The NYSE system crash was an infosec incident
On Wednesday, July 8, a number of information systems suffered “glitches,” causing speculation that the US may be under a coordinated cyber attack. In the morning, United Airline grounded more than a thousand flights due to computer issues; around noon, the New York Stock Exchange (NYSE) suspended trading due to a “technical issue;” shortly after, the Wall Street Journal’s (WSJ) website went down; and during all this, the New York subway had train issues, and thousands of customers in D.C. lost power. It must be the Cyber Armageddon, right?
Probably not. While this may sound like the “Firesale” scene out of Die Hard 4, these issues can all be traced to normal computer and information system failures and mistakes. However, whether or not hackers were responsibility for these events, they do qualify as serious infosec incidents.
If you’ve been in information security for a while—especially if you are a CISSP—you’ve probably heard of the CIA triad. In this context, CIA stands for confidentiality, integrity and availability, and these are the attributes security professionals need to maintain in their information systems.
- Keep your organization’s data confidential and only accessible by authorized users.
- Maintain the integrity of your data, so that it isn’t lost or modified by unauthorized users.
- Make sure that data is always available to those who are authorized to use it.
As security professionals, we often spend most of our time thinking about the “C” and “I” in the CIA triad. After all, these are the “sexy” aspects of infosec. Who doesn’t want to protect their organization from malicious hackers on nefarious insider attackers? However, the third attribute, the “A,” is just as important, if not more so. What good are our data and information systems if they’re not available to access? You’re much more likely to encounter a run of the mill problem that brings your systems down, then you are a purposeful cyber attack. Yet, accidental downtime can cause your organization just as much time and money as a persistent cyber attack. That’s why availability is just as important a part of an infosec warrior’s job as defending against cyber attackers. That’s also why the incidents from last Wednesday were information security incidents, even if hackers weren’t involved.
With this in mind, let me share (remind you of) three high-level availability tips you should follow to make sure your business avoids suffering the infosec incidents that the NYSE, United Airlines and WSJ dealt with recently.
1. Have a plan – I know it’s simple. Having a disaster recovery and business continuity (DRBC) plan is one of the most important parts to maintaining availability. To have a plan, you need to acknowledge that problems can happen and imagine ways to continue business and solve those problems when you encounter them. It’s the difference between panic and extended downtime versus a clear guide to resolving an issue quickly. Granted, creating a plan is not simple work. It requires you enumerate all your organization’s important data and systems, find interdependencies between them, and architecting your infosec solution in a way that it can quickly recover from technical issues as long as you follow some pre-described steps. If you do this you’ll be able to recover quickly and keep business running after any disaster, whether it’s an unexpected flood or a targeted cyber attack.
2. Maintain backups – Again, a simple tip, but one some organizations don’t have the disciple to follow. Infosec is all about protecting the data our systems rely on for business. Obviously, a core aspect of that defense is making sure we never lose that data. As simple as it sounds, you need to make the effort to continually backup your most critical data and make sure to have an offsite backup location or two so you can survive any incident.
While we’re talking about data backup, don’t forget to have systems backups too. In this new “virtualized” world, there is little excuse for not maintaining multiple copies of your most critical IT systems. In the past, it may have been financially daunting to have multiple physical versions of your IT systems at different locations; waiting to take over if your primary systems fail. However, with virtualization, this becomes a less costly and more realistic possibility for even the smallest organization. I highly recommend you leverage virtualization to help you build a more resilient IT infrastructure.
3. Remain vigilant – In order to make sure your systems are always available, you need network and security visibility tools to monitor their health. If you don’t have tools that help you make sure that systems are running smoothly, you won’t know when a problem might be developing that will bring the entire infrastructure to a halt. Invest in network and visibility tools that help you monitor the health of your network, and have good people monitoring them. Also, make sure these visibility tools include automated notifications and alerts, since no human can watch them 24/7.
Despite the fact we didn’t learn that a sophisticated new cyber threat actor coordinated a targeted attack on three separate businesses on the same day, the NYSE, WSJ and United incidents did constitute serious information security problems. You can’t prevent every “glitch” that happens to your infosec systems. However, with the proper preparation, and a focus on availability, you can recover from these sorts of information security incidents much more quickly to ensure your organizations loses less time, money and customers. If you want your network to survive another day, add a little “A” to your CIA.