We’ve grown complacent. Cyberattacks are so common, so ubiquitous, that we’ve grown inured to them. Phishing attacks clog our inboxes. Denial of Service attacks pepper our financial system. And attacks like Stuxnet raise the level of Cyberwarfare to the international stage.
But we haven’t yet seen any type of attack that changes the game. Some kind of coordinated effort that causes unexpected, appalling damage. In other words, we haven’t had our Cyber-9/11 yet.
Remember September 10, 2011, the day before 9/11? If somebody were to ask you if Al Qaeda terrorists were likely to take down the World Trade center with hijacked airplanes, you’d have thought they were reading some kind of over-the-top, implausible spy novel. And then on a bright, clear Tuesday morning, our world changed forever.
Is today the September 10th of the upcoming Cyber-9/11? There’s no way to know, of course, except in retrospect. And there’s also no way of knowing how such a world-changing event will unfold. Will our power grid go down? Will hackers launch our nukes? Perhaps all our stoplights will turn green at once?
What we can do, however, is plan for general categories of disruption as part of our organizations’ disaster recovery planning. Here are a few ideas to get you started.
- What will you do if the Internet goes down? For a day, a week, a month?
- The same with the power grid, the water supply, and other basic utilities.
- How will you handle a long-term disruption of the financial system? Can your business survive a protracted period with no access to your bank accounts?
- What about the equities markets? How disruptive would the loss of NASDAQ or the New York Stock Exchange be for your business?
- 9/11 disrupted travel for weeks. What in our airspace system was the malefactors’ primary target?
- Don’t forget the psychological attacks. The hackers may simply be trying to demoralize us. What if they took down the Mars Curiosity Rover, or Times Square, or the Louvre?
This list, of course, is woefully incomplete. And while you can’t live your life in a bunker, afraid of an infinitude of increasingly implausible disaster scenarios, it’s still a reasonable precaution to provide some kind of framework for an unprecedented Cyberattack. Let’s make sure the coming Cyber-9/11 doesn’t upset our world as 9/11 did.