Two weeks ago, news broke of a ransomware attack on Colonial Pipeline, the largest provider of natural gas across the Eastern United States. In response, the company temporarily shut down its 5,500-mile pipeline extending from Houston, TX to Linden, NJ. In the aftermath, gas stations experienced shortages as customers stocked up, and the price of gas increased nationwide.
While Colonial Pipeline has since returned to normal operations, this incident comes on the tail end of two other highly publicized U.S cyberattacks. In December of 2020, software company SolarWinds experienced a security breach that distributed malware to thousands of its customers, including state and federal organizations. Two months later, hackers nearly succeeded in poisoning the Florida water supply with high levels of sodium hydroxide.
These and other examples demonstrate the impact that cyber actors can have on national security, and – as the rate of cybersecurity incidents rises – they ought to be counted among the greatest threats to cleared organizations. Modern FSOs must pay greater attention to cybersecurity and play their part to reduce the likelihood of a successful attack.
The Risk of Ransomware
Last year, the Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure (CI) operators of a growing threat from ransomware, anticipating the incidents mentioned at the beginning of this article. Cleared organizations would do well to heed CISA’s warning, no matter the size of their business or industry.
In 2020, the number of ransomware attacks rose by 62%, accompanied by a 225% increase in ransom demands. Attackers are becoming bolder: their victims include hospital systems, school districts, small businesses and large enterprises. Even entities who are not directly targeted by a cyberattack can be directly affected: the SolarWinds breach compromised over 18,000 organizations, including local governments and federal agencies.
In the case of the Colonial Pipeline, disaster was averted. While it remains unknown whether attackers managed to breach industrial control systems (ICS), DarkSide – the Russian-based hacking group responsible for the attack – disavowed any political motive and promised to avoid “social consequences” in the future. Other threat actors have no such scruples: they will target cleared organizations with the specific intention of wreaking havoc on the United States.
FSOs and Cybersecurity
Facility security officers (FSOs) may occupy the most unappreciated security role across federal organizations. They are on the front lines of national security, charged with keeping sensitive information out of the hands of bad actors. It is their responsibility to turn away unauthorized personnel and watch for insider threats who may be influenced by foreign contacts.
But the job of an FSO has become more complex with time. In the past, cybersecurity and facility security were considered separate domains with different C-level officers and areas of focus. Today, the boundaries between physical and digital security have become less well-defined; in response, FSOs must expand their awareness of cybersecurity and form a more holistic understanding of risks to their organization.
Cyber Actors and Foreign Influence
NISPOM requires FSOs to monitor their personnel for foreign and suspicious contacts, unexplained wealth, and miscellaneous security violations. In theory, this helps them to detect and minimize risk from insider threats who compromise an organization from the inside and may share sensitive information with enemies of the U.S.
But today, foreign influence can take many different forms. Cyber actors compromise members of your organization without their explicit knowledge or consent through social engineering attacks, phishing emails, and even targeted advertisements. A great number of insider threat events are attributable to increasingly simple mistakes.
Attackers can and will take advantage of employees who are not prepared for them. Worst of all, their methods for infiltration are constantly evolving: personnel who could identify a social engineering attempt last year may fall for it next year. Without understanding this issue, FSOs are fundamentally blindsided by a growing channel for organizational compromise.
How FSOs Can Defend Against Cyberattacks
In the future, prevention of cyberattacks will require the cooperation of everyone in your organization. Fortunately, there are many ways that FSOs can start playing their part right now:
- 1. Gain cyber literacy – FSOs don’t have to become cybersecurity experts to protect their organization, but they should stay up to date on evolving risks and attack vectors. Subscribe to cybersecurity publications like Dark Reading, ThreatPost, and others. Read new advisories from CISA, including Best Practices for Preventing Business Disruption from Ransomware Attacks. When possible, attend conferences and have conversations with experts to fill gaps in your knowledge.
- Implement training programs – it’s hard to overemphasize the importance of employee training. A single workshop can help personnel to recognize a spear phishing attempt that would otherwise cause them to divulge critical information to cyber actors. Provide basic training in digital hygiene to new employees with ongoing courses that cover emerging risks on a yearly or semi-yearly basis.
- Work with your CSO/CISO – build a working relationship with CSO, CISO, and other cybersecurity personnel in your organization. Share data and impact reports to help them understand the problems you are dealing with and leverage cross-departmental insights to create a culture of cybersecurity throughout your organization.
Cyber actors are already impacting cleared organizations throughout the U.S; in the future, regulations will continue to require greater vigilance from FSOs to defend against evolving threats. Get a head start by preparing in the present.
The latest version of Access Commander includes critical functionality to help FSOs collaborate with other executives, prevent threat incidents and promote a culture of cybersecurity from the top-down.
- Understand and identify insider threats with the Advanced Insider Threat Analysis
- Share information through role-based dashboards and integration with Portal Commander
- Implement training programs and track progress with the Training and Conference Management module
- Track security incidents, suspicious contacts, foreign travel, and more
Want to learn more? Contact us today for a free demo!