We are All Cyberwarriors Now
As ransomware attacks ripple into real life with panic gasoline buying across the Eastern United States, Western society finds itself in a cyberwar. The attacks are coming from multiple armies of cybercriminals operating in non-democratic autocracies. It seems like it is time for all of us to wonder who should be the cyberwarriors in this new war.
It is Growing, Like a Virus
Now, with Ransomware as a Service proliferating as a criminal business model, the number of less-technical criminals getting into the cyberwar is growing exponentially. This lets more cybercriminals ruin lives while thinking, “Why not? If these Americans are stupid enough to fall for my tricks, then they deserve it.”
This is happening because two cultures are colliding, where one is cheap and practical, and the other is cunning with a different kind of morality. The Internet is the communication link that has brought us together, and it is the Internet’s openness that now endangers global enterprise.
Light the Fires of War, Cyberwarriors
This “in real life” moment is the clarion call for governments and businesses to address the cybersecurity of all information technology (IT) and operational technology (OT) systems.
The stakes could not be higher. While the world struggles with the pandemic and is more dependent than ever on digital technologies, it is up to business and government leaders to act decisively in the face of cyberwar attacks.
America Needs To Shape Up
America is vulnerable to cyberwar because of the history of computing, IT, OT, and automation. In almost every case, large organizations have added cybersecurity as a parallel or superior part of the business org chart. IT applications and OT controllers had no serious consideration for cybersecurity until the mid-2010s. As cybersecurity became a priority in the 2010s, it functioned outside of the day-to-day lives of most IT and OT workers. And, when the cybersecurity rules came down from “on high,” budgeting didn’t follow the orders and workers slid into noncompliance.
That old way of compartmentalizing cybersecurity needs to go, and fast. Business and government leaders must enlist workers and the public to all become cyberwarriors. As cyberwarriors, everyone must learn defensive tactics. Developers and admins who customize and modify systems must have a higher “rank” or competency as cyberwarriors.
Time for Zero Trust Publicity
The sweeping Biden Administration executive order on cybersecurity suggests using Zero Trust Architecture, as published by NIST in August 2020. This will help organizations to properly distribute security concerns in an IT environment. Work is needed to publicize the Zero Trust initiative and to educate IT and OT workers in cybersecurity defensive tactics.
Put Security Into The Center of Devops
Resolving security issues early on is hundreds more efficient than dealing with a security flaw in production. The popular “shift left” concept describes, “Test early and often.” This means giving developers the tooling, scanners, and processes needed to automate the process of managing cybersecurity flaws before they become issues.
Developer Overload Danger
Putting too many cybersecurity concerns into the lap of developers creates overload. Cybersecurity concerns must be incorporated directly into the developer infrastructure. The devops tools sector of the software development industry must live up to its new strategic role in cybersecurity. That is why devops needs to adopt a DevSecOps mindset, sooner rather than later. Before it’s too late.
Time to Arm Up
Computer network operators of every size must realize you are now a combatant in a cyberwar. If you have monetary assets, you are a target. IT and OT leaders must motivate their workforce to put up cyber defenses, and know how to act when fired upon. The software development industry must reset how to incorporate cybersecurity functions into their platforms. While at the same time ensuring that the tooling is delivered malware-free.
Loose Lips Sink Ships, Cyberwarriors
This attack against America must create a new level of concern. Effective education campaigns should incorporate wartime slogans and imagery. Defensive tactics should a modern version of the “Loose Lips Sink Ships” campaign from World War II.
The recent Colonial Pipeline incident and the Biden Administration’s executive order bring the deadly nature of the cyberwar into focus. The executive order is the first step in what must amount to a mobilization of the American workforce. For the United States to lead the cyberwar effectively, the government must partner with businesses to enlist every American worker as a cyberwarrior.