Defense in Depth is Needed Now More Than Ever
DUBLIN, Ohio, August 19, 2022 –
America has seen a lack of leadership, in many areas, from the federal government. The summer has plagued families with record-setting gas prices, there are stores and markets with empty shelves, and news coverage of nothing but war, terror, and wildfires. On July 22nd, as America sat on the shore in the anguish of cyberattacks levied against her and her people, a new ship crest the horizon. Its name, SD02C.
Department of Homeland Security
The Department of Homeland Security took a major step forward in the name of security for this Country. What did they do? They didn’t add more TSA agents to the airports, nor did they increase the numbers of border patrol. It wasn’t a grand event televised with US leaders. Undoubtedly, very few people are probably aware this even took place. The true beauty of it all is that what DHS did for America isn’t something we can see or feel. The memorandum that was signed on July 22nd was addressed to organizations that own or operate covered pipelines here in the US, outlining a set of standards to be implemented in each organization’s cyber environment. The Department of Homeland Security called for implementing Defense in Depth. Now, I’m sure you’re wondering, “Why should I believe that this is a major step forward for security in this country…” Or “These companies need to have email protection, big deal. That doesn’t help keep us secure.”
Colonial Pipeline
Let me bring you back to 2021. Colonial Pipeline was shut down by a simple ransomware attack. The line running from Texas up the East Coast all the way to New York was forced to stop pumping, halting millions of gallons of fuel for jets and vehicles. Planes couldn’t take off, goods couldn’t be shipped, and you couldn’t fuel your car. Not because the price of gas was so high, but because there literally was no gas to refill the pumps. This incredible event can be attributed to one failure, one company that didn’t have the proper cyber security protection. You could argue that, although inconvenient, that’s not a threat to national security – it’s not a matter of life or death.
Let’s consider this hypothetical: what if that pipeline didn’t move fuel for cars and jets, but instead it moved natural gas? Let’s say instead of May, this was January. For the sake of it, there’s a polar vortex moving down the East Coast from Canada. What happens to you now when that natural gas fuel – which is moved through a cover pipeline, can’t get to your home because the company that owns that line – is being held for ransomware by cyber criminals? Now, that company’s cyber security, or rather lack thereof, has become a matter of national security. Millions of Americans are left vulnerable, unable to heat their homes, and cook food for their families – they will struggle to meet their basic survival needs.
Defense In Depth
The memorandum put into place outlines a set of separate controls that work in unison. A system where if one control goes down, the others can still function, providing layered protection to preserve the cyber integrity of an organization. The prescribed layered approach to security is nothing new to Dark Rhino Security, in fact, we have been using the term Defense in Depth with our clients to describe our services for years. Like the Department of Homeland Security, we too were able to make a giant step forward recently in the name of security. Only our steps can be measured in the form of dollar bills. Dark Rhino is offering our clients up to a 1 million dollar insured warranty against an incident when the client subscribes to our 100% custom “Defense in Depth” service. We are risking our own money, reputation, and pride to back our clients. Over the course of 5 years, we have vetted, tested, and analyzed hundreds of security technologies and processes. Like a skilled baker who carefully picked the perfect ingredients for his cake, we are eager for the world to have a slice.
Written by Rory Meikle
He can be reached at rory@darkrhinosecurity.com
