Preventing a “cyber Pearl Harbor”

Not one year ago, a server that hosts around fifty Jewish congregational Web sites was attacked by a politically motivated hacker group called the Moroccan Ghosts. The group plastered the targeted Web sites with their logo and an hour-long video denying the Holocaust. According to the cyber experts, this one event was only part of a larger trend of hackings targeting the Web sites of groups for political and or ideological justification. The incident provides just a small glimpse into the damage that can result from breaches to an institution’s cybersecurity. Of highest concern is when personal information such as the home addresses, names, and schools attended by the children of faith-based leaders and staff, become open source posts on hate filled or extremist Web sites and blogs. Jane Holl Lute, former deputy secretary of DHS and nationally regarded cybersecurity expert, advises:

In cybersecurity, we are now experiencing what one noted expert has termed “the fog of more.” A welter of advisories, technology, tools, and checklists is being offered up in the service of protecting our networks. But part of the reason more enterprises are not better postured on cybersecurity is because it is not always clear what should be done first, or as a matter of priority, among the various means and ways that are suggested.

“Cyber threats to houses of worship, faith based and NGO organizations pose significant security risks to their operations and include everything from surveillance and intelligence collection on leaders and members to accessing systems that can disrupt operations or be exploited for conducting a physical attack. The security operation needs to include complete security planning and implementation to counter both physical and cyber threats…” says Robert Liscouski, CEO of Axio Global, LLC, a cyber-enterprise risk firm, and former assistant secretary of infrastructure protection at DHS.

In terms of cyberthreats on individuals, the 2012 Norton Cybercrime Report revealed that 556 million individuals are victims of consumer cybercrime every year. That is eighteen victims per second. Two out of every three adults use a mobile device with Internet access, and 31 percent of mobile users that year received a text message from an unknown source asking them to click on a link, dial an unknown number, or retrieve a suspicious “voicemail.”

Due to the evolving nature of the risk to faith based and NGO affiliated facilities, the answer to who is responsible for addressing cybersecurity concerns is somewhat vague. An administrator’s or a director’s fiduciary duties without a doubt extend to the protection of significant digital assets. What, then, are a director’s or an administrator’s specific responsibilities when it comes to cyber security? Can an administration simply rely upon its IT department or person to address cybersecurity needs, or do faith based and NGO leaders have an obligation to educate themselves on the nature of their respective agency’s cyber technology? Will cybersecurity be a topic of discussion only after an organization experiences a major security breach?

Cyber-security has become the new homeland security of the decade. It is imperative that we apply the same level of awareness and action as we have to the physical security of our facilities to ensure our security against this ever-evolving threat. Last year, then-Defense Secretary Leon Panetta issued a call to arms against cyberattacks, warning that sophisticated attacks against the United States could be America’s next “cyber Pearl Harbor.”

The threat of cyber-attack is more real than ever. Like the years leading up to 9/11, the clarion call has been sounded, and warnings have been made. Are we listening?

Preventative strategies for preventing cyberattacks can be found at this DHS Web page.

Paul Goldenberg is the president and CEO of Cardinal Point Strategies. He is a member of the Homeland Security Advisory Council (HSAC). The article was first published as a blog post by Sys-Con Media under the title “The Cyber Threat to Non-Governmental Organizations.”