In this edition of Voices of the Industry, Mark Houpt, Chief Information Security Officer at DataBank, discusses cybersecurity in the context of the war in Eastern Europe. He highlights changing dynamics that could potentially increase risk to U.S.-based companies while also offering assurances in the soundness of data security frameworks in general. He also recommends a number of best practices any data center operator should consider to improve its cybersecurity posture.
Due to the constantly changing dynamics, this article reflects conditions in Eastern Europe as of the date of publication. These events could abruptly change and lead to new cybersecurity implications.
Unfortunately, we’re seeing this play out now with the events unfolding in Eastern Europe. Tension has been building in this region for quite some time, so the conflict is not a complete surprise. Yet, a dynamic fast-moving scenario like this leads to real questions related to cybersecurity:
- Is this what we expected?
- Will there be new developments and surprises?
- What implications does this have for data center operators and their customers?
- What can we all do right now to maximize our cybersecurity posture?
- What level of confidence can we have in our current cybersecurity position?
They’re all valid concerns. To address them, it may help to first take a step back to understand how we arrived here, and then, revisit cybersecurity best practices to improve your defenses for 2022—and beyond.
Social Media’s Impact
Technology constantly shapes the way we monitor and perceive wars and conflicts such as what we’re now seeing. For example, more than 30 years ago, Operation Desert Storm was regarded as the first war fought on live TV, with satellite communications providing accurate images, footage, and updates on a daily basis.
Similarly, the current Eastern European conflict could be considered the first war to be fought on social media. People are using social media platforms to share videos, distribute information, generate sympathy and support, and influence results. In many ways it’s succeeding, but it also may have unintentional cybersecurity results on a global level.
In this case, the public outcry—as voiced in millions of posts, comments, likes, and shares—has been heard by nonaligned entities and conglomerates of hackers sympathetic to Ukraine. In response, many are launching cyberattacks against the aggressor, which, in turn, has led to a temporary decrease in attacks against American companies and infrastructure.
For CISOs and cybersecurity teams, this may seem to be good news—but only at first. The fact remains that these events are truly dynamic, especially in the case of one or more nonaligned entities targeting a powerful nation-state. These nations are accustomed to responding to attacks from other nations, not hard-to-identify hacker groups. This conflict is changing from moment to moment, and it’s conceivable it could affect the U.S. down the road.
How Can Data Centers Improve Their Cybersecurity?
There are a few steps any data center operator can take to improve its overall cybersecurity defenses and posture.
Expand the Use of Intelligence Sources
One of the most valuable resources any cybersecurity professional should use is the right intelligence sources. Many companies tend to shy away from operational security intelligence and open-source intelligence (OSINT), perhaps because they consider it a government function, not business responsibility. Today’s climate calls for a change: re-evaluating this mindset and investing in effective OSINT tools can give you a valuable advantage.
Take Advantage of Government Resources at Your Disposal
Companies today should do all they can to make use of available government resources. In the U.S., it can be one of the best resources that we have that is not actual law enforcement. For example, the Cybersecurity and Infrastructure Agency (CISA) is an incredibly valuable resource and employs teams whose sole responsibility is to work with businesses in an intelligence capacity as well as an advisory role.
The Department of Homeland Security also has important resources to help U.S. businesses bolster their cybersecurity efforts. This has become more important when you consider the recent SolarWinds, Colonial Pipeline, and other successful cyberattacks.
There are companies and solutions that will mine Twitter and other social media platforms to consolidate data and use it to alert about possible threats. Users can even manage multiple Twitter feeds running at the same time to collect hashtags and monitor other trends and possible groundswells of threat activity.
This type of functionality could be used during a crowd event or riot. Cybersecurity teams can track crowd locations, and if they get too close to a facility or data center, they can notify staff and take preventative measures to assure the facilities stay safe.
Shields Up: Adhere to Security Best Practices
Now is not the time to relax your standards. If anything, it’s time for “shields up,” and this means increased scrutiny and discipline related to known cybersecurity best practices.
For example, every company should be up to date when it comes to patching, data hygiene, and physical elements of security. This can include everything from making sure fuel contracts are current and backup generators are filled, to visitors wearing badges at all times.
This is also a great time to revisit various policies and escalation paths, including running business continuity drills, disaster recovery drills, and tabletop exercises. Cybersecurity professionals simply can’t afford to take their eye off the ball.
Be Confident While Remaining Vigilant
As we examine the overall situation, there are many reasons for data centers to be confident in the security strength of the U.S.-based infrastructure, especially as they continue to be vigilant. As I write this, we are nearly a month into the conflict in Eastern Europe and U.S.-based infrastructure is still intact. Generally speaking, this seems to show that the majority of cyberattacks have been contained to that region. However, the situation will be constantly changing, with new dynamics occurring each day that could lead to cybersecurity concerns directly in the U.S.
Knowing this is half the battle, data center providers should use this time to take a closer look at their overall cybersecurity programs and take all the steps they can take to be even more vigilant now to enhance their cybersecurity preparations and posture. Whether investing in new resources, partnering with new cybersecurity partners and service providers, adhering to known best practices, (or all of the above), data center operators can stay a step ahead of potential cyberattacks no matter how the geopolitical situation develops.
Mark Houpt brings over 30 years of extensive information security and information technology experience in a wide range of industries and institutions. He is Chief Information Security Officer at DataBank.