Paul Eisler

Cyber Crisis Response Planning

USTelecom members on the Council to Secure the Digital Economy (CSDE), in partnership with other global information and communications technology (ICT) leaders, have taken the first big step toward harmonizing diverse frameworks that will allow industry to mobilize effectively during a catastrophic cyber incident. Our group has identified a set of scenarios where incident response and recovery stand to benefit from operational guidance, which we will finalize by the end of the year. This guidance will help industry and government coordinate actions to combat cyber threats.

In the cyber domain, as in the physical domain, not all threats are created equal.

While minor threats are often mitigated successfully by our individual companies, we are creating a guide because major threats—the sort that cripple economies and endanger society—require coordination among multiple ICT companies. Our focus is tackling exceptional crisis-level scenarios that can pose grave and widespread threats.

Understanding that the success of this project requires a multi-jurisdictional and ecosystem-wide approach, the CSDE has undergone an extensive vetting process to identify crises that could cause the ICT sector to mobilize.

We not only reached out to members whose security teams provided valuable insights, but also key government partners such as the National Security Council staff and the Departments of Homeland Security and Commerce. We also shared a preliminary catalogue of possible crisis scenarios with leaders of industry-driven efforts in foreign jurisdictions.

The following is the initial set of scenarios that the CSDE will consider in the context of risks to the security of the digital economy:

  • DDoS Botnet Attack – Malware infects a large number of devices to create a massive botnet and launch DDoS attacks against high value targets.
  • DDoS Server-based Attack – An attacker exploits the vulnerabilities in servers to launch hugely amplified DDoS attacks.
  • Destructive Malware – Sophisticated malware targets and destroys important data or prevents the system from booting successfully, rendering it unusable.
  • Ransomware – Profit-seeking criminals target information systems with crucial data, such as computers used by governments, businesses, and even hospitals.
  • Advanced Persistent Threat (APT): Industrial Systems – A nation state or well-financed, highly sophisticated actor develops malware that targets industrial control systems.
  • Border Gateway Protocol (BGP) Hijacking – A BGP hijacking attack wrongfully redirects internet traffic and may cause disruptions to websites and online services while also enabling attackers to steal data, conduct espionage, and perpetrate other abuses.
  • Hardware Vulnerabilities: Processors – Security researchers or others discover difficult-to-patch hardware vulnerabilities in computer chips throughout the world, which allows malware to access data without proper authorization under specific circumstances.
  • Hardware Vulnerabilities: Component Backdoors – A state-sponsored bad actor manages to insert backdoors into the hardware of major ICT companies, compromising systems in industry and/or government.
  • Software Vulnerabilities: Open Source – Malicious actors discover security vulnerabilities in open source software components, which are used in commercial applications that proliferate widely throughout the internet ecosystem.
  • Software Vulnerabilities: Zero Day – Malicious actors discover zero day security vulnerabilities – vulnerabilities that software developers do not know about – and write exploit codes to gain unauthorized control and impair the functions of information systems all over the world.
  • Domain Name System (DNS) Exploits – Malicious actors alter information on a DNS server to redirect internet traffic to the wrong online destination, such as a fraudulent website that misleads the public.
  • Cloud Vulnerabilities: Provider Compromise – A cyber-attack against a major cloud services provider, possibly a supply chain attack, gives malicious actors the ability to target the provider’s clients, which may include industry and government, causing significant economic damage or compromising national security.

All the scenarios the CSDE has identified—from vulnerabilities in critical infrastructure to massive disruptions involving millions of devices—are based on a combination of events that have taken place in recent years and expert opinions regarding critical vulnerabilities.

Having identified these scenarios, the CSDE will now work to understand ICT sector capabilities and build consensus around unified processes for industry to mobilize immediately during crises, to be published at the end of 2019.

Our guidance will streamline industry and government reactions in emergency circumstances, and help coordinate flexible response mechanisms that distribute responsibilities among stakeholders, with clearly defined leadership roles.

Through this line of effort, USTelecom members and other ICT stakeholders in the CSDE are leading as stewards of the digital economy and are amplifying their distinctive assets and capabilities to secure our digital economy.