Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Cybersecurity Matters When Catastrophe Strikes

Where disaster relief is concerned, cybersecurity is non-optional.
By Tim Mullahy
Members of the Oklahoma National Guard drive down Telephone Road in Moore, Oklahoma, May 21, 2013, en route to the neighborhoods devastated by a tornado. Cybersecurity needs to be a priority in the aftermath of major disasters when people and their personal data can be most vulnerable. U.S. Air Force photo by Senior Airman Mark Hyber
Members of the Oklahoma National Guard drive down Telephone Road in Moore, Oklahoma, May 21, 2013, en route to the neighborhoods devastated by a tornado. Cybersecurity needs to be a priority in the aftermath of major disasters when people and their personal data can be most vulnerable. U.S. Air Force photo by Senior Airman Mark Hyber

It’s easy to forget that in the midst of a catastrophe, physical safety isn’t the only thing that’s important. As technology’s role in disaster response and relief becomes more and more prevalent, cybersecurity becomes an essential part of the process. Here’s why.

Few people are more vulnerable than those impacted by a crisis. Whether a man-made attack or a natural disaster, the widespread destruction created by a large-scale emergency can leave countless individuals both destitute and in need of medical attention. Protecting these men, women and children requires more than a coordinated emergency response.

It requires an approach that puts cybersecurity front and center. An emergency by its nature generates a great deal of data. If both this data and the infrastructure responsible for its storage and transmission are not adequately protected, a great deal is at risk.

All agencies involved in a crisis must be mindful of the following: 

  • Communication between responders and relief workers.
  • Medical information about injured victims.
  • Financial details of donors associated with nonprofit agencies.
  • Information about relief efforts, including finances and aid funding.

There are potential consequences should any of the above be improperly secured. Victims of an emergency, already in a state of vulnerability, may suffer identity theft. Public sector agencies or nonprofits could see sensitive assets stolen, or suffer intrusions into critical systems. 

By their nature, criminals are opportunists. They take the path of least resistance, targeting those who are least likely to be capable of fending them off. An emergency in which everyone’s attention is potentially directed elsewhere makes for an incredibly attractive target.

In order to counteract this, agencies must take a security-first approach to emergency response and relief. This involves several steps: 

  • Prioritize encrypted communications. Inter-agency lines of contact should be established exclusively through secure channels. This includes both text messages and voice—starting with a secure crisis communication platform. 
  • Protect critical infrastructure. Each agency involved in the emergency response process must operate with an emphasis on maintaining a strong security posture and good security hygiene. This includes ensuring each agency budgets for a cybersecurity team, installs the proper software to protect their assets and trains all staff in the requisite best practices. 
  • Perform regular security audits on all responders and relief agencies. A third-party agency experienced in working with the public sector should regularly examine each organization involved in the disaster relief process to ensure they meet the necessary security standards. 
  • Collaborate and cooperate. The above tasks cannot be achieved in isolation. If the disaster relief process is to remain secure, every organization in the supply chain—from first responders to suppliers of medical and relief tools—must work together. Otherwise, those businesses that lack the necessary resources will be left behind. 

Where disaster relief is concerned, cybersecurity is not optional. Public sector agencies, nonprofits and emergency response organizations must all work together to protect the data of everyone involved, from volunteers to first responders to victims. This is no easy task, but it is a necessary one.

Because otherwise, we’re throwing the privacy of society’s most vulnerable people to the wind. 

Tim Mullahy is the executive vice president and managing director at Liberty Center One, Royal Oak, Michigan. Tim has a demonstrated history of working in the information technology and services industry.

Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA