Cybersecurity Trends & Statistics For 2023: More Treachery And Risk Ahead As Attack Surface And Hacker Capabilities Grow

Every year I peruse emerging statistics and trends in cybersecurity and provide some perspective and analysis on the potential implications for industry and government from the data. While cybersecurity capabilities and awareness seem to be improving, unfortunately the threat and sophistication of cyber-attacks are matching that progress.

The 2023 Digital Ecosystem

The emerging digital ecosystem is treacherous. In our current digital environment, every company is now a reachable target, and every company, large or small, has operations, brand, reputation, and revenue pipelines that are potentially at risk from a breach.

For 2023 and beyond the focus needs to be on the cyber-attack surface and vectors to determine what can be done to mitigate threats and enhance resiliency and recovery. As the interest greatly expands in users, so do the threats, As the Metaverse comes more online it will serve as a new vector for exploitation. Artificial intelligence and machine learning, while great for research & analytics (i.e. ChatGPT). However, AI tools can also be used by hackers for advanced attacks. Deep fakes are already being deployed and bots are continuing to run rampant. and the geopolitics of the Russian invasion of Ukraine has highlighted the vulnerabilities of critical infrastructure (CISA Shields Up) by nation-state threats, including more DDSs attacks on websites and infrastructure. Most ominous was the hacking of a Ukrainian satellite.

Here are some initial digital ecosystem statistics to consider: According to a Deloitte Center for Controllership poll. “During the past 12 months, 34.5% of polled executives report that their organizations’ accounting and financial data were targeted by cyber adversaries. Within that group, 22% experienced at least one such cyber event and 12.5% experienced more than one.” And “nearly half (48.8%) of C-suite and other executives expect the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead. And yet just 20.3% of those polled say their organizations’ accounting and finance teams work closely and consistently with their peers in cybersecurity.” Nearly half of executives expect cyber-attacks targeting accounting, other systems Nearly half of executives expect cyber attacks targeting accounting, other systems (



AI and ML Making Impacting the Cyber-Ecosystem in a big Way in 2023 and Beyond

International Data Corporation (IDC) says AI in the cybersecurity market is growing at a CAGR of 23.6% and will reach a market value of $46.3 billion in 2027 Please see: Experts predict how AI will energize cybersecurity in 2023 and beyond | VentureBeat

My Take: AI and ML can be valuable tools to help us navigate the cybersecurity landscape. Specifically it can (and is being) used to help protect against increasingly sophisticated and malicious malware, ransomware, and social engineering attacks. AI’s capabilities in contextual reasoning can be used for synthesizing data and predicting threats.

They enable predictive analytics to draw statistical inferences to mitigate threats with less resources. In a cybersecurity context, AI and ML can provide a faster means to identify new attacks, draw statistical inferences and push that information to endpoint security platforms.

While AI and ML can be important tools for cyber-defense, they can also be a two edged sword. While it can be used to rapidly identify threat anomalies and enhance cyber defense capabilities, it can also be used by threat actors. Adversarial Nations and criminal hackers are already using AI and MI as tools to find and exploit vulnerabilities in threat detection models.

Cyber criminals are already using AI and machine learning tools to attack and explore victims’ networks. Small business, organizations, and especially healthcare institutions who cannot afford significant investments in defensive emerging cybersecurity tech such as AI are the most vulnerable. Extortion by hackers using ransomware and demanding payment by cryptocurrencies may become and more persistent and evolving threat. The growth of the Internet of Things will create many new targets for the bad guys to exploit. There is an urgency for both industry and government to understand the implications of the emerging morphing cyber threat tools that include AI and ML and fortify against attacks.

Please also see the recent FORBES article discussing three key applications of artificial intelligence for cybersecurity including, Network Vulnerability Surveillance and Threat Detection, Incident Diagnosis and Response, and applications for Cyber Threat Intelligence Reports: Three Key Artificial Intelligence Applications For Cybersecurity by Chuck Brooks and Dr. Frederic Lemieux Three Key Artificial Intelligence Applications For Cybersecurity by Chuck Brooks and Dr. Frederic Lemieux (

Cyber-Crime and the Cyber Statistics to Explore so Far in 2023

Cyber-crime is growing exponentially. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. Please see: eSentire | 2022 Official Cybercrime Report There are many factors for such growth and some of them will be explored in more detail below.

Open Source Vulnerabilities Found in 84% of Code Bases

It starts with open source code. Unfortunately, according to Synopsys researchers, at least one open source vulnerability was found in 84% of code bases. The vulnerability data was included in Synopsys’ 2023 Open Source Security and Risk Analysis (OSSRA) report on 2022 data. Since most software applications rely on open source code, this is still a significant cybersecurity issue to address.

The report noted: “open source was in nearly everything we examined this year; it made up the majority of the code bases across industries,” the report said, adding that the code bases contained troublingly high numbers of known vulnerabilities that organizations had failed to patch, leaving them vulnerable to exploits. All code bases examined from companies in the aerospace, aviation, automotive, transportation, and logistics sectors contained some open source code, with open source code making up 73% of total code. “

As significant as the risks from the open source code are, they can be detected by penetration testing and especially by patching. The report found that patches clearly are not being appplied. It cited that “of the 1,481 code bases examined by the researchers that included risk assessments, 91% contained outdated versions of open-source components, which means an update or patch was available but had not been applied.”

Please see: At least one open source vulnerability found in 84% of code bases: Report At least one open source vulnerability found in 84% of code bases: Report | CSO Online

On way that hackers take advantage of code vulnerabilities and open source flaws is via zero-day exploits. Recently a ransomware gang used a new zero-day flaw to steal data on 1 million hospital patients. “Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients. The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT.” Clop claims it mass-hacked 130 organizations, including a US hospital network

My Take: as a remedy to avoid vulnerability exploits and keep open source code updated, the report suggested that organizations should use a Software Bill of Materials (SBOMS) . I agree, in addition to Pen testing, SBOMS are an important way to map systems and organize to be more cyber secure. An SBOM is basically a list of ingredients that make up software components and serves as a formal record containing the details and supply chain relationships of various components used in building the software. I wrote about this extensively in a previous FORBES article.

In the article, Dmitry Raidman. CTO, of a company called Cybeats offered insights into l specific use cases for SBOMS. They include transparency into software provenance and pedigrees, continuous security risk assessment, access control and sharing with customer who can access and what data can be seen, threat intelligence data correlation, software composition license analysis and policy enforcement, software component end of life monitoring, SCRM – Supply Chain Risk Management and supply chain screening, SBOM documents repository and orchestration, efficiency in data query and retrieval.

Clearly, SBOMS are a good path forward in discovering and correcting open source vulnerabilities in code. Please see: Bolstering Cybersecurity Risk Management With SBOMS Bolstering Cybersecurity Risk Management With SBOMS (

Phishing Continues to be a preferred Method of Hackers in 2023

Phishing is still the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization, or a website you may frequent.

Advances in technology have made it easier for hackers to phish. They can use readily available digital graphics, apply social engineering data, and a vast array of phishing tools, including some automated by machine learning. Phishing is often accompanied by ransomware and a tactic for hackers is to target leadership at companies or organizations (spear-phishing) because they usually have better access to valuable data and make ready targets because of lack of training.

According to the firm Lookout, the highest rate of mobile phishing in history was observed in 2022, with half of the mobile phone owners worldwide exposed to a phishing attack every quarter. The Lookout report was based on Lookout’s data analytics from over 210 million devices, 175 million apps, and four million URLs daily. The report noted that “non-email-based phishing attacks are also proliferating, with vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) increasing sevenfold in the second quarter of 2022. And that “the damage can be colossal for businesses that fall victim to mobile phishing attacks: Lookout calculated that the potential annual financial impact of mobile phishing to an organization of 5000 employees is nearly $4m.

The report also noted that “Cybercriminals mostly abused Microsoft’s brand name in phishing attacks, with more than 30 million messages using its branding or mentioning products like Office or OneDrive. However, other companies were also frequently impersonated by cybercriminals, including Amazon (mentioned in 6.5 million attacks); DocuSign (3.5 million); Google (2.6 million); DHL (2 million); and Adobe (1.5 million).”

Please see: Record Number of Mobile Phishing Attacks in 2022 Record Number of Mobile Phishing Attacks in 2022 – Infosecurity Magazine (

Ransomware and Phishing: the current state of cyber-affairs is an especially alarming one because ransomware attacks are growing not only in numbers, but also in the financial and reputational costs to businesses and organizations.

Currently, ransomware, mostly via phishing activities, is the top threat to both the public and

private sectors. Ransomware allows hackers to hold computers and even entire networks hostage for electronic cash payments. In the recent case of Colonial Pipeline, a ransomware attack disrupted energy supplies across the east coast of the United States.

“In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. Only 50% of these organizations managed to retrieve their data after paying the ransom. Additionally, a little over 66% of respondents reported to have had multiple, isolated infections.” Please see: New cyberattack tactics rise up as ransomware payouts increase New cyberattack tactics rise up as ransomware payouts increase | CSO Online

My Take: Since most of us are now doing our work and personal errands on smartphones, this is alarming data. But there are remedies. Training employees to identify potential phishing emails is the first step in prevention, but many of the obvious clues, such as misspelled words and poor grammar, are no longer present. Fraudsters have grown more sophisticated, and employees need to keep up with the new paradigm.

Human errors are inevitable, however, and some employees will make mistakes and accidentally fall victim to phishing. The backup system at that point should include automated systems that can silo employee access and reduce damage if a worker’s account is compromised. The best way is to establish and monitor administrative privileges for your company. You can limit employee access or require two [authentication] steps before they go there. A lot of companies will also outlaw certain sites that workers can’t go visit, so it makes it more difficult to get phished.

My additional advice to protect against phishing and ransomware, is to make sure you backup your valuable data (consider encrypting it too), preferably on another device segmented from the targeted PC or phone. If you are a small business or an individual, it is not a bad idea to invest in anti-phishing software. It adds another barrier. I also recommend monitoring your social accounts and credit accounts to see if there are any anomalies on a regular basis.

Business E-mail Compromise

Often done in coordination with phishing, business email compromise is still a serious cybersecurity issue. A research company Trellix determined 78% of business email compromise (BEC) involved fake CEO emails using common CEO phrases, resulting in a 64% increase from Q3 to Q4 2022. Tactics included asking employees to confirm their direct phone number to execute a voice-phishing – or vishing – scheme. 82% were sent using free email services, meaning threat actors need no special infrastructure to execute their campaigns. Please see: Malicious actors push the limits of attack vectors Malicious actors push the limits of attack vectors – Help Net Security

“Seventy-five percent of organizations worldwide reported an attempted business email compromise (BEC) attack last year. While English remained the most common language employed, companies in a few non-English nations witnessed a higher volume of attacks in their own languages, including organizations in the Netherlands and Sweden, which reported a 92% jump in such attacks; in Spain, with a 92% jump; Germany, with an 86% increase; and France, with an 80% increase.” Please see: New cyberattack tactics rise up as ransomware payouts increase New cyberattack tactics rise up as ransomware payouts increase | CSO Online

“Business Email Compromise (BEC) attacks are no longer limited to traditional email accounts. Attackers are finding new ways to conduct their schemes — and organizations need to be prepared to defend themselves. Attackers are leveraging a new scheme called Business Communication Compromise to take advantage of large global corporations, government agencies and individuals. They are leveraging collaboration tools beyond email that include chat and mobile messaging — including popular cloud-based applications such as Slack, WhatsApp, LinkedIn, Facebook, Twitter and many more — to carry out attacks.” Please see: The evolution of business email compromise to business communication compromise The evolution of business email compromise to business communication compromise (

My Take: business emails have been a top target of hackers. Accordingly, organizations need to create a corporate risk management strategy and vulnerability framework that identifies digital assets and data to be protected, including sensitive emails. Such as risk management strategy should be holistic and include people, processes, and technologies. This includes protecting and backing up email data, and the business enterprise systems such as financial systems, email exchange servers, HR, and procurement systems with new security tools (encryption, threat intel and detection, Identity Access Management, firewalls, etc.) and policies. That risk management approach must also include knowing your inventory and gaps, integrating cybersecurity hygiene practices, procuring, and orchestrating an appropriate cyber-tool stack.

Fraud is Trending Digital, Especially Identity Theft

Fraud has always been a societal problem, but it is being compounded by the expansion of criminals in the digital realm. The cost is going higher as more people do their banking and buying online.

Federal Trade Commission (FTC) data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Much of this fraud came from fake investing scams and imposter scams. Perhaps most alarming in this report was that there were over 1.1 million reports of identity theft received through the FTC’s website. FTC reveals alarming increase in scam activity, costing consumers billions – Help Net Security

My take: the reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. The surface threat landscape has expanded exponentially with smartphones, wearables, and the Internet of Things. Moreover, those mobile devices, social media applications, laptops & notebooks are not easy to secure.

There are no complete remedies to identity theft but there are actions that can enable people and companies to help deter the threats. Below is a quick list of what you can to help protect your accounts, privacy, and reputation:

1) Use strong passwords. Hackers are quite adept at guessing passwords especially when they have insights into where you lived in the past (street names), birthdays and favorite phrases. Changing your password regularly can also complicate their tasks.

2) Maintain a separate computer to do your financial transactions and use it for nothing else.

3) Consider using encryption software for valuable data that needs to be secured. Also set up Virtual Private Networks for an added layer of security when using mobile smartphones.

4) Very important; monitor your credit scores, your bank statements, and your social accounts on a regular basis. Life Lock and other reputable monitoring organizations provide account alerts that are very helpful in that awareness quest. The quicker you detect fraud the easier it is to handle the issues associated with identity theft.

5) If you get breached, if it is especially serious, do contact enforcement authorities as it might be part of a larger criminal enterprise that they should know about. In any severe breach circumstance consider looking for legal assistance on liability issues with creditors. Also consider hiring outside reputation management if necessary.

Some Additional Resources and Compilation of Cybersecurity Trends for 2023:

There is a very good report done by the Bipartisan Policy Research Center on the top eight macro risks to watch out for in 2023. The are stated below from the article and I agree with them all.

  1. Evolving geopolitical environment: The war launched by Russia in Ukraine is emblematic of this first risk, encompassing the key factors of lowered inhibition for cyberattacks, digital assaults on critical infrastructure, misinformation, and disinformation campaigns, and protectionist approaches to trade that can leave companies who purchased technology products from abroad even more vulnerable.
  2. Accelerating cyber arms race: As attackers step up their assaults on beleaguered organizations, defenders must keep pace in an environment that disproportionately favors malicious actors, who use commonly available consumer tools and trickery to achieve their ends while also targeting national security assets.
  3. Global economic headwinds: Stock market volatility and inflation pose risks across the cybersecurity sector, threatening supply chains, forcing businesses to make difficult decisions about allocating resources, and possibly harming innovation as startups face a weakened capital supply market.
  4. Overlapping, conflicting, and subjective regulations: Companies in the US face a “complex patchwork of required cybersecurity, data security, and privacy regulations implemented by national, state, and local authorities, with varying prescriptive requirements,” including balkanization of data privacy and breach disclosure laws, rapidly elevating security control requirements, and one-size-fits-all regulation.
  5. Lagging corporate governance: Although there has been significant improvement in the priority organizations place on cybersecurity in recent years, many firms still have not placed cybersecurity specialists in leadership positions, excluding CISOs and CSOs from the C-suite and boards of directors, and keep cybersecurity separate from organizational objectives.
  6. Lack of investment, preparedness, and resilience: Both public and private sectors are still insufficiently prepared for a cybersecurity disaster due to incomplete and imperfect data, lack of crisis preparedness, disaster recovery, and business continuity planning, failure to conduct crisis exercises and planning, vendor risk concentration and insufficient third-party assurance capabilities, the escalating cost of cyber insurance, and chronic poor cyber hygiene and security awareness among the general public.
  7. Vulnerable infrastructure: Critical infrastructure remains vulnerable as organizations “rely heavily on state and local agencies and third- and fourth-party vendors who may lack necessary cybersecurity controls,” particularly in the finance, utilities, and government services sectors, which often run on unpatched and outdated code and legacy systems.
  8. Talent scarcity: The ongoing shortage of qualified security personnel continues to expose organizations to cyber risks, made even more glaring by insufficient automation of tasks needed to execute good cybersecurity.

Please see: Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023 Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023 | CSO Online

And for a deeper dive on cyber stats please see: 34 cybersecurity statistics to lose sleep over in 2023 34 cybersecurity statistics to lose sleep over in 2023 ( The article notes upfront that that we need understand the data and its immense volume used for cyber-attacks. “By 2025, humanity’s collective data will reach 175 zettabytes — the number 175 followed by 21 zeros. This data includes everything from streaming videos and dating apps to healthcare databases. Securing all this data is vital.”

Please also see Dan Lohrman’s annual analysis on cybersecurity trends: “After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.” The Top 23 Security Predictions for 2023 (Part 1) The Top 23 Security Predictions for 2023 (Part 1) ( and The Top 23 Security Predictions for 2023 (Part 2) The Top 23 Security Predictions for 2023 (Part 2) (

My Take: Of course, there are many other trends and statistics to explore as the year unfolds. It is certainly a treacherous cyber ecosystem, and it is expanding with risk and threats. Being cyber-aware is part of the process of risk management and security and hopefully looking at the cyber-threat landscape will implore both industry and government to prioritize cybersecurity from the top down and bottom up!

About The Author

Chuck Brooks is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also an Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named “Cybersecurity Person of the Year for 2022” by The Cyber Express, and as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to Skytop Media, and to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Help Net SecurityFTC reveals alarming increase in scam activity, costing consumers billions – Help Net Security
TechCrunchRansomware gang uses new zero-day to steal data on 1 million patients

3 Alarming Threats To The U.S. Energy Grid – Cyber, Physical, And Existential Events

Protecting critical infrastructure, and especially the U.S. Energy Grid is certainly a topic that keeps the U.S. Department of Homeland Security (DHS), The U.S. Department of Energy (DOE), The U.S. Department of Defense (DOD), and U.S. intelligence community planners up at night. The threats can be from cybersecurity attacks (by countries, criminal gangs, or hacktivists), from physical attacks by terrorists (domestic or foreign) and vandals on utilities or power plants, or from an Electronic Magnetic Pulse (EMP) generated from a geomagnetic solar flare, or from a terrorist short range missile exploded in the atmosphere.

The underlying reality is that from an energy frequency perspective, the aging U.S. Energy Grid infrastructure is extremely vulnerable to cyber-attacks, physical incidents, and existential threats.

What Is The US Energy Grid?

The U.S. Energy Grid is divided into three major regions: The Eastern Interconnection, which operates in states east of the Rocky Mountains, The Western Interconnection, which covers the Pacific Ocean to the Rocky Mountain states, and the Texas Interconnected system.

The U.S. Energy Grid serves as the backbone of energy infrastructure. Via the grid, electricity generated at power plants moves through a complex network of electricity substations, power lines, and distribution transformers before it reaches customers. In the United States, the power system consists of more than 7,300 power plants, nearly 160,000 miles of high-voltage power lines, and millions of low-voltage power lines and distribution transformers, which connect 145 million customers. U.S. Energy Information Administration – EIA – Independent Statistics and Analysis


Why Modernization Of The Grid Is Urgent

Although in recent years the grid has been augmented with automation and some emerging tech, It is still mostly dependent on legacy technologies. In fact, 70 percent of transmission lines are at least 30 years old and approaching the end of their lifecycle, and 60 percent of the circuit breakers are more than 35 years old, compared to useful lives of 20 years. Aging grids drive $51B in annual utility distribution spending | Utility Dive

The aging infrastructure and increasing demand for power have made the grid susceptible to “cascading failures,” where the failure of one component leads to a series of failures. This has been witnessed during periods of harsh weather. Modernizing the grid has become a high priority for Congress and industry. In fact, a 2022 Department of Energy Federal Notice of Intent calls for “modernizing, hardening, and expanding the grid will enhance the resilience of our entire electric system, and ensure that electricity is available to customers when it is needed most. Aging infrastructure leaves the grid increasingly vulnerable to attacks.” Transmission NOI final for web_1.pdf (

The strategy for modernization can be found in a recent White House “Building a Better Grid” Initiative plans to overhaul the country’s infrastructure in support of a nationwide transition to clean electricity by 2035. The initiative calls for the Department of Energy to invest investing over $20 billion in federal funding to expand the nation’s electrical grid and modernize its transmission capabilities through public and private partnerships. Energy Launches New Program To Overhaul the U.S. Electrical Grid – Nextgov

And last year, the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) announced that it will fund up to 15 research projects “that will establish or strengthen existing research partnerships with energy sector utilities, vendors, universities, national laboratories, and service providers working toward resilient energy delivery systems.” DOE listed six proposed topic areas for the projects, including:

· Automated Cyberattack Prevention and Mitigation

· Security and Resiliency by Design

  • Authentication Mechanisms for Energy Delivery Systems:
  • Automated Methods to Discover and Mitigate Vulnerabilities:
  • Cybersecurity through Advanced Software Solutions:
  • Integration of New Concepts and Technologies with Existing Infrastructure

DOE Announces $45 Million for Next-Generation Cyber Tools to Protect the Power Grid | Department of Energy

1) Cyber-Threats To The Grid And Critical Infrastructure Abound

While modernization planning focuses on new energy related technologies for distribution, resilience, storage, and capability, it is also focused on cybersecurity. Power companies use Supervisory Control and Data Acquisition (SCADA) networks to control their industrial systems and many of these SCADA networks need to be updated and hardened to meet growing cybersecurity threats.

A successful ransomware attack in 2021 on the Colonial Pipeline provided a window into that vulnerability and the many attacks points via the cross-pollination of IT and SCADA networks. The attackers disrupted the supply of oil supplies on the US East coast and demonstrated the lack of a cybersecurity framework for both preparation and incident response.

The new reality is that most of the U.S. Energy Grid critical infrastructure components operate in a digital environment that is internet accessible. The trends of integration of hardware and software combined with growing networked sensors are redefining the surface attack opportunities for hackers .

The gaps for cyber -attackers have been recognized by government and industry. The General Accounting Office (GAO) has explicitly stated that the U.S, Energy Grid is vulnerable to cyber-attacks. The GAO notes that the grid distribution systems—which carry electricity from transmission systems to consumers—” have grown more vulnerable, in part because their operational technology increasingly allows remote access and connections to business networks. This could allow threat actors to access those systems and potentially disrupt operations.”

The GAO also notes that “nations and criminal groups pose the most significant cyber threats to U.S. critical infrastructure, according to the Director of National Intelligence’s 2022 Annual Threat Assessment. These threat actors are increasingly capable of attacking the grid.” Securing the U.S. Electricity Grid from Cyberattacks | U.S. GAO

An earlier GAO report notes that the U.S. electric grid faces “significant cybersecurity risks” because “threat actors are becoming increasingly capable of carrying out attacks on the grid.” Nations, criminal groups, and terrorists pose the most significant cyber threats to U.S. critical infrastructure, according to the report. At the same time, “the grid is becoming more vulnerable to cyberattacks” via:

  • Industrial Control Systems: The integration of cheaper and more widely available devices that use traditional networking protocols into industrial control systems has led to a larger cyberattack surface for the grid’s systems.
  • Consumer Internet of Things (IoT) devices connected to the grid’s distribution network: Malicious threat actors could compromise many high-wattage IoT devices (such as air conditioners and heaters) and turn them into a botnet. The malicious actors could then use the botnet to launch a coordinated attack aimed at manipulating the demand across distribution grids.
  • The Global Positioning System (GPS): The grid is dependent on GPS timing to monitor and control generation, transmission, and distribution functions. . Is the Electric Grid Ready to Respond to Increased Cyber Threats? | Tripwire

The US government standards agency NIST is also prioritizing cybersecurity of the Grid in their progam Cybersecurity for Smart Grid Systems. “Smart grid cybersecurity must address both inadvertent compromises of the electric infrastructure, due to user errors, equipment failures, and natural disasters, and deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists. NIST will address these challenges through research conducted in the NIST Smart Grid Testbed facility and leadership within the Smart Electric Power Alliance (SEPA) Cybersecurity Committee (SGCC) to evaluate of cybersecurity policies and measures in industry standards, and development of relevant guidance documents for the smart grid cybersecurity community.” Cybersecurity for Smart Grid Systems | NIST

The fact is that cyber-attacks are evolving in sophistication enabled by artificial intelligence. Also, state actors, criminal gangs, and other attackers are homing in on energy critical infrastructure. Connectivity driven by the adoption of industrial internet of things and operational technology has further expanded the attack surface and energy infrastructure operators should implement “security by design” to counter cyber threats. Cybersecurity by design necessitates building agile systems with operational cyber-fusion to be able to monitor, recognize and respond to emerging threats. The bottom line is that cybersecurity for the U.S. Energy Grid must be elevated


One group elevating preparedness is an organization called The Electric Grid Cybersecurity Alliance. It was formed to address the urgency of protecting energy critical infrastructure from cyber-attacks. The goal of the organization is to bring utility CEOs, CISOs, CIOs, and operational executives together in a trusted forum to confidently build an industry-wide cybersecurity game plan. The founder of the alliance is John Miri is a 25-year tech and cybersecurity veteran who has spent the last decade in the electric utility industry. Miri says that the stated mission of the Alliance is to “unite utility leaders with one goal: to protect the world’s electric grids from cyberattack.”

Miri characterized to me the state of the industry in response to cybersecurity. He said that” in one group, you have utility executives, their regulators, and the elected officials who oversee the energy industry. They see cybersecurity as an emerging risk that is being methodically addressed. They know the grid is complex and they fear unintended consequences from abrupt changes. In the other group, you have the intelligence and homeland security communities … folks in the DHS, FBI, NSA, and their congressional oversight committees. That group has a very different view. They have been warning about this threat for decades and are frustrated. To them, cybersecurity is not emerging. It is here. And they don’t think the industry has done enough.” Miri said that he started the Electric Grid Cybersecurity Alliance to constructively bring these two communities together. This is good news as both government and industry need to better collaborate in the energy sector and focus on cybersecurity. Home | EGCA (

2) Utilities Under Physical Attack

As if cyber-attacks were not enough of a security concern, physical attacks by domestic terrorist on the U.S. Energy Grid are an increasing threat. Based on data from DOE, physical attacks on the grid rose 77% in 2022.

In 2022 there were several attacks by White supremacists on northwest power grid electrical substations in Oregon and Washington. Similar attacks happened at two energy substations in North Carolina where residents lost power after gunshots.

In January 2023, a bulletin from the Department of Homeland Security (DHS) warned that domestic violent extremists “have developed credible, specific plans to attack electricity infrastructure since at least 2020, identifying the electric grid as a particularly attractive target.”

In February 2023, authorities arrested and charged two white supremacist suspects in connection with an alleged plot to attack and take down the power grid in Baltimore, Maryland. Baltimore power grid attack plot: Sarah Beth Clendaniel and Brandon Russell arrested, officials say – CBS News

The problem is that substations make easy soft targets and there are more than 55,000 connected to the grid in the US. The threat is not only from white supremacists, but eco-terrorists have also physically attacked plants in the past. Vandalism is also an issue. And global terrorist and nation state adversaries could pose a threat to stations and substations. The cost to protect all these stations from physical threats is significant and requires strong law enforcement coordination.

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC reliability standards call for a risk-based approach in the implementation of physical security safeguards that include access Control, key cards, alarms, and roving security. New threats suggest additional protections may be needed, such as additional perimeter setbacks (where possible), removing sight lines, additional roving security and monitoring, and hardening protective barriers. According to Chris Hurst, vice president of Value Engineering at OnSolve , emerging threats “suggest additional protections may be needed, such as additional perimeter setbacks (where possible), removing sight lines, additional roving security and monitoring, and hardening protective barriers.” The POWER Interview: Physical Attacks on the Grid Soared in 2022. What Can Be Done? (

3) Existential Threats – Weather, Solar Storms, and EMP

The existential threat to the U.S. Energy Grid can come from a variety of angles. Both weather and solar storms, are top factors for power outages in the United States (one other big factor is outages from squirrels hanging out on transformers and transmission lines!). Hurricanes, tornados, fires, floods, and other acts of nature can have devastating impact on power plants, transformers and transmission lines. Unfortunately, the US has had much practice in this area and preparation and resilience and the key to recovery. DHS’s emergency response organization FEMA has been a leader in accomplishing this mission.

Solar storms are a different existential threat to address. Solar flares are made up of high-energy particles resulting from explosions on the Sun’s surface. A geomagnetic storm can be defined as a major disturbance of Earth’s magnetosphere that occurs when there is an exchange of energy from the solar wind into the space ecosphere surrounding Earth.

Over the past 150 years, the earth has been struck by more than 100 solar storms In 2008, the National Academy of Sciences estimated that the damage and disruption of the grid caused by a solar flare could cost up to $2 trillion in economic damages, with a full recovery time of four to 10 years.

“We have 18 critical infrastructures – food, water, medical care, telecommunications, investments, the works – and all 17 of the others depend heavily on the electric grid,” said former CIA Director, James Woolsey, before the Cybersecurity and EMP Legislative Working Group. Calling the electric grid “one of our greatest national vulnerabilities,” Woolsey added, “If you get up into months or years of the electric grid going down, you move us back not into the 1980s, pre-Web, but into the 1880s, pre-electric grid.” Will Vulnerable U.S. Electric Grid Get a New Protection Mandate? – BRINK – Conversations and Insights on Global Business (

An outcome of solar storms can be electronic magnetic pulses (EMPs) that can destroy digital infrastructure, including vital financial, transportation, healthcare, telecommunications, and energy verticals. The EMP threat can also be implemented by missiles exploded in the atmosphere, and other delivery methods. EMP emits pulses of energy that can be emitted from the blast of a nuclear weapon, portable devices like high power microwave weapons (HPMWs). A 2018 military study by the Air Force titled, “Electromagnetic Defense Task Force,” warned that an EMP weapon attack such as those developed by adversaries could destroy our way of life and displace millions. Military warns EMP attack could wipe out America, ‘democracy, world order’ | Washington Examiner

Testimony at the Hearings from the late Dr. Peter Prye, a member of the Congressional EMP Commission and executive director of the Task Force on National and Homeland Security, put the threats in frightening perspective: “Natural EMP from a geomagnetic super storm, like the 1859 Carrington Event or 1921 Railroad Storm, and nuclear EMP attack from terrorists or rogue states, as practiced by North Korea during the nuclear crisis of 2013, are both existential threats that could kill 9 of 10 Americans through starvation, disease and societal collapse.”

Dr. Prye also noted that “a natural EMP catastrophe or nuclear EMP event could black out the national electric grid for months or years and collapse all the other critical infrastructures — communications, transportation, banking and finance, food and water — necessary to sustain modern society and the lives of 310 million Americans. “ The Public/Private Imperative to Protect the Grid » Community | GovLoop


The underlying reality is that the US electric grid infrastructure is extremely vulnerable to physical, cyber, and forces of nature incidents. Helping reduce the vulnerability and fortify the U.S. Energy Grid has become an urgent need, and the clock is ticking.

There are many ways to help mitigate threats to the energy infrastructure from cyber, physical and existential causes. Some of those include: shielding and hardening targets—grid protection by protecting against surges and voltage; decentralization and employment of off-grid or “distributed-grid” networks; phased voltage stabilization systems and resistors for redirecting and balancing energy; mandating enhanced security standards, training and contingency planning, and establishing mechanisms for sharing information on vulnerabilities and threats. Systematic resiliency planning is also vital for restoring power for various contingencies. These technologies are available for protecting the grid; it comes down to investment and leadership to ameliorate vulnerabilities.

As the adage says, we are in this all together because the stakes are so high. Public/Private collaboration is essential to preventing a next incident to the grid and a national catastrophe. Federal agencies should also be provided with specific mission jurisdictions for implementing risk management policy frameworks in coordination with regulators, and utilities themselves. Finding viable solutions will require co-investment, strong public/private sector partnering and collaboration in research, development, and prototyping. That partnership must include an accelerated effort to fund and design new technologies to protect the utilities from natural or man-made electromagnetic surges; further protect hardware and software in control networks from cyberattack; and provide enhanced physical security.

Protecting the US energy infrastructure, and being proactive against the three alarming threats to the US Energy Grid from cyber, physical, and existential events is a challenging endeavor but an imperative.

About The Author:

Chuck Brooks is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also an Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named “Cybersecurity Person of the Year for 2022” by The Cyber Express, and as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Follow Chuck Brooks on LinkedIn: LinkedIn

When Botnets Attack

Cybersecurity attacks can come in many forms and with various technical approaches. Breaches are constant among industry and government being targeted. One method of exploit used by criminal hackers can be deployed with devastating and widespread consequences, botnets.

Recently, the Federal Bureau of Investigation (FBI), disrupted a Botnet that was used by Russian Main Intelligence Directorate to inflict significant cyber damage. According to the US department of Justice, the FBI operation “Copied and Removed Malware Known as “Cyclops Blink” from the Botnet’s Command-And-Control Devices, Disrupting the GRU’s Control Over Thousands of Infected Devices Worldwide.” 1

Such orchestrated Botnet cyber-attacks are not new and have been going on for almost two decades, but they are proliferating and pose major threats. They are not only carried out by state sponsored intelligence actors, but also by organized criminal hacking groups. In fact, according to recent findings, Bot Net Application Interface attacks (API attacks) have “exploded in 2021 as malicious bots continued to invade the internet. Compared to last year’s data collection, there was an increase of 41% in attacks on Internet-connected systems. Media companies (up 174%) and financial services companies (683 million bot attacks) have seen increases in malicious bot attacks from January to June.” 2

What is a Botnet?

What exactly is a Botnet? A basic definition according to NIST Security Resource Center is states that the word “botnet” is formed from the word’s “robot” and “network.” And that Cyber criminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer, and organize all the infected machines into a network of “bots” that the criminal can remotely manage. 3


In essence, botnets are part of a network controlled by hackers that can spread malware and/or ransomware to devices that can be self-perpetuating and destructive, much like a biological virus.

Reference source Technolopedia provides a more elaborate example of what a bot net can do. “A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks. A botnet may also be known as a zombie army.

Originally, botnets were created as a tool with valid purposes in Internet relay chat (IRC) channels. Eventually, hackers exploited the vulnerabilities in IRC networks and developed bots to perform malicious activities such as password theft, keystroke logging, etc.

An attacker will often target computers not safeguarded with firewalls and/or anti-virus software. A botnet manipulator can get control of a computer in a variety of ways, but most frequently does so via viruses or worms. Botnets are significant because they have become tools that both hackers and organized crime use to perform illegal activities online. For example, hackers use botnets to launch coordinated denial-of-service attacks, while organized crime uses botnets as ways to spam, or send a phishing attack that is then used for identity theft.” 4

Cyber expert Isa Oyekunle succinctly summarizes the why and how of using bots in cyber-attacks in his blog “What are Bots and Botnets”. He notes that cybercriminals use botnet assaults to accomplish a variety of tasks including: to gain access to financial and personal data, to overwhelm reputable web services, to extort funds from victims, to profit from zombie and botnet networks by selling access to other criminals, to employ scams involving cryptocurrency, to exploit backdoors created by viruses and worms, and to keep track of users’ keystrokes.

Mr. Oyekunle cites Phishing, Spambots, Bricking, Crypto jacking, Snooping, Distributed Denial-of-service (DDoS) attacks, and Brute force attacks as the types of bots and botnets that cybercriminals can utilize to carry out various assaults. 5

Unfortunately, there are plenty of tools available for criminal hackers to use and share, including for key logging to steal passwords, and the forementioned phishing attacks that can also be used to steal identities by impersonating companies. Hackers are also using botnets successfully for crypto mining stealing unsuspecting computers bandwidth and electricity. Many of these more pernicious botnet tools are sold openly and shared on the dark web and hacker forums.

Botnets are not only used for cyber-attacks, but they are also used for advertising, marketing, and for transactional business. For example, adware bots use advertisements to educate and attract potential buyers for brands or products. Botnets can also be used or “pay for click” to bring revenues to websites.

How Are Botnet Attacks Orchestrated?

The Cybersecurity firm CrowdStrike provides an excellent overview of the stages of creating a botnet and how it unfolds. They identify the stages as 1) Expose, 2) Infect and Grow, and 3) Activate.

CrowdStrike outlines a three step process:

“In stage 1, the hacker will find a vulnerability in either a website, application, or user behavior in order to expose users to malware. A bot herder intends for users to remain unaware of their exposure and eventual malware infection. They may exploit security issues in software or websites so that they can deliver malware through emails, drive-by downloads, or trojan horse downloads.

In stage 2, victims’ devices are infected with malware that can take control of their devices. The initial malware infection allows hackers to create zombie devices using techniques like web downloads, exploit kits, popup ads, and email attachments. If it’s a centralized botnet, the herder will direct the infected device to a C&C server. If it’s a P2P botnet, peer propagation begins, and the zombie devices seek to connect with other infected devices.

In stage 3, when the bot herder has infected a sufficient amount of bots, they can then mobilize their attacks. The zombie devices will then download the latest update from the C&C channel to receive its order. The bot then proceeds with its orders and engages in malicious activities. The bot herder can continue to remotely manage and grow their botnet to carry out various malicious activities. Botnets do not target specific individuals since the bot herder’s goal is to infect as many devices as possible so they can carry out malicious attacks.” 6

That three stage process as it is described is not overly complicated, but the tools and tactics used to spread the botnets can be sophisticated and formidable.

Our Growing Digital Connected World — Made For Botnets

There are dire implications of having devices and networks so digitally interconnected when it comes to bot nets. Especially when you have unpatched vulnerabilities in networks. The past decade has recorded many botnet cyber-attacks. Many who are involved in cybersecurity will recall the massive and high profile Mirai botnet DDoS attack in 2016. Mirai was an IoT botnet made up of hundreds of thousands of compromised IoT devices, It targeted Dyn—a domain name system (DNS) provider for many well-known internet platforms in a distributed denial-of-service (DDoS) attack. That DDoS attack sent millions of bytes of traffic to a single server to cause the system to shut down. The Dyn attacks leveraged Internet of Things devices and some of the attacks were launched by common devices like digital routers, webcams and video recorders infected with malware.

In 2018, a large botnet victimized the GitHub software development platform in one of largest DDoS attack ever recorded. That attack took the platform offline. There have been many other alarming high profile botnet attacks in the past few years. You can find a good historical list of botnet attacks at this link: List of Botnets | The Most Prevalent Botnets of Recent Years | Netacea | compiled by the cybersecurity firm Netacea.

With advances in artificial intelligence and machine learning, bot nets can now readily automate and rapidly expand cyber-attacks. There is also a growing Bot-as-a-Service being used by cyber-criminals to outsource attacks. And while there a variety of botnet options, DDoS type attacks are still considered the most common threat. That is a scary proposition for any company or government agency.

Fighting Back Against Botnets

The good news is that there are defenses available for companies to use that incorporate specialized bot protection tools that can detect and mitigate bot attacks.

Writing in US Cybersecurity Magazine, cybersecurity SME Vinugayathri Chinnasamy offers several pathways to combat bot. These include:

· Analysis of Bot Traffic: Before mitigation, it is crucial to analyze bots. Behavior and pattern analysis, coupled with real-time traffic alerts, allows you to detect bot attack traffic effectively. The approach looks at every visitor who enters an application and checks if they are who they say they are by cross-checking their signature behavior with a database.

· Apprehend the bot to block: Apprehend a bot’s true identity by reading its header information and stream of web requests with WAF to instantly block any malicious behavior.

· Utilize Bot Detector: Utilizing bot detecting tools, CAPTCHA libraries can be used to create and validate a variety of practical challenges to prevent downloads or spambots.” 7

One cybersecurity firm called HUMAN (About Us | HUMAN Security) has had a series of successes in stopping botnets in cooperation with law enforcement and industry. HUMAN has taken an aggressive collective approach using top line signature and behavioral detection techniques that builds on hacker intelligence. They synthesize that data with a real-time decision engine that combines technical evidence and machine learning to offer rapid and accurate ‘bot or not’ decisions that ensure human only interaction.

HUMAN’s uncovers, reverse engineers, and disrupts bot-driven threats to advertising, marketing, and cybersecurity. Examples include taking down PARETO—the most sophisticated CTV botnet ever found—in cooperation with Roku and Google; disrupting 3ve bringing together the FBI, Google, Facebook and many others in the industry; and the takedown of Methbot, which recently culminated in the self-proclaimed ‘King of Fraud’ responsible for the operation being sentenced to 10 years in prison.

Tamer Hassan, HUMAN’s CEO & Founder is confident that cyber botnet attacks can be mitigated. He says “Seventy seven percent of all cyber-attacks have a bot used somewhere in the attack cycle. The game is to use a botnet to look like a million humans. Bots are being used to do everything from vulnerability scanning, stealing sensitive information, account takeover, sniping and scalping products with limited inventory, manipulation of popularity, and multi- billion dollar fraud operations in advertising and media. Botnets have become a platform for cybercrime, used by most modern criminals. Protecting against these types of attacks requires a different approach, one based on modern defense, a set of strategies that increase the cost of the attack and lower the cost of defense. This changes the game and the odds to the side of the good, enabling us to defeat attackers. This is the only way to win.”

I concur with Tamer Hassan’s insights. Cybersecurity in general needs a newer and evolved set of strategies that includes threat intelligence, technical tools & expertise, advanced analytics, cost mitigation, and collaboration. Botnets are not going to go away. However, changing the approach to better enable “the side of good” will help keep us better prepared to defeat sinister threats before and when botnets attack.


References & Sources:

1) Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) | OPA | Department of Justice

2) Are Businesses Prepared to Fight Bot Attacks on APIs? – United States Cybersecurity Magazine (

3) Botnet – Glossary | CSRC (

4) What is a Botnet? – Definition from Techopedia

5) What are Bots and Botnets? (

6) What is a Botnet? | CrowdStrike

7) Are Businesses Prepared to Fight Bot Attacks on APIs? – United States Cybersecurity Magazine (

About The Author

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” – as one of the top Influencers for cybersecurity. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Ransomware on a Rampage; a New Wake-Up Call

Ransomware is on a rampage targeting industry and organizations. It is also and creating significant cybersecurity challenges. Ransomware is a type of malware cyber-attack where key files are encrypted encryption by hackers that renders data inaccessible to the victim. It is a criminal extortion tool and after an attack has occurred, the hackers will promise to restore systems and data when ransom is paid by the victims.

The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cybercriminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement.

But it is not just the financial gains, while hackers can use ransomware to extort, it can also be employed to harass and demonstrate vulnerabilities to critical infrastructure. In this sense, state actors and/or criminal gangs can use ransomware as an instrument of geo-political power. Hackers often operate in tacit support by nation state actors and criminal enterprises acting in cahoots. The use of ransomware against critical infrastructures has certainly elevated the issue to global national security levels.

The Targets (and Costs) of Ransomware Attacks:

The current state of cyber-affairs is an especially alarming one because ransomware attacks are growing not only in numbers, but also in the financial and reputational costs to businesses and organizations. Three statistics stand out that highlight ransomware trends and implications:


1) a recent report from Trend Micro has found that 84% of US organizations have reported phishing or ransomware security incidents in the last 12 months. 84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months (  

2) according to a report from Palo Alto Networks’ Unit 42 security consulting group, the average ransomware payment climbed 82% to a record $570,000 in the first half of 2021 from $312,000 in 2020. Ransomware criminals’ demands rise as aggressive tactics pay off | Fox Business

3) and as a harbinger of things to come, the firm Cybersecurity Ventures estimates that Ransomware Costs Expected to Reach $265 Billion by 2031. The Cybersecurity Ventures analysis predicts that there will be a new attack every 2 seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities. Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 (

In many cases a ransomware hack can cripple a company’s systems and networks and cause panic and confusion. Companies and organizations who depend on logistics planning and supply chain coordination to operate are particularly at risk. Ransomware malware is designed so it can rapidly spread across a company’s or organization’s computers and networks. Success for hackers does not always depend on using the newest and most sophisticated malware. It is easy for a hacker to do. In most cases, they rely on the most opportune target of vulnerability, especially with the ease of online attacks. Hackers have a large library of malware to choose from as it is estimated that there over 120 separate families of ransomware.

A Short Summary of Ransomware Attacks:

In 2013, hackers used a ransomware called CryptoLocker that required victims to pay funds to recover their vital files. Four year later in 2017, the use of ransomware heightened with an attack called WannaCry. The worldwide WannaCry attack in 2017 was viewed by many (especially in the media) as a wake-up call to the disruptive implications of ransomware. The WannaCry ransomware was self-replicating and spread swiftly reaching over one hundred countries. In various countries, many industries, organizations, and government agencies were victimized. The ransomware disrupted hospital, schools, organizational and company networks that were not well protected and up to date. Those industries were low hanging fruit for hackers. The attacks did not turn out to be as lethal as originally feared, but it certainly demonstrated the global vulnerabilities associated with inter-connected networks and devices.

Despite CryptoLocker, WhiteRose, WannaCry, Petya, and many other high-profile ransomware attacks, the wake-up call was not heeded. Industry, organizations, and governments did little to fortify and defend against such attacks. Earlier this year, the Darkside ransomware gang breached the Colonial Pipeline shutting down their 5,500-mile natural gas pipeline for a week. As a result, gas stations across the Eastern coast of the United States ran out of gas and many services and product supply lines were disrupted.

In July, a ransomware attack by the Revil criminal ransomware-as-a-service gang infected an estimated 1,500 businesses with ransomware.  the attackers found a vulnerability that they exploited in the update mechanism used by the IT services company Kaseya VSA. REvil, a decryption key to those hit by the attack in return for a $70 million payment. Also this Summer, hackers targeted and disrupted operations at JBS, the world’s largest meat supplier.

During the past couple of years, healthcare and hospitals were targeted by ransomware attacks. In October 2020, the University of Vermont Health Network was hit by a ransomware attack and their systems couldn’t access electronic health records for nearly a month. It was determined that every computer at UVM Medical Center was found to be infected with malware. The pandemic revealed the health risks of hospital ransomware attacks – The Verge

Many hospitals (like UVM) were vulnerable because they tended to have poor cybersecurity and use many networks and devices that allow for a bigger attack surface. Hackers took advantage over stressed conditions caused Covid 19 to escalate ransomware attacks. Because vital medical facilities cannot afford to shut down, they often comply with ransomware demands to maintain operations.

Unfortunately, for hackers’ soft targets are plentiful, especially in the healthcare, financial, and manufacturing industries, and we can expect to see more such attacks because the vulnerabilities to many networks remain open and accessible to hackers.

And as they continue to receive payments from victims, hackers have become even more aggressive in their illicit activities. A recent study by Accenture highlighted how Ransomware actors are growing bolder and sophisticated in their attacks on OT and IT environments. The report noted that criminal gangs cooperate and share commercial hacking tools (such as the pirated Cobalt Strike malware) via the Dark Web. Their targets include critical infrastructure sectors, including manufacturing, financial, energy, and agriculture. The study also says that hackers are using more aggressive high-pressure tactics to escalate infection consequences and that often they deploy multiple pressure points at once to extract ransom payments. In some cases, they are also using double and triple extortion threats. Ransomware attackers are growing bolder and using new extortion methods – TechRepublic

The U.S. Government Response to Ransomware

The national security importance regarding ransomware attacks is evident in recent policy proclamations by the White House and other government agencies. In June, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, published an open letter to business leaders about the significant threat of ransomware attacks. The letter urged companies to take the threat of ransomware seriously and adopt cybersecurity practices that match this threat. It said: “The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.” The open letter set excellent guidelines and provided sound advice on bolstering defenses against ransomware. Memo-What-We-Urge-You-To-Do-To-Protect-Against-The-Threat-of-Ransomware.pdf (

Also, the U.S. government is also focusing on ransomware as a law enforcement issue. A new Ransomware and Digital Extortion Task Force was created several months ago by the Department of Justice (DOJ) to help track cyberattacks and digital extortion schemes and combat them. Department Of Justice Creates New Task Force To Take On Ransomware Attacks (

Preventive Actions to Help Mitigate Ransomware Attacks:

While it is true that anyone and everyone is vulnerable to ransomware attacks, there are available protections and defenses for helping mitigate those threats. It starts with have a risk management strategy and being proactive. First (and foremost) patching and updating of software vulnerabilities must be current. Unfortunately, many companies and organizations are slow, and in many cases, negligent on the update of patches that would prevent breaches.

Also, some basic precautions can help address threats, these include training employees to recognize malware and phishing threats, disabling macro scripts, cloaking data, and keeping systems and applications updated. Identity management policies and software are also practical tools to employ. If you end up victimized by a breach, be sure to have an incident response plan in place. That plan should also include potentially contacting law enforcement to assist in recovering files and investigating who is doing the hacking.

Cyber-hygiene is another important element for combatting ransomware. Phishing is a preferred method for hackers and simple advice is to not click on files that you do not know. Because of hacker tools that employ automated phishes and quality graphics that can mimic banks and businesses, pay careful attention to the URLs of websites to make sure they are legitimate and not spoofs. Especially watch for spam fake job offers, invoices for items you did not order, and messages from your company that seem out of place. Also, you should make it a habit to verify email senders are who they say they are and exercise caution when opening any email attachments.

Check your permissions on your apps to see what data they are accessing. If it is not something you authorized, be sure to revoke those access rights and to clean out your cookies.

Companies and individuals should employ anti-malware & anti-ransomware platforms, and technologies to guard your devices such as multi-factor authentication, firewalls, and email filters. Emerging technologies such as machine learning (ML) and artificial intelligence (AI) offer software tools that can detect anomalies, provide user behavioral analytics, and help mitigate threats. ML and AI are viable options for companies to consider for fortifying their security.

Everyone online, companies and consumers, should follow the important rule of backing up important or sensitive files! Proper backup procedures cost little in expense and time and can be an insurance policy for maintain company operations flowing in the case of a breach.

If you are a small or medium company that lacks resources, Managed Security Services (MSS) and Managed Service Providers (MSP) are options to consider using for both prevention and incident response. Many firms can monitor networks, provide enabling cybersecurity technologies, and threat assessments. MSS makes economic sense for many industries and businesses, which do not have (or can afford) the internal subject matter expertise or capabilities to handle increasingly sophisticated breaches. Paradoxically, some of MSS and MSPs have themselves been targeted by ransomware attacks. But in today’s world, everyone is a target.

Risk Management Resources for Ransomware:

The White House Open letter open letter set excellent guidelines and provided sound advice on bolstering defenses against ransomware. Below are additional useful government resources from DHS/CISA, NIST and others to learn more about ransomware threats, risk management, and how to build a more resilient security posture.

 United States Government Launches First One-Stop Ransomware Resource at | Homeland Security (

 Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches (

CSRC | NISTRansomware Protection and Response | CSRC | CSRC
NISTNIST Releases Tips and Tactics for Dealing With Ransomware

The sobering reality is that ransomware is on a rampage. Ransomware will continue to be a destructive threat because there are so many available soft targets. We live in an increasingly hyper-connected world that impacts all aspects of our lives. From now and onward, managing and protecting data will be a security imperative for every industry and organization.

Awareness and understanding the ransomware threat can help address many of the cybersecurity challenges. Emerging cybersecurity technologies, mitigation tools, and protocols can help limit the exploding trend of ransomware attacks. Taking pro-active measures to protect systems, networks, and devices, and be more resilient, need to be part of a new wake-up call.

# # #

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.” Chuck was featured in the 2020 Onalytica “Who’s Who in Cybersecurity” – as one of the top Influencers for cybersecurity issues. He was named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic. He is a Contributor to FORBES and is a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, and Expert for Executive Mosaic/GovCon. He has been a featured author in technology and cybersecurity blogs & events by IBM, AT&T, Microsoft, Cylance, Xerox, Malwarebytes, General Dynamics Mission Systems, and many others. He recently presented to the G20 on Energy Cybersecurity.

Chuck is on the Faculty of Georgetown University where he teaches in the Graduate Applied Intelligence and Cybersecurity Risk Programs. Chuck has served in executive roles for several Fortune 1000 companies. In government, Chuck was a “plank holder” at The Department of Homeland Security (DHS) serving as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. He has an M.A from the University of Chicago and a B.A. from DePauw University

Chuck Brooks LinkedIn Profile: 

Chuck Brooks on Twitter:  @ChuckDBrooks

LinkedinChuck Brooks – Adjunct Professor – Georgetown University | LinkedIn

The Urgency To Cyber-Secure Space Assets

Our reliance on space, and especially satellites, for communications, security, intelligence, and commerce has exponentially grown with digital transformation. Unfortunately, so have the risks, as a result, the need to prioritize cybersecurity around space assets is urgent.

Last May, the Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a Space Systems Critical Infrastructure Working Group. The group is composed of government and industry members that operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, bringing together space system critical infrastructure stakeholders. 

According to CISA, “the working group will serve as an important mechanism to improve the security and resilience of commercial space systems. It will identify and offer solutions to areas that need improvement in both the government and private sectors and will develop recommendations to effectively manage risk to space based assets and critical functions.” See CISA Launches a Space Systems Critical Infrastructure Working Group | CISA

I was honored to address the group on the topic of Zero Trust and Satellite Communications several weeks back and was extremely impressed with their focus and recognition of the importance of cyber-securing the space frontier that directly impacts all critical infrastructure including agriculture, health, financial, and transportation.

The role of the working group is especially important as networks are changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. And there are now more satellites circling in low earth orbits in 2022 as launch costs have significantly lowered, opening the frontier of space up to major private sector launch initiatives with companies such as SpaceX, Blue Orgin, and many others. According to the Union of Concerned Scientists, at the start of 2022, there were 4,852 satellites in orbit.



The threat to space to ground communications and sensors is very real and ominous, and the creation of the working group is an important first step in meeting threats. As NISTIR draft 8270 eloquently points out, “Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations.”  See NISTIR 8270 (Draft), Intro to Cybersecurity for Commercial Satellite Operations | CSRC

Top U.S. space officials recently said that it is likelythe Russian invasion of Ukraine will extend to space, predicting continued GPS jamming and spoofing and urging military and commercial space operators to be prepared for possible cyber- attacks. National Reconnaissance Office Director Chris Scolese urged attendees at a National Security Space Association conference to “Ensure that your systems are secure and that you’re watching them very closely because we know that the Russians are effective cyber actors.” US space officials expect Russia, Ukraine conflict to extend into space (

Cyber expert Josh Lospinoso succinctly describes why the threat is not theoretical in a recent informative article in The Hill. He notes that “Attacks have been going on for many years and have recently ramped up. In 2018, hackers infected U.S. computers that control satellites. Iranian hacking groups tried to trick satellite companies into installing malware in 2019. And one report concluded that Russia has been hacking the global navigation satellite system (GNSS) and sending spoofed navigation data to thousands of ships, throwing them off course. While there have not been any public reports of direct hacks on satellites, vulnerabilities in ground stations have been exploited to try to alter satellite flight paths, among other aims.” See Space race needs better cybersecurity | TheHill

China also has a capability to act offensively in space, digitally and kinetically.  As far back as 2014, the network of the National Oceanic and Atmospheric Administration (NOAA), was hacked by China. This event disrupted weather information and impacted stakeholders worldwide. There were approximately 14 other satellite attacks before the NOAA attack.  Eight years later, China is now perceived as even more of a threat. A recent GAO report titled “Challenges Facing DoD in Strategic Competition with China”  co-authored by Cathleen Berrick, GAO’s managing director of defense capabilities and management, listed recommendations for DoD [CB1] to revamp its satellite-based communications architecture and ground-based systems for the command and control of satellites. These are “actions that may better position DoD to address the challenges with China, but DOD has not yet implemented.”   And she says that “space is very important because DoD, of course, relies on its space based capabilities for communications, for navigation and targeting, and for intelligence collection.” See GAO: DoD has to step up efforts in space, cyber and artificial intelligence to compete with China – SpaceNews

Washington Post Cybersecurity expert Joseph Marks provides context to the cyber threats. He says that the IT that run most space systems are complex, but the back-end systems are increasingly linked (sometimes intentionally) with commercial front-end systems that hackers are expert at cracking into. He warns that such hacks could be launched by criminal gangs that demand a ransom to unlock them or by adversary nations looking to damage the U.S. economy. Or that in a worst case scenario, hackers could disrupt the command and control of satellites themselves, forcing them to crash into each other with ripple effects across industry sectors. See Space could be the next frontier for cyber threats (

The threat to space assets is both kinetic and non-kinetic. There is an array of capabilities adversaries may use to interfere or disable satellites and ground based systems.  Satellite operations via Earth-bound entry points can offer cyber attackers with an many vectors for hacking. A weaknesses of satellite systems is the use of long-range telemetry for communication with ground stations. The uplinks & downlinks are often transmitted through open protocols that can be accessed by cyber attackers.

Dr. Malcom Davis, senior analyst at the Australian Strategic Policy Institute, summarizes these threats: “One trend is towards the development of ground-based and space-based (co-orbital) ‘soft kill’ (or non-kinetic) ‘counter space’ capabilities. Satellites could be targeted through electronic warfare (jamming and spoofing), microwave weapons, laser dazzling and, perhaps most worryingly, cyberattacks. The prospect of cyberattacks on satellites dramatically expands the scope and risk of counter space threats for several reasons. Countries like China and Russia, and even Iran and North Korea, are experienced in waging cyber warfare, and directing such attacks against satellites is something they could do now, and at relatively low cost.” See The cyber threat to satellites | The Strategist (


The recognition of the risks to space-based assets is not new but protecting them has not been prioritized. Bob Gourley, founder of and former government intelligence official captures the longevity of the issue, he said that “Since the October 1957 launch of Sputnik humans have been putting satellites into space, giving the world 60 years to engineer out problems with operating in this harsh domain. Now a new challenge has arose, one that the community has not addressed yet. This is the threat of cyber-attack. Both the on orbit and ground components of space systems have yet to fully address this threat.” The Growing Risk of a Major Satellite Cyber Attack – Via Satellite (

Over two years ago a report by the Aerospace Corporation summed up why cybersecurity for space is an imperative: “Space systems comprise many government and commercial components where cybersecurity and space operations are inextricably linked. The vulnerability of satellites and other space assets to cyberattack is often overlooked in wider discussions of cyber threats to critical national infrastructure. Neither space policy nor cybersecurity policy is prepared for the challenges created by the meshing of space and cyberspace, especially for the spacecraft. With the emerging cyber threats to spacecraft from nation-state actors, additional spacecraft defenses must be implemented.” Bailey_DefendingSpacecraft_11052019.pdf (

There are numerous convincing arguments why space needs to be formally listed as U.S. critical infrastructure. Unfortunately, it has not been deemed so yet but there is promise. There is pending legislation in the House of Representatives called The Space Infrastructure Act that would designate space as the 17th critical infrastructure. Sam Visner, a technical fellow at the MITRE Corporation and former associate at the Space Information Sharing and Analysis Center,  has been one of the prominent experts leading the charge for that formal recognition to have the Department of Homeland Security (DHS)  declare space as critical infrastructure along with 16 other verticals.

Sam offers concrete reasons for space becoming part of the listed critical infrastructure and predicts that” the space rush will result in tens of thousands of new assets launched within the decade, which will create a ’truly enormous’ cyber-attack surface.”   Sam Visner also illuminates how “legacy assets, which are nodes in space-based and space-to-terrestrial communications that can serve as potential network entry points, much as endpoints (e.g., devices, servers, etc.) do in traditional IT networks” can be exploited by adversaries. Amid Space Race, Cybersecurity And Resiliency Remain Concerns: Experts – Breaking Defense Breaking Defense – Defense industry news, analysis, and commentaryavid Logsdon, Senior Director of CompTIA’s Space Enterprise Council, is another vibrant voice in the emerging global space security advocacy community. David explained to me that many companies do not realize how integral space is for their operations and commerce.  He says that many companies are already using satellite platforms to deliver data services, including satellite imagery, broadband communications, and value-added GPS services. He says that cyber-securing space assets are vital for thwarting threat that can dismantle their ability to operate as businesses.


In their article Space is Critical It’s Time We Act Like It,  Edward Swallow, senior vice president and chief financial officer at The Aerospace Corporation and MITRE Fellow Samuel S. Visner offer recommendations for moving forward on enhancing security for our space assets.  They are both part of The Space Information Sharing and Analysis Center, or Space ISAC that outlined excellent options for addressing cyber-risk in space. Those recommendations include:

Recognize the critical importance of our space systems — and make our position known to allies, partners, competitors, and adversaries. We must harden space systems and be prepared to respond to and deter attacks.

Create a national and international information-sharing architecture for the security and resiliency of space systems, ranging from engineering best practices to operational threat intelligence. Space ISAC made notable strides in sharing unclassified information, and we need to extend our information-sharing in the classified domain. In addition, the U.S. needs to leverage Space ISAC to launch an effort encompassing the full range of national and international space industry players, from manufacturing and launch services to ground and in-orbit operations.

Establish an interagency, federal risk management structure with responsibility for space systems security and resilience that reports (at least initially) to the vice president.

Take the lead in building international consensus regarding the security of space systems and reinforcing existing norms against attacks on those systems. Article 7 of the Outer Space Treaty could be amended to make explicit prohibitions of cyberattacks against space systems. If other countries are not prepared to accept these changes, the U.S. should signal our resolve with a robust policy statement and be clear in making other parties understand our commitment to respond to perceived hostile acts. This will strengthen the security and resilience of our own systems. See Space is Critical — It’s Time We Act Like It – Via Satellite – (

 In an article in Homeland Security Today, Paul Ferrillo Esq, and I composed an article Protecting Space-Based Assets from Cyber Threats. In our article, we set forth below a non-exclusive list of security elements for defending space-based assets and satellites, along with ground-based control flight networks. We have adapted these from “Defending Spacecraft in the Cyber Domain” and government sources (please see references below).

1.     Security by design – not security as an afterthought – built into every satellite from the ground up.

2.     Identity and access management (“IAM”) – those accessing flight control information and surfaces need to be identified and verified by an IAM solution that will pass muster on the user using machine learning identifiers to attempt to prevent authorized access to critical vehicle functions.

3.     Multi check for IoT related devices – IoT devices must be able to be updated; no hard-coded passwords should be allowed.

4.     The backbone of a cyber-resilient spacecraft should be a robust intrusion detection system (IDS). The IDS should consist of continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states, anticipate and adapt to mitigate evolving malicious behavior. The spacecraft IPS and the ground should retain the ability to return critical systems on the spacecraft to known cyber-safe mode. Logging should also be available to cross-check for anomalous behavior.

5.     It is critical that spacecraft developers implement a supply chain risk management program. They must ensure that each of their vendors handles hardware and software appropriately and with an agreed-upon chain of custody. Critical units and subsystems should be identified and handled with different rigor and requirements than noncritical units and subsystems and should also be constructed with security in mind. All software on the spacecraft should be thoroughly vetted and properly handled through the configuration management and secure software development processes (DevSecOps).

6.     Both the spacecraft and ground should independently perform command logging and anomaly detection of command sequences for cross validation. Commands received may be stored and sent to the ground through telemetry and automatically checked to verify consistency between commands sent and commands received.

7.     Protections should be made against communications jamming and spoofing, such as signal strength monitoring and secured transmitters and receivers; links should be encrypted to provide additional security.

Security elements for defending ground-based systems and network assets include but are not limited to (also from the Homeland Security Today article):

1.     Adoption of cybersecurity best practices, including those aligned with the NIST cybersecurity framework (“CSF”). As academic professors and pragmatists, we both are ardent supporters of the CSF and see no reason why the hundreds of space and satellite suppliers should not adopt the NIST framework.

2.     Key network components should be logically and physically separate to prevent virus-like (ransomware) attacks from spreading throughout the network.

3.     All ground-based system and network assets should be required to have the following policies in place: incident response, business continuity and crisis communications plans, patching policies, BYOD policies and backup policies.

4.     All ground-based space systems and facilities should be required to hold quarterly employee training for all individuals on things like spear-phishing and socially engineered email attacks.

5.     All ground-based space systems and facilities should be required to adopt a fulsome vendor supply chain risk management program that touches all primary and tertiary vendors.

6.     All ground-based space systems and facilities must adopt machine learning intrusion detection systems to help guard against anomalous and potential malicious activity.

7.     All ground-based space systems, facilities, and space manufacturers and vendors should be required to join the Space ISAC to be able to collaborate by sharing threats, warnings, and incident information.

See Protecting Space-Based Assets from Cyber Threats – HS Today

Josh Lopinso, in his excellent and earlier referenced The Hill article, also offers some great recommendations for enhancing cybersecurity capabilities:

  • Fix the technology gaps. Satellite systems were not designed with security in mind. They have weak encryption and use legacy systems that are not easily patched or updated. And some of the navigation protocols are broken — I’ve built systems that spoof some of those protocols and discovered that it’s pretty trivial to do so with a few thousand dollars of investment. Traditional IT security solutions don’t protect the OT layers that satellites rely on. These security lapses make satellites vulnerable to hacking.
  • Learn from IT security. Securing space assets is achievable, especially if we lean on the decades of hard lessons in securing IT networks. These include basics such as setting best practices like understanding your assets and observing what’s happening there to help detect attacks. Vendors should harden the code running on space systems and use the principle of least privilege for accessing the systems. These same lessons have been applied to transportation OT systems successfully. It shouldn’t take as long to get there with space systems.  
  • Agree on standards. This includes establishing reasonable security measures and sharing threat information, as well as developing a common cybersecurity architecture. The U.S. is in the early stages of devising cybersecurity rules for other critical infrastructure — like freight and passenger rail systems — and should get started with space now too. 
  • Realign incentives. Vendors and customers need more motivation to adopt risk mitigation approaches. When critical infrastructure goes out of service, millions of people can be affected. The total economic loss from these outages is orders of magnitude higher than the expenses incurred by the infrastructure operator. For example, Colonial Pipeline paid a $6.5 million ransom to get their gas pipelines flowing again, but that pales in comparison to the net effect of millions of people on the eastern seaboard who couldn’t pump gas. After the attack, we saw efforts from the U.S. government to apply regulations regarding breach reporting for pipeline systems, and we’re seeing similar efforts in the transportation sector. Federal regulations and the risk of bottom-line impact compel most companies to improve cybersecurity practices — which would benefit space technology as well. See: Space race needs better cybersecurity | TheHill

S.3511 – Satellite Cybersecurity Act

To make Space Cybersecurity more operational, it requires authorization and funding by Congress. Legislators have recognized the deficiencies and importance of satellite cybersecurity and legislation has been advanced. Bipartisan legislation called The Satellite Cybersecurity Act is “designed to assist in the development, maintenance and operation of commercial satellite systems.” Those suggestions would need to include materials addressing risk-based, cybersecurity-informed engineering, protection against unauthorized access to systems and communications jamming and spoofing, supply chain management and more. The legislations proposes that CISA would also be tasked with the role of creating and maintaining a “commercial satellite system cybersecurity clearinghouse” to house all recommendations and resources for interested entities to access in one place. See Lawmakers Propose Expanding Cybersecurity Support for Commercial Satellite Companies – Nextgov


·        Introduction to Cybersecurity for Commercial Satellite Operations NISTIR 8270 (Draft), Intro to Cybersecurity for Commercial Satellite Operations | CSRC

·        Another excellent resource of the discussion of space based security issues can be found at the Atlantic Council’s Geotech Center video of Dr. David Bray, Dr. William Jeffrey, Dr. Divya Chander, and myself discussing why space will require new regulations and international norms and will create novel opportunities for industry and innovation, from transportation and satellite communications to data sharing, artificial intelligence, and national security. See Cybersecurity of Space-Based Assets and Why this is Important – Atlantic Council

·        Space Information Sharing and Analysis Center Space ISAC – Space Information Sharing and Analysis Center (

CompTIA Space Enterprise Council: Space Enterprise Council | Public Sector | CompTIA

·        Space Cybersecurity Symposium II: Applied Cybersecurity for Space Space Cybersecurity Symposium II: Applied Cybersecurity for Space | NIST

This article is intentionally long and aside from discussing the key aspects of cyber-security space was designed to also serve as a resource.  Space is an emerging and critical cybersecurity frontier that we are becoming increasingly dependent on for both our commerce and security. It needs attention of the national security establishment and certainly to be integrated a priority critical infrastructure to protect by DHS CISA. DOD, the USAF, and Space Command are also initiating programmatic activities to protect space assets that are important to all domain operations. There is an urgency to move forward in a rapid, ambitious, and focused path.


Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” – as one of the top Influencers for cybersecurity. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law. 


BeaMeasuring the Value of the U.S. Space Economy