Skip to main content

Advertisement

ADVERTISEMENT

Original Contribution

Information Warfare: Decrypting the Cyber Threat for EMS Part 1

Devin Kerins

Former FBI Director Robert Mueller said that cyber-security threats could pose a bigger threat to the U.S. than what we typically think of as “terrorism.” He says there are two types of companies in the U.S., “those that have been hacked, and those that will be hacked.”

Even more ominously, he says those two types of companies are quickly merging into “those that have been hacked, and those that will be hacked again.”

With all this talk about cyber vulnerabilities and threats, just what exactly is the danger to our nation’s emergency medical providers?

I would venture to guess that most readers have probably said “how could this possibly impact me?” If you did, know you’re not alone. For a long time, I had a hard time wrapping my head around just how EMS could be impacted by this nebulous cyber threat.

It wasn’t until I started working on scenario development for a major cyber terrorism exercise that I came to realize just how vulnerable our emergency services are to cyber disruptions.

One reason it may be difficult to fully accept the concept of EMS being at risk of a cyber attack is the term “cyber terrorism.” September 11 attacks and other events have embedded in our mind that terrorism should involve Hollywood-style explosions, chemicals, bullets or at least tangible carnage.

Cyber terrorism can take many forms. In fact, cyber terrorism occurs far more frequently than more traditional terrorism. However, since you can’t film it for the 6 o’clock news, it often goes unreported.

A better term for the purposes of raising your awareness of your risk would be cyber disruption or cyber intrusion.

This article is meant to raise the awareness of our EMS providers and to help them take steps to safeguard their operations and their patients. It is not meant to be a how-to guide of disrupting your systems. Nor is it meant to share any information that isn’t available through open source searches on the internet.

Understanding the whys of cyber disruption

To truly grasp the concept of cyber vulnerability, we have to understand the motivations for conducting cyber disruption. Cyber disruption can be conducted for many reasons. Among these motivating factors are:

  • Warfare – Cyber disruption can be used as a tool of war. Just prior to the Russian invasion of Georgia in 2008, Russians attacked the Georgian military command and control systems to disrupt coordination.
  • Terrorism – Cyber disruption can be a tool of terrorism by creating physical impacts that cause mass chaos, confusion and possibly casualties in an intended population.
  • Loss of confidence – Cyber disruption is an excellent tool at the disposal of groups that wish to prove a point, particularly when that point is that the citizens of a particular community or country should not trust that their government or public safety agencies can keep them safe.
  • Social awareness – Cyber disruption can be a tool to raise awareness for a particular cause.
  • Financial gain – Cyber intrusion is often used to access personal protected information or the systems of financial institutions for the purposes of identity theft or financial gain.
  • For the “lulz” – As much as it pains me to repeat the term “lulz”, cyber disruption is often carried out purely for the fun and sport of it.

Once we have examined the whys, we can look at the whos of cyber disruption. Among those out there looking to use cyberspace for nefarious purposes are:

  • Nation states – Make no mistake about it, countries unfriendly to the U.S. are exploring how to use our own technology and technological dependency against us.
  • Terrorist groups – Just as with nation states, terrorist groups are also exploring the possibility of using cyber attacks against the U.S. and its allies.
  • Social activist, or “Hacktivist” groups – Social activists have been using cyber space to increase awareness for their causes for a long time. Along with raising awareness for social causes has come the radicalization of cyberspace, and the use of cyber attacks by certain groups to gain attention for themselves. In December of 2011, the hacker group Anonymous accessed the email accounts of several Arizona Department of Public Safety employees in protest of the state’s immigration laws.1
  • “Script kiddies” – If I asked you to close your eyes and describe your vision of a “hacker”, you would probably describe an overweight, lonely high school student who is sitting in his mom’s basement and toying away on the computer trying to hack for fun in between puffs of his asthma inhaler and sips from his energy drink. Okay, maybe that’s just my vision. But “script kiddies” would be that type of hacker who is doing it for fun or just to see what they can do just to do it, and they tend to do it very well.
  • Organized crime – Organized crime has long since realized the potential for cyber space as a means to facilitate identify theft, theft of corporate secrets, embezzlement and a litany of other criminal activities. Remember: criminal enterprise is not just organized crime. Individuals seeking personal gain could use cyber disruption or terrorism as a means to their desired ends.
  • The insider threat – Fortunately for us, there is no such thing as a disgruntled employee in EMS… right? Why did it suddenly get quiet in here? Employees who have been terminated on bad terms, or even current employees on seemingly good terms can still present a threat if they have access to critical information or systems. Think for a moment what information someone could walk away with if they accessed your personnel or billing records.

As time progresses, so does the organization of these groups. Lonely hackers are beginning to join together in cyber groups. Social hacktivists are forming well-coordinated cyber armies. Nation states and terrorist groups are turning to the well established expertise of organized cyber criminal enterprises. With such progression, it is easy to see why agencies such as the FBI and the Pentagon are concerned with cyber terrorism.

Key Terms

  • Cyber terrorism: unlawful attacks and threats of attack against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives
  • Cyber disruption: The use of cyber technology to disrupt essential functions or processes
  • Cyber intrusion: An incident of unauthorized access to data or an automated information system

References

1. Hackers claim attack on Arizona public safety accounts. Federal News Radio, https://www.federalnewsradio.com/?nid=244&sid=2687842.

Devin Kerins is the regional exercise officer for FEMA Region II. In this role, he has helped develop and conduct cyber-terrorism exercises in New York, New Jersey, Puerto Rico and the U.S. Virgin Islands, as well as assisting in the development of cyber exercises nationwide. He is a part-time paramedic with Holy Name Hospital in Teaneck, NJ. Devin is also the author of several books, including the “EMS: The Job of Your Life” series.

 

Advertisement

Advertisement

Advertisement