Cyber Security in the Time of Corona
(Published https://thehill.com/opinion/cybersecurity/488010-could-fighting-coronavi...)
Dr. Marcus K. Rogers
Executive Director
The current COVID-19 pandemic has become a sobering experience in many ways. We are witnessing first-hand the negative impact that a fragmented national public health system has on our safety, health, and economy. Social isolation has become a stark reality/necessity for people around the globe including here in the United States. While social isolation has become the operational approach to slow down the spread of the COVID-19 virus (or at least flat the infection curve), this isolation has ripple effects across other components of our lives. A vast number of people are being asked to telecommute and work from home. Schools at the K-12 and University level are instructing students to stay away from campus and suspending face to face teaching. Faculty are being instructed to move all classes online. The entertainment and sports industries are canceling events and premiers. Restaurants and bars are closing. Major studios are rushing to move content to streaming services, the list will continue. While these responses are prudent, the result is that more of our lives are now funneled into the internet, internet technologies, and telecommunications. This strategy to move to the online cyber/virtual realm (at least in the interim) is happening with no real thought to any cybersecurity implications.
Historically cybercriminals have used crises to increase criminal activity and scams related to stealing Personally Identifiable Information (PII), Financial Information, and Personal Health Information in order to defraud victims. Foreign actors have spread disinformation and/or attempted to disrupt recovery operations as a means of causing more chaos. The same thing is and will happen with the COVID-19 crisis. We are already seeing cyber-attacks against the HHS in the United States and similar attacks in Europe. Scammers are sending fake emails and setting up fake COVID-19 health information web sites, trying to phish user ids and passwords. Other scammers are pretending to raise money to assist with replacement lunch programs for students, or the isolated elderly. No one should be surprised to see a jump in cybercriminal activity as these people are opportunistic and we currently find ourselves in the perfect storm for cyber attacks.
Increased cyber attacks are not the only ripple effect we could see. The Telecommunications and Mobile Network Operators critical infrastructure is now being asked to absorb an exponential increase in demand, with little or no ramp-up time. Like the public health system, these industries are fragmented and unequally prepared or capable across companies and regions. Internet and Mobile Network Operators will find their resources pushed to the maximum. We only need to look at recent natural disasters such as floods, and tornadoes to see how fragile this infrastructure is. The ability to communicate either via email or mobile phone with emergency services, loved ones, or the media to get information disseminated is essential during a crisis and the ensuing recovery period.
Social isolation will put a magnitude greater burden on the Telecommunications and Mobile Network infrastructure. We will now have millions of people working from home using, in some instances, local or regional providers attempting to connect to company networks. K-12 and University students are attempting to resume their studies online using e-learning, placing more burden on networks and the infrastructure. People will increase their use of streaming media for news and entertainment purposes, including on their mobile devices. This increased demand will also not follow the normal demand cycles, as now school time, the normal workday, and leisure activities no longer have rigid schedules, they will be somewhat blended together. This could potentially magnify the demand and further negatively impact bandwidth and availability.
It is vital that we understand that by shifting our lives even more into the realm of technology and cyber, there are risks that we need to be aware of and plan for Government, businesses, and schools need to provide some direction and advice to the general public on how to not only follow appropriate anti-COVID-19 hygiene, but also cybersecurity hygiene. Workers or students connecting from home have now extended the edges of the government, corporate, or school network to their homes. The same or similar cybersecurity policies, practices, and standards that someone would adhere to if they were physically sitting at work or school need to apply at home as well.
We may also need to consider metering our online activities to essential activities such as those related to our work, education, or essential communications, or at the very least following the more normal rhythm of the day (e.g., normal work or school hours).
There are many lessons that will be learned from the COVID-19 pandemic and the cost will be high in terms of lives and the economy. Hopefully, when we come out on the other side of this crisis we will also have a better understanding of how to protect our critical infrastructures and the real risks of living even deeper in cyberspace.
