Below: U.K. mail service faces a disruption, and the Guardian says the cyberattack that hit the U.K. newspaper was ransomware. First:
The FAA outage illustrates the risks of jumping to conclusions about cyberattacks
Each time there’s a significant technological outage, just like the disruption of Federal Aviation Administration systems Tuesday night that caused hundreds of flights to be delayed, speculation quickly erupts blaming a possible cyberattack.
And each time, cyber experts respond: Stop doing that.
To make sure, Transportation Secretary Pete Buttigieg said there’s no evidence a hack was responsible, but that officials couldn’t rule out such a possibility.
A few of those aforementioned cyber experts are no less than sympathetic to the natural tendency of individuals to invest about, well, every part. And regardless of the case finally ends up being for the FAA, tech outages just like the one which agency experienced — resulting in widespread flight cancellations and delays — can illustrate the potential havoc of a successful cyberattack.
But mostly, the sentiment of cyber observers is that it’s a nasty idea to leap to conclusions, especially publicly.
“If we keep crying wolf, then we lose the power to teach and solve real problems,” Bryson Bort, founding father of the cybersecurity company Scythe, told me. “We live within the glassiest house on the planet with our reliance on information systems.”
Overall, the speculation has been more muted this time than with other tech outages, said Jeffrey Troy, president of the Aviation Information Sharing and Evaluation Center, a company dedicated to sharing threat information throughout the aviation industry.
“I’m not seeing plenty of calls and panic that there’s an enormous ransomware event or that the FAA just isn’t going to find a way to operate,” Troy told me. “Individuals are getting back to the business of aviation.”
- There may even be an upside to people interested by different potential causes of an outage. “If you could have people getting in there with different mindsets, once you go to search out the basis cause, you’ll be as open-minded as possible,” he said.
A preliminary examination pointed to a damaged database file because the wrongdoer, in keeping with the FAA. However the investigation is ongoing, my colleagues Ian Duncan, Michael Laris, Katherine Shaver and Lori Aratani reported.
(Canada suffered an identical outage Wednesday, nevertheless it didn’t delay flights.)
The available evidence didn’t stop speculation, after all. People assuming that a cyberattack is liable for any given outage is a growing trend, Shawn Henry, chief security officer at CrowdStrike, told me.
“Over time, more recently, we now have seen people default to that,” Henry said. “But they’ve defaulted to it because there have been loads more attacks. There’s loads more awareness of the adversary capabilities.”
- It’s sensible for victims to not declare the reason for an outage until they know needless to say, he said. “There are going to be glitches, software updates, hardware malfunctions, crashes, anyone making a mistake coding something incorrectly,” he said.
- That said, “If the media and most of the people are speculating, there’s no harm in that aside from perhaps unnecessarily getting people agitated and adding some anxiety to people’s lives,” he said. “But that’s what happens with people and the media.”
Sometimes, those non-cyberattack incidents is perhaps more damaging, contended Dmitri Alperovitch, chair of the Silverado Policy Accelerator, on Twitter:
The FAA NOTAM outage might be attributable to numerous things. But since many are speculating about cyberattacks, I need to only indicate that essentially the most destructive computer incidents in history have been attributable to bad updates, not nefarious acts… https://t.co/OXaw7plG87
— Dmitri Alperovitch (@DAlperovitch) January 11, 2023
The cyber industry tends to answer to speculation about cyber incidents with memes centered on the Domain Name System, given how fundamental it’s to web routing and the way problems with it are sometimes the reason for what’s actually gone unsuitable, Bort said. Here’s Brett Callow, a threat analyst on the cybersecurity company Emsisoft:
None of this undermines the discussions that america and other nations are having about what protective steps — potentially including more regulation — policymakers should take to guard critical infrastructure sectors like transportation.
Even when a cyberattack didn’t cause the FAA outage, the outage might in truth feed into those discussions. Here’s former NATO supreme allied commander James Stavridis, a vice chair on the Carlyle Group, an investment firm:
The airline national stoppage may or is probably not a cyber attack, but even when it just isn’t, it definitely shows us what one could seem like. Good get up call. pic.twitter.com/MEKaNwe0BT
— Admiral James Stavridis, USN, Ret. (@stavridisj) January 11, 2023
And here’s John Hultquist, vice chairman of intelligence evaluation on the Google-owned Mandiant Threat Intelligence, taking within the larger picture:
I actually doubt you will find some sinister cyber plot at the basis of this FAA thing, but should you’re in search of cybersecurity angles I feel it’s this: we live in an increasingly complex, interdependent system that’s vulnerable to unexpected consequences and cascading failures.
— John Hultquist🌻 (@JohnHultquist) January 11, 2023
The federal government has been looking closely at cybersecurity threats for aviation. The Transportation Security Administration has been developing rules for the aviation sector. The White House also has briefed industry representatives on threats.
Essentially the most recent, distinguished confirmed cyberattacks on the sector got here in October, when a Russian group knocked some airport web sites offline with distributed denial-of-service attacks that flooded the sites with phony traffic.
But perhaps what’s needed at once in response to the FAA tech outage is solely an improvement to technology.
“Americans deserve an end-to-end travel experience that’s seamless and secure,” said Geoff Freeman, president of the U.S. Travel Association, a trade group that represents the travel industry. “We call on federal policymakers to modernize our vital air travel infrastructure to make sure our systems are capable of meet demand safely and efficiently.”
‘Cyber incident’ disrupts U.K. postal service
Royal Mail said it couldn’t send mail internationally in consequence of the incident, the BBC’s Tom Espiner reports. The mail service is looking it a “cyber incident” and never a “cyberattack” and doesn’t know what was behind the incident.
“The back office system that has been affected is utilized by Royal Mail to organize mail for dispatch abroad, and to trace and trace overseas items,” Epiner writes. “It’s in use at six sites, including Royal Mail’s huge Heathrow distribution center in Slough, which has been affected by the incident. It’s unclear how long the disruption will proceed, and mail that has already been shipped for export could also be delayed.”
The National Cyber Security Center and National Crime Agency try to determine what happened, and regulators have been notified in regards to the incident.
Cyberattack on the Guardian was ransomware, the newspaper says
The U.K. newspaper said the hack probably happened after someone clicked on a phishing email, the Guardian’s Dan Milmo reports. Executives at the corporate said they consider that it was a “criminal ransomware attack, and never the particular targeting of the Guardian as a media organization,” Milmo reports. The cyberattack was discovered Dec. 20.
The hackers obtained the private data of U.K. employees. But “we now have seen no evidence that any data has been exposed online up to now, and we proceed to watch this very closely,” in keeping with the executives — Guardian Media Group chief executive Anna Bateson and the Guardian editor in chief Katharine Viner.
The corporate said it didn’t have reason to consider that subscriber data or data of its staff in america or Australia had been accessed.
- Gen. Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, speaks at a public forum on a government surveillance authority on Thursday. April Doss and Christopher Fonzone, the highest lawyers on the National Security Agency and Office of the Director of National Intelligence, are also slated to talk on the event, which is hosted by the Privacy and Civil Liberties Oversight Board.
- Cybersecurity practitioners meet with cybersecurity staffers on Thursday as a part of Hackers on the Hill.
Thanks for reading. See you tomorrow.