WC.com

Tuesday, May 18, 2021

Cybersecurity hits Home.

It has been an interesting 14 months in the paradise that is Pensacola (where "thousands live like millions wish they could"). Last spring this SARS-CoV-2 came out of the blue and shut things down. Make no mistake, life in Florida was far less affected than it was in many places. We enjoyed an economy that struggled but did not shut down as others did. We had beaches, restaurant carry-out, and more. But COVID-19 was a pain nonetheless.

In September, some folks forgot to secure some barges as Hurricane Sally came ashore here. There seemed to be genuine shock that she made landfall a few miles east of the earlier NHC predictions. Coincidentally, she landed almost precisely where Ivan did, on September 16, 2021; it was coincidentally the 16th anniversary of Ivan. The news reported that the bridge contractor had 55 barges and 22 of them washed ashore. Some hit bridges. The worst affected is the "three-mile bridge" that this contractor was coincidentally building before it destroyed parts of it. My seven-mile commute to work became 35 miles; my 15-minute ride turned into 50 to 75 minutes (each way, each day). 

Sure, that was expensive, even at the $2.10 per gallon then prevailing. Fourteen miles per day became 70, and it was expensive. But, there were promises of repair "soon." Spring harkened! A new day was promised with a bridge restored in March (not so fast). Currently, we are all operating under a promise that the bridge will reopen the week of Memorial Day (257 days post-Sally). If that comes to pass, it will still be only one lane in each direction, a modest improvement for a route that used to carry up to 60,000 vehicles per day.

But, we persevere. We kept on keeping on. We strove to recover from COVID-19 and keep on trucking (as the price of fuel increased). Then, the week of May 10, 2021, some enterprising miscreants decided to pick on a pipeline company for fun and profit. They hacked in and installed "ransomware" in the company's computers. The point of that kind of effort is to deny access to the computer's owner until they pay a ransom. It is, plainly stated, extortion. The pipeline was shut down and eventually paid $5 million in ransom.

The impacts were initially minimal. Friday, Saturday, and Sunday brought no real concerns. Then the news media became engaged on Monday. There were reports on local television. They explained that the hack had led the pipeline company to shut down its deliveries. Supply fell off rapidly, and people (as they sometimes do) rushed out in a panic to fill cars and gas cans. Demand spiked, and the results were marked. One driver burned a car loaded with fuel. Floridians tend to hoard fuel every time a disaster threatens; we prepare on short notice and react. 

According to Bloomberg, "about 65% of stations in North Carolina are without fuel and at least 40% in Virginia and Georgia." As far north as Pennsylvania, "distribution hubs ha(d) run dry." Business Insider reported that "More than 1,000 gas stations in eastern US states ran out of gasoline."

The impact of the hack made world news. The British Broadcasting Corporation reported on the results. It noted:
"If the general public or politicians ever needed proof of how devastating cyber-attacks can be, this hack will more than suffice"
"Even the hackers themselves seem surprised by the damage they've caused."
So, there is a hassle for the motorists (particularly those here in Pensacola who are now driving 70+ miles per day, but now with limited fuel). And, there is an impact on the retailers. One might think such an event would be a boon to gas stations. However, according to the West Virginia Oil Marketing and Grocers Association (OM&GA), gas stations make little money selling fuel. The profit is "about 2 cents per gallon." Stations "typically make about $100 per day selling gas." Where is the profit? That is in the M&Ms and soda (at least from my personal perspective, but grab some jerky or fruit if you prefer).

To make matters slightly worse, these miscreants literally came from the "Dark Side," according to the New York Times. The Dark Side? Really? That just makes it hurt a little worse. You just cannot make this stuff up. 

The point of all of this is twofold. First, much of our lives is dependent upon computers. That is a fact, indisputable, and inescapable. Oh, and often times it is not even your computer that is jeopardizing your livelihood; just like it is not necessarily your bridge or barge that is wreaking havoc on your life. See, there are similarities there. Someone did not effectively tie down their barges, and thus disaster and economic impact on others. Someone did not effectively safeguard their computer, and thus (you guessed it) economic impact on others. Other people failed in their responsibilities and many suffered for their mistakes.

The second point is as simple: what if tying down the barges had been your responsibility? The aftermath of your failure might be uncomfortable at best. What if securing that computer network had been your responsibility? The same. The difference is likely that you do not own or manage barges. But, you do have computers. They are ubiquitous, ever-present, and vulnerable. If yours gets infected, it might infect someone else, destroy someone's data, annoy your friends and colleagues with spam mail, or be the fulcrum of an extortion effort.

If your computer passes on some virus to a client's computer, that may end a professional relationship. If your computer gives up its secrets (data), that could end many professional relationships (and perhaps a friendship or two in the process). But worse, if you fail to secure your computer and damage occurs to others, there is always some outside chance you could be sued for the resulting damages. Even if such a lawsuit is baseless, how much would it cost your small business to defend itself? If it is not baseless, how much might the damages run? When that lawsuit(s) concludes, what will your business' reputation and name be worth? Will you have avenues out besides bankruptcy?

Cybersecurity. As the BBC noted
"If the general public or politicians ever needed proof of how devastating cyber-attacks can be, this hack will more than suffice."
Amen. I am proud to be hosting a cybersecurity breakout at the WCI2021 this December. I will tell a few jokes, cite a few stories, and then introduce the most hacker-daunting team in the southeast United States (perhaps in the world). The team from the Center for Cybersecurity at the University of West Florida will provide details on how you protect yourself from cybercrime, and thus protect those with whom you connect and do business. Will you be at the root of the next "big one" or will it merely impact your livelihood (as a broken bridge or empty gas tank might)?

Cybersecurity is a real concern. Cybercrime is a real threat. The impact could be devastating, even if only for you alone. This is a "must-see" breakout at WCI2021. Plan to stay through Wednesday, December 15, 2021; my program is that morning. Cybersecurity programming is included in the conference. You cannot afford to miss this frank discussion of how to better understand the miscreants who threaten you and how to protect yourself from their tomfoolery. Perhaps you are right: "it will never happen to me," but what if you are wrong?