Training To Prevent Cyber Attack

Sections of this topic

    “No one felt safe from anyone anymore. Many more millions died as brother turned against brother in the War Against Terror, and countries turned within, no longer wanting anything to do with the rest of the world; their world was enough. Then the terrorists exacted their revenge and used the Internet, the one link some countries still had to the outside world and caused global-based economies to fail and countries to fall apart.

    “Scientists glimpsed a doomed planet. Ineffective population controls spelled disaster for the entire world. Billions died in famines. Hundreds of millions died from air and water pollution. Still, millions died from criminal violence in their overcrowded neighborhoods. Surprisingly global warming and rupturing the ozone layer in the earth’s atmosphere never created the disasters that scientists had been predicting for the last century. For once, politicians were willing to listen to the scientists, who thought computers could do a better job running the world.

    “Even though democratic governments were willing to give up governing themselves in order to feed the people, it was too little commitment, too late.” — In Makr’s Shadow

    The above quote is from the Prologue of my science fiction novel, which isn’t out yet; I hope to finish final editing this summer. This isn’t a promo for that book, but rather an ominous look at something that concerns all of us, not only as trainers, but I think as members of the human race. I do mean to be dramatic for a reason; it’s important. Those who know me know I can be a sarcastic cynic at times or poke fun at what I think needs a nudge toward reality. This is my real moment.

    The idea is to be ready for the next war, but I don’t think we are.

    We used to have a saying in the military, and I think we still do, “We train for the war we don’t ever want to have.” But who can predict the future? The idea is to be ready for the next war, but we have no idea what form it will take. I am surprised to learn there are people out there at least trying to figure that out. Still, can you train for that any more than you can train to read minds?

    I ran across a Mark Twain saying, “History doesn’t repeat itself, but it does rhyme.” Interestingly enough I saw it used when talking about fighting cyber attacks, and it makes perfect sense. In a special issue of Government Executive, an article called The Wrong War by P.W. Singer and Shachtman who said, “The insistence of applying Cold War metaphors to cyber security is misplaced and counterproductive,” makes perfect sense. We have a tendency to fight wars like the last one we fought. What it seems we are just learning is that it doesn’t work very well. I don’t think this is just us silly Americans; the whole world has experienced this for ages. After the war starts and the fighting begins we realize our error and look for different ways to fight. The side that does it best is usually the victor. We always never want a war like the last one, and yet we always fight it the same way as the last one. Even the war against terror, we’re trying to fight as a conventional war with rules. One day, we’ll get it or we already have and folks are working in ways we are thankfully unaware of. Well, now we have a war we are trying to fight like we did the cold war.

    …that doesn’t begin to cover the magnitude of cyber espionage possible in both corporate business and government…

    While all wars and death are bad, the annihilation of entire civilization on this planet is worse. It is possible and people are at this minute trying to do just that, and for what money, power, revenge–all the usual stupid precursors of war. This war is being fought now. Although there exists a distinction between an “exploit and attack” that revolves around the use of a malicious action in cyberspace. An attack is equivalent to the use of force with conventional weapons and the serious loss of lives and destruction; an exploit is less deadly, but crippling in another way–economically. Financed by countries, there have already been two genuine cyber attacks used in such a way as to bring a country’s defenses down, according to James Andrew Lewis who writes about the threat: when a “virus destroyed critical equipment in an Iranian nuclear facility and when “Israel reportedly crippled Syrian air defenses during a raid on a suspected nuclear facility.” These are dangerous times.

    And, that doesn’t begin to cover the magnitude of cyber espionage possible in both corporate business and government, let alone criminal identity theft for the purpose of stealing just your money, but who you are.

    For once, Hollywood isn’t far off.

    For once, Hollywood isn’t far off. Remember the “fire sale” in the last Die Hard movie, when cyber criminals literally took control of computer systems running, not only our infrastructure but also the power grid? We could write several books on the subject but let’s stay closer to home. I think I’m scaring myself.

    The need for cyber threat and cyber security trainers is great. Countries are doing what they can to develop stronger regulatory laws and hire experts to ensure the safety of the Internet and their own internal electronic systems, security companies are looking to develop innovative ways to help. Training, of course, is always an issue. At all levels, not just government, small and large businesses, corporate conglomerates, International companies, non-profits, and individual finances, the toll of any breach of security can be staggering.

    • One pair of cyber criminals made $2 million in one year from “click” fraud (not sure what that is but I see people hacked every day on Facebook),
    • the FBI reported cyber criminals made $72 million from people paying to remove phony malware from their systems.
    • A gang in Russia robbed $9.8 million from a U.S. bank over a Labor Day weekend in 2008.

    It is reported that million-dollar crimes like these happen every day, but are “rarely reported.”

    While there are experts out there training cyber specialists and “hackers” to beat cybercriminals, that’s not to say they couldn’t use our help in addressing this problem in our training. We talk to a company about training needs. Even if we aren’t doing the actual cyber security training, see if it doesn’t help to remind the workers we are dealing with, especially whose job is to deal with the cyber world directly, that, as cool as this is in the movies, it is a very real threat to our existence. I think companies will appreciate we understand the world we and they share. In my book, the result after the terrorists bring down individual countries, people are so tired of war that they give up and turn everything over to the winner: the cyber world to run the world. Let the cyber servers determine what is needed to save the world from itself. Then, try and get it back.

    Did you know there are only 50 Internet providers that account for all the infected computers worldwide? We thought the world was small already. And, the threat is evolving every day, and so must we, or lose the battle.

    I Googled a few folks who list themselves as trainers and cyber specialists who can fight this cyber war, but I would caution anyone to look as deep as you can at any organization listed on the Internet, especially in this arena. No offense to the companies waging the war, but they should know better than us that the threat takes on the images we trust the most. I also included some government agencies like Homeland Security. So, here’s the list:

    And, the threat is evolving every day, and so must we, or lose the battle.

    Finally, just my thoughts on a topic of concern to everyone. I often talk about how we are so busy we sometimes forget to do the basics or obvious. I try to remind you–if I haven’t forgotten myself. Easier yet, I think to forget what’s invisible. Let’s not.

    For more resources about training, see the Training library.

    As always my opinions are my own. I welcome your comments, ideas, and extra information. I’m always willing to learn. I write about people mostly–training, working, and communication here, but also on the arts on my website. I am a speaker and trainer. I try my best to motivate others to learn what’s important in your world or mine. I am available at your convenience. For a look at the human side of training from my Cave Man perspective, please check out my book, The Cave Man Guide to Training and Development. Happy training.