Samantha F. Ravich, Ph.D., Chair of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, recently called for the U.S. government to create a Continuity of the Economy (COTE) plan to protect "seed data," critical data, and technology necessary to get the economy back online after a catastrophic cyberattack.
In her article entitled "The US Must Prepare for a Cyber 'Day After,'" Ravich suggests that our nationwide focus on data breaches and stolen personal information has distracted us from a bigger cyberthreat—a total infrastructure shutdown.
For years, foreign nationals have been hacking our critical infrastructure and infecting it with malware that could sabotage dams, pipelines, water supplies, or even transportation systems. In 2016, a state-sponsored hacker was indicted for hacking into a dam in New York, for example.
The Office of the Director of National Intelligence stated in its 2019 Worldwide Threat Assessment that China can cause "localized, temporarily disruptive effects" for corporate networks and that Russia "is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage."
During the Cold War, the U.S. government had "day after" plans for how to continue the government, get transportation and communications back functioning, and begin regenerating the economy following a massive nuclear attack. The nation has no such plans for how to recover from a massive cyberattack.
Ravich's COTE plan would go beyond stockpiling backup information to address functional interaction among specific infrastructure sectors and how those in turn support the economy. Samantha Ravich "The US Must Prepare for a Cyber 'Day After'" email@example.com (Aug. 28, 2019).
Cyberattacks that severely disrupt operations are becoming more common. Unfortunately, such attacks affect a wide range of organizations beyond the U.S. government, making a cyberattack that leads to a total shutdown in your organization quite possible.
In 2017, the "NotPetya" malware shut down operations at large organizations including Maersk, FedEx, and Merck. In March 2018, hackers used a distributed-denial-of-service attack to interrupt electrical grid operations in parts of Southern California and Utah. That same month, another group of hackers forced one of the world's largest manufacturers of aluminum to stop production at some of its plants and switch others to manual operation.
In 2015 and 2016, a group of Russian hackers attacked electrical utilities in Ukraine and cut power to hundreds of thousands of people. In June 2019, the group of Russian hackers that created Triton, dubbed "the world's most murderous malware," probed the U.S. power grid for weaknesses that would allow them to carry out a massive cyberattack.
All organizations must create a business continuity plan. This plan should detail how to resume operations in the event of a total shutdown, such as a cyberattack on your organization's infrastructure or even the local power grid.
Start by identifying your most important business operations that must continue in the event of a total shutdown. Determine how you could carry out these functions manually in case you do not have power or the internet. Assign members of the organization to carry out these manual operations. Periodically test your manual override plan.
Also, create a plan for how to notify customers, clients, contractors, and any other relevant third parties of interruptions in your operations. Include any necessary information for how they can access necessary information or perform essential functions offline.
If possible, determine an alternate location in which you could perform essential operations in the event of a complete power outage in your area.
Store backup copies of your essential data on hard drives that are not connected to the internet so that you could reboot operations in your alternate location if the power is out or if all of your network data were lost.