How We Can Start Winning the Cyber War

Government and industry must work hand-in-hand to execute a winning game plan against cyber terrorists.

Mark Carrigan, Senior Vice President, Process Safety and OT Cybersecurity, Hexagon PPM

July 28, 2021

3 Min Read
Digital grenade
the_lightwriter via Adobe Stock

The May attack on Colonial Pipeline was cyber terrorism. There's no better way to label it.

Attacks on critical infrastructure have consequences beyond the financial realm. They can cause physical harm to industrial equipment, disrupt vast portions of society, and even lead to loss of life, in the case of a German hospital now pursuing cyberattackers for murder.

These attacks are tactical. They are orchestrated by rogue elements, often thousands of miles away. So don't call them espionage or hacktivism, or anything else that softens the nature of the attacks. Call them terrorism.

Sadly, cyber conflict is here to stay, and so we need to prepare for what's next — and beyond.

While the stakes are increasingly high for individuals, governments, and commerce, it's helpful to think of cybersecurity as a global contest. We have to know the players and the roles they play. And we must balance defense with offense.

Defense: The responsibility for defense lies squarely with critical infrastructure companies. They have all the motivation required to protect their assets and have made significant strides improving the defense of their systems, but more work needs to be done.

While companies have put so much focus in recent years on preventing and detecting infiltration, we still must assume that breaches will happen, regardless of how many layers of defense a company may have. A good defensive strategy must also include three key plans: incident response, mitigating and minimizing the attack's consequences, and business continuity.

The ability to recover is an essential element of keeping a business working even after an attack. Recovery in this case includes an accurate and up-to-date backup of a system's configuration, along with the ability, for certain companies, to know "what has changed" on the control systems that enable automated manufacturing. This is often the weakest point in many companies.

Offense: This should be in the government's hands.

Companies are not in the business of taking countermeasures to disincentivize or punish attackers. Doing so can cause collateral damage in cyberspace that just causes further harm to more people. It is the responsibility of the government to establish laws and prosecute cyberattackers, as well as to answer attacks. The FBI clawing back illicit earnings from the Colonial Pipeline incident was a start, but we could go further.

Our society needs both private enterprise and the public sector to operate at high levels. Our government must send a strong message to the rogue elements and the governments that enable or ignore their activities that we consider cyberattacks on our critical infrastructure to be a threat to national security.

Government must do a better job of helping small business as well. Informing industries and possible victims of intrusions, in a way that allows them to make the necessary mitigating choices, is one step toward being a partner to private industry. It will take time to cultivate the trust necessary for industry and government to work together on this sensitive issue.

Cyber is the new frontier of international conflict, and we can win. Government and industry must work hand-in-hand, offense and defense, to execute a winning game plan. The future is at stake.

About the Author(s)

Mark Carrigan

Senior Vice President, Process Safety and OT Cybersecurity, Hexagon PPM

Mark Carrigan is responsible for defining and implementing Hexagon’s strategy for process safety and OT cybersecurity solutions. He also is responsible for the Hexagon PPM division’s sales strategy, which includes the Alliance and Partner program, as well as overseeing divisional customer success initiatives to ensure clients receive maximum value from our solutions. He previously served PAS Global – acquired by Hexagon in 2020 – for 20 years in a variety of roles, including Senior Vice President of Technology, Managing Director for the Middle East and Global Sales Leader, culminating as the company’s Chief Operating Officer and Chief Revenue Officer. Prior to joining PAS, Carrigan spent 10 years with Air Products & Chemicals in several technical and commercial roles. An industry veteran, Carrigan has extensive experience in international business, engineering, sales, and technical consulting in the processing industries. He holds a Bachelor of Science degree in Mechanical Engineering from the University of Michigan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights