Our citizens cyber habits are the very thing that would make it possible.
The way Iran’s network was taken down was through a DDOS. This attack sends millions of requests to a network, overwhelming it and denying service to legitimate users. The only way an attack like this can be successful is for those requests to come from hundreds, if not thousands of computers. One of those computers could easily be yours. There are multiple ways a bad actor can get software onto an unsuspecting personal computer without the owner’s knowledge. Just as in the case of the coronavirus, protection from vulnerability is easy, yet inconvenient.
The first defense is a solid password policy. Passwords can be unruly and inconvenient. Being forced to come up with complex passwords with many requirements seems like overkill. As an Information Technology professional, I assure you that it is not. There are ways to manage passwords and make this part of your cyber life easier. Using a password manager and allowing a program to generate a random password for you can help immensely.
The second defense is to understand what phishing is and how to combat it. Phishing attacks are generally emails prompting a user to click on an embedded link. When clicked the software used to attack others is downloaded onto the user’s computer. The user has no idea it is there until the person that controls the program remotely activates it. At the same time, this attacker activates thousands of other machines that have also been affected. Through this method, our networks can be taken down and information stopped.
There are talented cybersecurity professionals guarding our networks and the information stored within them. Our job is to do the inconvenient tasks, so we do not make their jobs harder. Education is extremely important. Read, watch videos and learn all you can about proper computer and network security. Another way to get your cyber ‘house in order’ is to ask for help from a cyber coach. A cyber coach can help you set up proper password policies and educate you on best practices to keep you, and our country, safe.
Eric Robuck is an Information Technology professional and the CEO of The Valander Group.