By Dan Allen, Research Fellow
In the cyberworld, computer servers, routers, firewalls, and other similar technologies, sit at the outermost edge, or perimeter, of a protected computer network. These cyber devices form a boundary between vulnerable internal resources and outside networks (such as the internet), and hackers often focus on breaching these “edge” devices. For example, successful cyberattacks at the web application layer perimeter can bypass perimeter security provided by a network firewall, server, and routers. Similarly, threats resulting from climate change, which are also multifaceted and multidirectional in nature, can bypass traditional, one-dimensional, perimeter-focused risk prevention methods such as the infamously inadequate system of storm categorization that measure a storm’s strength in terms of wind velocity, but says little about how a storm will interact with the tides to create a destructive storm surge.
By drawing connections between climate change threats to critical infrastructure, and cyberthreats to critical data, we can find transferable insights for effectively preventing, detecting, and responding to both. This is especially important in a world that will very likely experience both more frequent and severe flood events, as we saw in Houston Texas in August 2017, as well as more frequent and severe cyberattacks, which in recent years have placed significant strains on some of our core institutions.
Storm water surge and buffer overflow
A storm water surge serves as an effective analogy for understanding the implications of multidirectional cyberthreats. Storm water that exceeds the capacity of undersized storm systems and puts more water in the sewers than it can hold is referred to as a “storm water surge.” Excess storm water can increase the potential for flooding and property damage.
An analogous situation often happens to a computer system, specifically when a computer program attempts to put more data in a buffer than it can commonly hold. A buffer is simply a small amount of memory used to temporarily hold data waiting to be processed. When this buffer is inundated with data, it creates a condition referred to as Buffer Overflow. This poses a security threat because writing data outside the buffer or allocated memory can corrupt data, crash the program, or allow the execution of malicious code created by a hacker. According to the Open Web Application Security Project (OWASP), the top strategies to avoid Buffer Overflow include fully patching web and application servers, and following bug reports on applications which support the code being used.
Denial of service
When a computer system gets overloaded with requests to a point where it causes problems in its ability to provide the specific service it was meant for, it becomes a cybersecurity condition commonly known as a Denial-of-Service (DoS) attack. Denial-of-service is typically accomplished by flooding the targeted machine or resource with superfluous requests to overload systems and prevent some or all legitimate requests for service. A DoS attack is analogous to a store entrance being overcrowded with loiterers. The influx of loiterers prevents legitimate customers from entering the business, disrupting normal operations and denying customers access to that service. When a computer system is overwhelmed with an influx of packets that occupy the maximum number of connections, the target system’s resources are depleted and its connection bandwidth is weakened.
Drainage and sewer systems experience similar DoS attacks when confronted with the effects of climate change. Flooding caused by excessive storm water is analogous to a computer system that is inundated with data. In the cases of both computers and sewers, even if the service of the system is not fully denied to legitimate users, a slowing or “degradation-of-service” may occur in a hacked or flooded system, resulting in compromised access, efficiency, and performance.
Cybersecurity responses to denial-of-service attacks typically involve the use of a combination of detection and response tools that block traffic identified as illegitimate, and allow traffic identified as legitimate. Similarly, using detection and response tools that identify and block sewage traffic from mixing with storm water traffic would prevent combined sewer overflows (CSOs) and greatly benefit communities that experience excessive storm water. The identification and diversion of illegitimate traffic (pollution and sewage) and the allowance of legitimate traffic (storm water) is an example of an environmental application of a commonly used DoS cybersecurity strategy.
Cybersecurity strategies for stormwater surges?
Given similarities between cybersecurity breaches and stormwater surge risks to critical infrastructure, strategies for combating cybterthreats can inform the way in which we combat stormwater surges and other flood events. As mentioned previously, a Buffer Overflow is probably the best-known form of software security vulnerability. To reiterate, this occurs when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area past a buffer. In other words, this is data that flows outside the bounds of a block of allocated memory, which can corrupt data, crash the program, or allow the execution of malicious code.
Similarly, Combined Sewer Overflows involve the mixing of excess inputs which compromises the system at large. CSOs are caused by storm water surges that enter sewer systems, mix with sewage, and overflow into rivers. This process compromises the integrity of the drainage system and poses a threat to water quality, sanitation, and infrastructure. The consequences of ecological flooding mirror a denial-of-service as it impairs the service of sanitation systems.
Preventing overflows to both computer and sewer systems can be approached in similar ways. Denial-of-service prevention tools can consist of placing application front-end hardware (considered “intelligent” hardware) on the network before traffic reaches the servers. It can be used on networks in conjunction with routers and switches. Application front-end hardware analyzes data packets as they enter the system, and then identifies them as priority, regular, or dangerous.
A similar strategic hardware system for storm water drainage and storm sewer systems—such as an intelligent sump basin which manages storm water run-off while diverting bad traffic like sewage and pollution—can be developed to perform analogous work to remediating DoS attacks.
A Multidirectional Alternative Strategy
Drawing on recent catastrophic climate events, a new strategic approach is needed to address these more frequently occurring disasters. Using a multidirectional strategy that work with both cyberattacks and climate change threats could be of great value. Preventative technology that preemptively detects surges will better position these systems for eliminating excess input, recovering from attacks, and restoring faculties to effectively perform their intended function. Identifying and creating typologies of cyber and climate threats with similar characteristics can help us develop best practices across both fields, ultimately enhancing the nation’s security to these nontraditional threats.