We all keep hearing, “It’s not a matter of IF but WHEN we open our screen to a cyber attack.” Well, on October 13, 2021, it was Hillel Yaffa Medical Center’s turn. Did you see the video? With panic pushing blood through their head of cybersecurity’s veins, he told everybody to immediately shut down their computers. It was a ransomware attack. 

This article is not about preparing you for a cyber attack, testing your BCP, or getting the latest cyber security tools. It’s about raising awareness and gathering support among our worldwide community of critical infrastructure cybersecurity defenders to stand down hackers by collaborating and sharing information amongst ourselves.  

Information sharing will help us expand our cyber threat intelligence (CTI).

A Long Time Ago, In a Galaxy Far, Far Away

You’ve seen Star Wars? It’s the good guys, the Jedi, vs the bad guys, the Sith, and they both have access to The Force, the invisible, all-powerful energy pervading the universe. The Jedi can only channel it for defense while the Sith can use it for aggression because the bad guys are not bound by rules. When the hero, Luke Skywalker, first faces the evil Darth Vader, Vader uses this unfair advantage to attack Luke. . .who winds up losing the battle–and his hand. 

The bad guys in our world, the hackers, have an unfair advantage. They share knowledge and tools, and they collaborate to perfect their attacks. Industrial cybersecurity in critical infrastructure is facing more attacks than ever before.  

Sure, you can prepare, but when a hacker—backed by the collaborative efforts of other hackers—targets your organization, it’s them against you. 

Protect Yourself – With Peer Support

It was meritorious of Hillel Yaffa to share what happened to them. It generated the awareness to prepare, but also the importance of sharing information to prevent other hospitals or medical facilities (or any critical infrastructure for that matter) from making mistakes that could cost lives. 

As cybersecurity leaders in critical infrastructure become increasingly aware of the importance of sharing cybersecurity incidents, they are left with uncomfortable questions. 

-Will sharing make me look weak? 

-Will I face legal implications?

-How would I share? 

-How much information should I share?

-With whom should I share?

Fighting Cybercrime Together 

We in critical infrastructure cybersecurity are all in the same boat and we are all vulnerable to these sophisticated, criminal acts, and we should accept that it’s most likely not a matter of if but when

If competing banks share data to block cyber attacks, why doesn’t everybody? 

By sharing intelligence, we can push back the date of when for others, and they can do the same for us. Together, we can enhance each other’s security posture and maximize our cyber security effectiveness by expanding the limited “good” resources at our disposal. 

This kind of information sharing can become part of a bigger trend to fight cybercrime and accelerate critical infrastructure cybersecurity readiness—through collaboration.

Manufacturers of OT products share, even though it might be embarrassing for them. Do you remember Schneider Electric’s revelation that their Easergy relays contained a vulnerability? That’s one story. There is another. . .about a hack on a world-renowned organization. 

The Hack Heard ‘Round the World

There was another case of information sharing. 

When the Red Cross was hacked in January 2022, Robert Mardini, the director-general of the International Committee of the Red Cross (ICRC), sent out an open letter explaining what happened. The letter also said: 

“Sharing such information is not a comfortable exercise, but I believe it is only by being transparent about our challenges that we can learn from them and improve our policies and practices.” -Robert Mardini, International Red Cross

What happened was attackers disguised themselves as legitimate users or administrators. They achieved this by optimizing malicious code for ICRC’s servers and anti-malware defenses and deployed obfuscation techniques. Their tools are commonly employed by advanced persistent threat groups.  

It’s a Start

Canada is considering legislation to force critical sectors to share information about cyber events. The ‘Vital systems’ cybersecurity law’ will require certain organizations to immediately report cyber breaches to their regulator. 

If a similar law comes to your region, how will it affect your strategy? Your allocation of resources? Your response to a cyber attack? 

Waze, the real-time driving directions app, boasts the slogan: Outsmarting traffic together. It’s time we begin outsmarting hackers together. 

Are you in?