Please ensure Javascript is enabled for purposes of website accessibility

Pulling our head out of the sand on cybersecurity


techtuesdaylorelloreplacement1Welcome to our inaugural Tech Tuesday column. Each week, with the help of our partner the Chesapeake Regional Tech Council, we’ll feature insights from leaders in Maryland’s technology industries. These are the people in the forefront of harnessing technology to grow our companies, law firms and nonprofits, improve our lives and solve our biggest challenges.

The Ostrich Effect – we all succumb to it, and technology topics are subject to more than their fair share of it. How we came to believe that ostriches actually bury their heads in the sand when they see danger coming, I’ll never know. (Just to be clear – they don’t!) But, talk to someone about cybersecurity and watch how fast they hide.

In all fairness, it’s easy to ignore the very real threats of cyberattacks. They’re generally invisible (until they crash your system), there are so many possible targets (so why me?), and who would want my data anyhow (my information is so “normal”). If we want to pull our heads out of the sand, we need address these Ostrich Effect factors directly. We need to become more aware of the mind-boggling number of attacks that occur every day, how easy it is to become a target and how valuable our “normal” information is.

Do you feel like I was talking about you? Perhaps I was, but all of us hear lots of stories about protecting our own data, so I’d rather focus on something unexpected and somewhat frightening:  Our 911 systems are under cyber-attack!  Yet, the Ostrich Effect remains in full force.

Imagine dialing 911 during a crisis in your’s or a loved-one’s life. Now, imagine that no one answers your call for help. Why? Because a cyber-criminal has locked the 911 call center’s ability to receive your call.

According to the Department of Homeland Security, this scenario has happened hundreds of times across the country. Telephony Denial of Service (TDoS) attacks have been used to block the ability for the public to reach a particular 911 call center – known as Public Safety Answering Points (PSAPs).  TDoS attacks are generally created from internet-based call centers located outside of the United States that learn how to target that PSAP by generating a flood of calls that tie up its lines.  Then, cyber-criminals generally ask for a ransom payment to stop the attack.

Ransomware threats

TDoS attacks are a type of attack that can include a demand for ransom. A new and broader form of computer-based attacks, aptly termed ransomware, are on a meteoric rise. According to many of the cybersecurity threat analysis firms that monitor these types of attacks, we’ve seen anywhere from 200 percent to over 400 percent growth in the last year alone. Symantec places the number of ransomware attacks at over 4,000 per day.

Ransomware infects a computer/server by encrypting all of its files, making it inoperable and/or its data inaccessible. Cyber-criminals infect our 911 systems with this technique by luring unsuspecting 911 call takers to infected websites or, more frequently, by conducting sophisticated spear phishing attacks that entice the unsuspecting email reader to open an innocent-looking attachment that begins the infection process. Once the attack is executed, the criminals ask for ransom to be paid in untraceable “cryptocurrency” called bitcoins. Imagine the embarrassment of a police department paying a criminal to restore the function of its call dispatch center.

We can see why cyber-criminals would target our public safety call and dispatch centers, since they operate critical functions that cannot afford to be offline, making them more likely to pay a ransom.  Our approximately 6,000 PSAPs and about 70,000 police, fire, and emergency medical dispatch centers are meant to be found by the public; thus, they can be easily identified and targeted. Not much we can do about these two factors.

The way forward

But can we make cyberattacks more visible? Can we pull our heads out of the sand by understanding the breadth of the attacks and somehow visualize our internet traffic, recognizing friend from foe, and stop attacks before they do harm? Can we share attack information between centers allowing other “Ostriches” to learn from attacks and prevent repeat attacks? In short, can we find a way to protect the very people who protect U.S.?

Maryland is the epicenter of cybersecurity for our nation. Our companies are offering some of the finest cybersecurity products and services, providing some of the strongest cybersecurity solutions available. Through ingenuity and innovation, we’re creating methods to visualize internet traffic, identify threats and mitigate them.

Through collaboration, we’re keeping our front line defenders, those who answer and respond to our 911 calls for help, fully operational 24-7-365. Through continued conversations, education and this level of support, we can assist our public safety professionals in pulling to pull their heads out of the sand, seeing the threats and defeating them.

Tim Lorello is president & CEO of SecuLore Solutions, a cybersecurity firm focused on public safety. Prior to founding SecuLore, Lorello was SVP & chief marketing officer at TeleCommunication Systems and worked at AT&T Bell Laboratories, where he specialized in R&D for a preeminent telephony switching platform and the creation of the Advanced Intelligent Network platform.   He holds a master’s from Northwestern University and a B.A. in Physics from University of Chicago.

To purchase a reprint of this column, contact [email protected].