michelangelus - Fotolia
In the cyber world, computer servers, routers, firewalls or other similar technology sit at the outermost edge, or perimeter, of a protected computer network. These cyberdevices form a boundary between vulnerable internal resources and outside networks, and hackers often focus on breaching these edge devices. For example, successful cyberattacks at the web application layer can bypass perimeter security provided by a network firewall, server and routers.
Similarly, threats resulting from climate change, which are also multifaceted and multidirectional in nature, can bypass traditional, one-dimensional, perimeter-focused cybersecurity strategies. By drawing connections between how climate change creates threats to critical infrastructure to how hackers threaten companies' data, we can provide insight into effectively preventing, detecting and responding to cybersecurity threats.
Storm water surge and buffer overflow
A storm water surge, for example, can serve as an effective analogy for understanding the implications of multidirectional cyberthreats. Storm water that exceeds the capacity of undersized storm systems and puts more water in the sewers than it can hold is referred to as a storm water surge that increases the potential for flooding and property damage.
Let's now examine when an analogous situation happens to a computer system, specifically when a computer program attempts to put more data in a buffer than it can commonly hold. A buffer is simply a small amount of memory used to temporarily hold data that is waiting to be processed. When this buffer is inundated with data, it creates a condition referred to as buffer overflow.
This poses a security threat because writing data outside the buffer or allocated memory can corrupt data, crash the program or allow the execution of malicious code created by a hacker. According to the Open Web Application Security Project, the top strategies to avoid buffer overflow include fully patching web and application servers and following bug reports on applications that support the code being used.
When a computer system gets overloaded with requests to a point where it causes problems in its ability to provide its specific service, it becomes a denial-of-service (DoS) attack. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests to overload systems and prevent some or all legitimate requests for service.
When a computer system is overwhelmed with an influx of packets that occupy the maximum number of connections, the target system's resources are depleted and its connection bandwidth is weakened. Drainage and sewer systems experience something similar to DoS attacks when confronted with the effects of climate change.
Flooding caused by excessive storm water is analogous to a computer system that is inundated with data. In the cases of both computers and sewers, even if the service of the system is not fully denied to legitimate users, a slowing or "degradation of service" may occur in a flooded system that results in compromised access, efficiency and performance.
Cybersecurity strategies to prevent DoS attacks typically involve the use of a combination of detection and response tools that block traffic identified as illegitimate and allow traffic identified as legitimate. Similarly, using detection and response tools that identify and block sewage traffic from mixing with storm water traffic would prevent combined sewer overflows (CSOs) and benefit communities that have flooding problems due to excess storm water. The identification and diversion of illegitimate traffic (pollution and sewage) and the allowance of legitimate traffic (storm water) is an example of an environmental application of a commonly used DoS cybersecurity strategy.
Cybersecurity strategies to prevent 'data overflow'
Buffer overflow is probably the best-known form of software security vulnerability. As we have discussed, a buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area past a buffer. A buffer overflow can be thought of as data that goes outside the bounds of a block of allocated memory to corrupt data, crash the program or allow the execution of malicious code.
Similarly, combined sewer overflows involve the mixing of excess inputs that compromise the system at large. A CSO is caused by storm water surges that enter sewer systems, mix with sewage and overflow into rivers. This process compromises the integrity of the drainage system and poses a threat to water quality, sanitation and infrastructure. The consequences of ecological flooding mirror a denial of service as it impairs the service of sanitation systems.
Preventing overflows to both computer and sewer systems can be approached in similar ways. Denial-of-service prevention tools can consist of front-end hardware placed on the network before traffic reaches the servers. It can be used on networks in conjunction with routers and switches. This front-end hardware analyzes data packets as they enter the system, and then identifies them as priority, regular or dangerous. Perhaps similar strategic hardware systems used to protect storm water drainage and storm sewer systems -- such as an intelligent sump basin that manages storm water run-off while diverting bad traffic like sewage and pollution -- can be developed to perform analogous work to remediate DoS attacks.
A new approach is needed to address multidirectional attacks, and cybersecurity strategies to deal with climate-related threats to critical infrastructure can help. One promising method applicable to both computer programs and sewer systems is an in-depth, multilayered defense strategy incorporating three phases: readiness, reaction and resolution. Much like the efforts to offset the ramifications of climate change, preventative technology that pre-emptively detects surges will better position these systems for eliminating excess input, recovering from attacks and restoring faculties to effectively perform their intended function.
About the author
Daniel Allen is president of N2 Cyber Security Consultants LLC and N2 Connected Vehicle Technology LLC. He holds a master's degree in cybersecurity and information assurance and is founder of The Center for Internet and Climate Security, where he focuses on the intersection of strategies for cybersecurity and climate change security risks.
Telecoms operator speeds up renewable energy plan
Google on course to reach renewable energy goal