Cyberattacks increased 38% worldwide last year, and now cybersecurity experts are issuing this urgent warning – critical U.S. infrastructure security breaches and shutdowns may soon be coming.
A former C.I.A. hacker turned cybersecurity analyst says the government must act before it's too late.
Was the computer network failure that recently grounded all U.S. air traffic for the first time since 9/11 human error or a cyberattack? While the Federal Aviation Administration insists human error led to the outage, Canada experienced a computer outage the same day.
"This is what I would categorize as highly suspicious because these systems have redundancy, they have backups, they have ways to be able to recover," explained cybersecurity expert Eric Cole, C.E.O. of Secure Anchor.
"So when I hear that there was a database error and then, as you said, there were two different systems that went down on the same time. I'm like, okay, say it was human error. Keeps everyone calm, but in reality, it really does sound like a cyberattack and that something went wrong that was unplanned," Cole said.
When looking for likely suspects in such a cyberattack, Russia would be a strong possibility because of its war against Ukraine and the help U.S. and Canada are giving the Ukrainians.
"Russia lately has always been on the list. But we also forget that China is also a big target, especially when it comes to critical infrastructure. And there are also a lot of freelance cyber adversaries that are out there that are really big on ransomware, extortion, and things like that. So from my standpoint, it sounds like what we call a test attack where they wanted to test and just see how vulnerable the systems were, whether they could get in, and how long it would take them to recover," Cole explained.
"So to me, the critical part for the F.A.A. right now is to really figure out if it was a cyberattack, to figure out how they got in, and make sure they fix it. Because this sounds like it's going to be one of many attacks in our future," he said.
Given the FAA software is 30 years old, Cole and other cybersecurity experts say an update is long overdue.
"Certainly, they'll have to take a good hard look at this system, and they'll have to identify any weaknesses or built-in redundancies or full upgrade of some kind because this was obviously problematic. But given that they were able to lift it in a few hours, you see what just a few hours does to the network when it's down," explained Daniel McCoy of the Wichita Business Journal.
Although President Biden signed a $1.2 trillion infrastructure bill into law last November, Cole believes some critical network issues must be considered for air traffic control and other vital national computer systems.
"When you're dealing with critical infrastructure like air traffic control, utilities, and even hospitals, uptime availability is critical. And any time you patch or update a system, there's a chance it could crash. I'm sure you've had it at your home when you did an update, or they said, 'Oh, it's just a basic patch.' Suddenly, things don't work, and things stop operating. So, it sounds bizarre, but the more critical a system, the less we update it, the less we patch it, and the more vulnerable it becomes," Cole explained.
So how likely then is another shutdown or a cyberattack not only against an antiquated FAA computer network but other critical government networks – just how vulnerable are they?
"Unfortunately, they are very vulnerable. For that reason, you said these are old systems. They're not typically updated. They're not typically patched. And the big problem is they're starting to be interconnected. And that's where the problem comes in. These systems were designed and built to be what we call in cybersecurity, an air gap, which means completely isolated from any other system or the Internet," Cole said. "But what's been happening over the last year or two is they're interconnecting these to the Internet and other systems to make them easier to use. And because of that, this, to me, is just the beginning. And this year, we're going to see a lot more of these attacks happening because of that."
Part of the increased vulnerability is due to COVID-19 shutdowns and working from home, now the new normal in our society.
"And instead of us leaning away from that, now that people are coming back in the office, we're actually doing more and more interconnectivity, which is great for ease of use, but it's one of the worst possible things we can do for cybersecurity. This creates a huge national security problem," Cole insisted.
Although the F.A.A. says it has made revisions to prevent a corrupt file from damaging the flight backup database, cyber security experts say Congress and the president still need to urgently address vulnerabilities to safeguard the nation from more devastating attacks in the future.