Скачать книгу

information with a third party, it loses visibility or control over what is done with the data, despite their best efforts or intentions.

      In this case, when CybelAngel performed a search and monitoring on keywords related to airport security, they detected nearly 10,000 servers that were publicly available, on which over 400 blueprints of airports worldwide were identified, sitting on unprotected third-party connected devices, or in misconfigured cloud storage.

      Some of these blueprints were extremely detailed, including the location and angle of the security cameras, revealing which were motion activated or had facial recognition capabilities and even precise information on how to access and take control of them. In addition, these blueprints contained the location of the detention rooms that are hidden from the public, runways, and the position of the fuel lines from the tanks leading to the runway where fuel is pumped into the wings of the aircraft.

      There were blank signed templates of security application access forms that, if compromised, would have allowed access into the airport facilities. There were also completed security badge application forms with official stamps and signatures, and over 300 files describing safety procedures and policies. Those procedures included instructions on how to bypass the whole security system, and how to deactivate it.

      There were also identity details of air marshals and departure and arrival dates, as well as the list of weapons they are allowed to carry on planes. Such intricate information can easily serve as a blueprint for a terrorist attack.

      The frightening part of all of this is that the data was found on third-party servers in many countries, including the United States, France, the UK, India, Spain, and others.

      As the world continues establishing even more interconnectivity, it becomes more critical than ever to position industry leaders to have better foresight before a crisis even happens.

      John Yates, QPM, is a former assistant commissioner in the London Metropolitan Police Service. He retired in November 2011 after a 30-year career. In his last role, John was the UK lead for counterterrorism and the most senior advisor to the prime minister and home secretary on law enforcement issues relating to terrorism. In this role he was also responsible for protecting the royal family and senior government ministers as well as the Houses of Parliament and Heathrow Airport.

      John is currently the director of security for Scentre Group, which owns and operates Westfield Shopping Centres in Australia and New Zealand. He shared his lessons for the cyber industry from his counterterrorism days:

      “One of the key roles of leaders is to keep out of the weeds and be constantly looking up, thinking broadly and identifying trends. I want to talk about a relatively little known case in London in 2010. It was a case that should have been examined in much more detail because it was one of the principal precursors to a deadly and murderous shift – the radicalization of predominantly young people – that plagued the efforts of those seeking to counter terrorism for many years and, indeed, continues to do so.”

      In a time where radicalization was little understood, particularly by young vulnerable people, Roshonara Choudhry, a final-year student at King's College, London, and from a good Bangladeshi family, brought two knives to Beckton Globe Library, where MP Stephen Timms was conducting his constituency clinic. Choudhry stabbed Timms twice in his abdomen.

      John continued, “This case was initially dealt with by the local homicide squad. It took us over 24 hours to realize that this was in fact a terrorist attack, being that it clearly fit the long accepted definition – the unlawful use of violence and intimidation for political or ideological aims.

      “It was actually the first successful terrorist attack in London since the July bombings in 2005. So at the time, the case was taken over by the counterterrorism command and Choudhry was convicted and sentenced to life imprisonment.

      “But we stopped there. For two years, we didn't really do anything, and then suddenly the whole problem of people being radicalized began to play out in developed countries, particularly in the Western world. ISIS emerged and the online community became an effective vector to radicalize people.

      “What happened in 2010 was a significant event. What we failed to do was to identify the broader implications – that Al Qaeda and, later, ISIS were using social media and other online means to target vulnerable people – and pose the question, could this happen again and what should we be doing about it now?

      “One of the duties of leaders is to take any extraordinary or unusual events and reflect on the underlying issues, to consider what the themes are that need to be addressed. Is there something that we need to be doing here in the education environment? Is there something that we should consider about the public warnings?

      “We didn't do any of that for a number of years and then we got way behind in terms of our ability to understand the motivations of these people and to understand the impact it was having, particularly on young people.

      “All those factors were there in 2010; Choudhry was the first manifestation, and with serious consequences, in the developed world. We didn't open our eyes to the broader issues back then. We just dealt with it as a very serious attempted murder, and put it back in the box. We did not sit back, reflect, debrief, and consider the implications more broadly. It's something we should have done at that time, and it was most regrettable that we did not.”

      John's lessons are even more applicable in today's modern digital world. There is merit in studying the past and present incidents, considering the context of each, trying to gain a macro perspective and thinking about the bigger picture of what it could evolve into in the future.

      When an event is looked at in isolation, it will always project a narrow view, which limits one's ability in preempting and preparing for the best defense response.

      Likewise, in examining a cyberattack, it cannot be viewed in isolation. Effort and care should be taken in studying the source – is it just a random phishing attack, where is this coming from, are there other breaches instigated by an insider threat, is it a competitor that is trying to undermine your shareholder value, or did you happen to fall prey as a pawn in the grand scheme of geopolitical affairs?

      When we look at the advancement and sophistication of these cyberattacks over recent years, we need to retain a holistic view of what these changing implications might mean for the overall organizational and individual risk.

      Military leaders point out that capabilities take a long time to develop, but intentions can change overnight. In other words, the cyberattack impacts and response will not only center on current technology solutions, but also on what scenarios could happen in the future.

Скачать книгу