frightening part of all of this is that the data was found on third-party servers in many countries, including the United States, France, the UK, India, Spain, and others.
It was fortunate that the findings were reported to the impacted organizations in time and the FBI and Interpol worked on closing the thousands of open servers around the globe. Imagine the terrorism disaster that could have occurred had this information not been discovered due to a lack of interest and blind obliviousness.
As the world continues establishing even more interconnectivity, it becomes more critical than ever to position industry leaders to have better foresight before a crisis even happens.
AN ISOLATED PERSPECTIVE HAS MANY LIMITS
John Yates, QPM, is a former assistant commissioner in the London Metropolitan Police Service. He retired in November 2011 after a 30-year career. In his last role, John was the UK lead for counterterrorism and the most senior advisor to the prime minister and home secretary on law enforcement issues relating to terrorism. In this role he was also responsible for protecting the royal family and senior government ministers as well as the Houses of Parliament and Heathrow Airport.
John is currently the director of security for Scentre Group, which owns and operates Westfield Shopping Centres in Australia and New Zealand. He shared his lessons for the cyber industry from his counterterrorism days:
“One of the key roles of leaders is to keep out of the weeds and be constantly looking up, thinking broadly and identifying trends. I want to talk about a relatively little known case in London in 2010. It was a case that should have been examined in much more detail because it was one of the principal precursors to a deadly and murderous shift – the radicalization of predominantly young people – that plagued the efforts of those seeking to counter terrorism for many years and, indeed, continues to do so.”
In a time where radicalization was little understood, particularly by young vulnerable people, Roshonara Choudhry, a final-year student at King's College, London, and from a good Bangladeshi family, brought two knives to Beckton Globe Library, where MP Stephen Timms was conducting his constituency clinic. Choudhry stabbed Timms twice in his abdomen.
“She missed his life organs by two millimeters. He nearly died.” John further explained that Timms was the most popular MP in the country at that time, and he represented a community with a large population of Muslim residents. Yet Choudhry targeted him because he voted for the Iraq war. Despite Timms's work in the community, Choudhry had been radicalized online.
John continued, “This case was initially dealt with by the local homicide squad. It took us over 24 hours to realize that this was in fact a terrorist attack, being that it clearly fit the long accepted definition – the unlawful use of violence and intimidation for political or ideological aims.
“It was actually the first successful terrorist attack in London since the July bombings in 2005. So at the time, the case was taken over by the counterterrorism command and Choudhry was convicted and sentenced to life imprisonment.
“But we stopped there. For two years, we didn't really do anything, and then suddenly the whole problem of people being radicalized began to play out in developed countries, particularly in the Western world. ISIS emerged and the online community became an effective vector to radicalize people.
“What happened in 2010 was a significant event. What we failed to do was to identify the broader implications – that Al Qaeda and, later, ISIS were using social media and other online means to target vulnerable people – and pose the question, could this happen again and what should we be doing about it now?
“One of the duties of leaders is to take any extraordinary or unusual events and reflect on the underlying issues, to consider what the themes are that need to be addressed. Is there something that we need to be doing here in the education environment? Is there something that we should consider about the public warnings?
“We didn't do any of that for a number of years and then we got way behind in terms of our ability to understand the motivations of these people and to understand the impact it was having, particularly on young people.
“And then you fast-forward seven years, you've got a 14-year-old child in the Northwest of England being convicted of terrorism for trying to radicalize young people in Australia to carry out an attack in Melbourne on Mother's Day.
“All those factors were there in 2010; Choudhry was the first manifestation, and with serious consequences, in the developed world. We didn't open our eyes to the broader issues back then. We just dealt with it as a very serious attempted murder, and put it back in the box. We did not sit back, reflect, debrief, and consider the implications more broadly. It's something we should have done at that time, and it was most regrettable that we did not.”
John's lessons are even more applicable in today's modern digital world. There is merit in studying the past and present incidents, considering the context of each, trying to gain a macro perspective and thinking about the bigger picture of what it could evolve into in the future.
When an event is looked at in isolation, it will always project a narrow view, which limits one's ability in preempting and preparing for the best defense response.
Likewise, in examining a cyberattack, it cannot be viewed in isolation. Effort and care should be taken in studying the source – is it just a random phishing attack, where is this coming from, are there other breaches instigated by an insider threat, is it a competitor that is trying to undermine your shareholder value, or did you happen to fall prey as a pawn in the grand scheme of geopolitical affairs?
When we look at the advancement and sophistication of these cyberattacks over recent years, we need to retain a holistic view of what these changing implications might mean for the overall organizational and individual risk.
Military leaders point out that capabilities take a long time to develop, but intentions can change overnight. In other words, the cyberattack impacts and response will not only center on current technology solutions, but also on what scenarios could happen in the future.
LEARNING FROM OUR PAST TO LEAD OUR FUTURE
While there are numerous management actions competing for attention, one clear priority that cuts across the public and private sectors is ensuring the leadership skills and capabilities of your team –especially the CISO or equivalent leadership role. To achieve any measure of success at dealing with cyber incidents, a CISO with the required background, accountability, training, real-life experiences, relationships, and tools to do the job is a must.
One such CISO is Mark Weatherford, currently the chief strategy officer at the National Cybersecurity Center and CISO at AlertEnterprise. Mark served previously as the deputy undersecretary for cybersecurity in the U.S. Department of Homeland Security (DHS) and vice president and CSO for the North American Electric Reliability Corporation (NERC), in addition to other senior leadership roles in cybersecurity.
While Mark was the CISO for the State of California in the mid-2000s, he experienced what organizations should not be doing when hiring for this vital role.
Because Mark was the first CISO in the state, it was important to him to put a face to the name of cabinet secretaries and agency heads. As such, he made the rounds to visit each of them and also to tell them about the governor's vision of Mark's statewide role and what he hoped to accomplish across state government. Mark also offered his assistance in everything from procurement to policy development to technology infrastructure to staffing. His proactive outreach seemed to be well-received and generally met with enthusiastic
