ArchiveOODA OriginalSecurity and Resiliency

Russian Attack On Undersea Energy Infrastructure Means Businesses Should Prepare For More Infrastructure Attacks (including Space and Undersea comms)

Russia’s sabotage of the Nordstream pipelines in the Baltic were probably done for many reasons. Just prior to Russia’s invasion of Ukraine they conducted tests of space based attack systems. Now they have shown they can attack undersea system and will do so when they want.  For planning purposes we can assess the attacks were done to signal that Russia does not care about EU as a market so no sanctions can be levied that will matter. The attack also signals that Russia does not care about the environment, which may be a signal that they would not care in the least if nuclear fallout from a tactical nuclear weapon against Ukraine blows over Russia. The attack also distracts resources from the EU to deal with and will be a distraction.

There are other messages as well. This attack, although done in a way that allows Russia to lie and say it was not done by them, is a clear message that they will attack any infrastructure they want, including undersea systems like energy pipelines but also undersea communications cables. It also shows the risk of attacks against space based infrastructure have grown.

This is where your action comes in.

If you are a planner or decision-maker in any business in the free world you need to revisit your threat models. It is time to assess how your business will survive and thrive in an age where critical infrastructure like undersea fiber optic communications is attacked. It is also time to revisit your threat model regarding space. All organizations should assess their dependence on space.

Below are some recommendations and links to more detailed assessments on the threat to key systems including space based infrastructure.

What The Business Decision-Maker Should Do About This?

Businesses can and should take action now to reduce risk to operations from attacks against both space based and undersea systems.

Here are our recommendations for mitigating these threats to your business:

  • Since we are in a period of fast action and dynamically shifting situations, look at ways to optimize your own decision-making, with an eye towards speeding up your processes (think of your own OODA Loop). Accelerate your review of internal corporate decision-making by reviewing our special series on the Intelligent Enterprise, which provides advice and recommendations relevant to businesses of all sizes on topics like intelligence support to operational decision-making. This is also a good time to review corporate approaches to training staff and executives on critical thinking, training on how to counter misinformation and disinformation.
  • Larger companies should hire or appoint a senior liaison for working with the US Department of State, Department of Commerce and Department of Homeland Security to ensure your company is as informed as possible on government actions and intentions in regards to the threat, and to ensure your corporate interests are known by government.
  • Assess your dependence on space and on undersea fiber optics. This includes understanding how your business and supply chain use space and fiber to communicate, as well as any inputs to your decision-making process that come from data collected from assets in space.
  • After assessing your dependence on space and undersea assets, assess space-related risks. We recommend doing so through scenario-based evaluations involving the materialization of risks.
  • Decide who in the executive team is responsible for understanding and mitigating risks due to infrastructure attacks. Ensure appropriate governance over actions related to space including processes that depend on these infrastructures.
  • Ensure the leadership team of your organization are involved in developing response and recovery plans tailored to your dependence and the risks to your business. Document response and recovery plans as part of your overall disaster recovery process.
  • Develop incident response processes aligned with your business. This may include leveraging your internal Security Operations Center as a hub of information during an incident.
  • Practice incident response including periodic executive-level tabletop exercises that run through scenarios of space-based incidents.
  • Evaluate your incident response plans (now) and dependence on infrastructure by using independent evaluation, verification and validation services.
  • Ensure you are collaborating with peer organizations, including your sector’s Information Sharing and Analysis Center (ISAC), and ensure these topics are being discussed in these venues.
  • Ensure your entire leadership team is staying aware of global threats. One way to do that is to subscribe to our OODA Daily Pulse. This foundational level of intelligence can help keep the entire team aware of key events and threats. Others on your team may be in need of more focused cyber threat intelligence or human intelligence or other dedicated sources. Contact us if you need insights into the best way to do this.

More reading on related topics:

  • OODA Security and Resiliency: A comprehensive list of OODA reports on security, cybersecurity and resiliency.
  • The rapid pace of innovation in space is producing real capabilities which can be leveraged for businesses in every sector of the economy. There is a growing excitement over the many developments in the space industry, giving rise to many questions about how these developments will impact markets overall. This guide is meant to assist strategic planners in assessing developments in the space sector. For more see:  The Executive’s Guide To Commercial Use of Space
  • The last decade has seen an incredible increase in the commercial use of space. Businesses and individual consumers now leverage space solutions that are so integrated into our systems that they seem invisible. Some of these services include: Communications, including very high-speed low latency communications to distant and mobile users. Learn more at: OODA Research Report: What Business Needs To Know About Security In Space Also see: Is Space Critical Infrastructure, and the special report on Cyber Threats to Project Artemis, and Mitigating Threats To Commercial Space Satellites
  • Global Risk and Geopolitical Sensemaking page:  Focused reporting on geopolitical topics including what the C-Suite needs to know about Russia, China, Iran, DPRK.
  • Putin’s cyber OODA Loop is Tighter Than Yours: The Putin regime has fully adopted cyber operations as a component of international relations and an appropriate tool to use in “reaction” to other global measures like sanctions or regional interference.
  • A Practitioner’s View of Corporate Intelligence: Organizations in competitive environments should continually look for ways to gain advantage over their competitors. The ability of a business to learn and translate that learning into action, at speeds faster than others, is one of the most important competitive advantages you can have. This fact of business life is why the model of success in Air to Air combat articulated by former Air Force fighter pilot John Boyd, the Observe – Orient – Decide – Act (OODA) decision loop, is so relevant in business decision-making today.
  • Useful Standards For Corporate Intelligence: Discusses standards in intelligence, a topic that can improve the quality of all corporate intelligence efforts and do so while reducing ambiguity in the information used to drive decisions and enhancing the ability of corporations to defend their most critical information.
  • Optimizing Corporate Intelligence: Actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America.
  • An Executive’s Guide To Cognitive Bias in Decision Making: Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market. Companies that ignore the impact these biases have on corporate decision-making put themselves at unnecessary risk.
  • Operational Intelligence for Strategic Decision-making: In this OODAcast, OODA Network Expert Jen Hoar interviews noted cybersecurity and intelligence professional Bob Gourley, CTO of OODA LLC, diving deep into what makes him tick. Jen asks Bob about his career, including the constants and dynamics in his professional life, starting with a deep background in operational intelligence as a naval intelligence officer. She explores his strengths and weaknesses and how he makes decisions in domains of overwhelming information. Jen asks Bob for advice for others on ways to keep learning.
  • Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis: Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino

 

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes OODALoop.com. Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency. Find Bob on Defcon.Social