Organizational Cultures that Promote and Reinforce Safe Cyber Practices
As a United States Postal Inspector for over 20 years, I’ve seen the impact distributed denial of service (DDoS) attacks can have on the private sector. Hackers attempt to flood compromised systems with repeated requests, overpowering networks and disabling the systems they support—crippling organizations’ abilities to carry out mission-critical operations. The risks caused by DDoS attacks have grown as the parties behind the attacks continue to evolve. Cyberattacks are no longer solely done by independent, small-time cyber thieves with a specialized skillset. While supporting a 2010 investigation and takedown of a corporate cyber theft unit of the Russian mafia—which was featured in Joseph Menn’s ‘Fatal System Error’—I learned that larger and more organized groups are using cyberattacks as a means for extracting both hard cash and information.
This trend is especially concerning for the United States Postal Service and its business partners in the ecommerce industry. In the early 2000s, I worked with a prominent ecommerce company to unmask a hacker behind some particularly damaging DDoS attacks. The hacker, working with others, exploited a Windows vulnerability to take control of over 20,000 computers and knock the company’s website offline. Incidents like these caused by DDoS attacks have significant and lasting consequences, most notably a decline in customer trust.
The Postal Service works with several telecommunications and content delivery providers across the country to ensure sufficient network management and redundancy in the event of DDoS attacks
At the Postal Service, we work with a range of companies to package, transport, and track important shipments across the globe. By disrupting networks and forcing servers’ offline, DDoS attacks have the potential to prevent our ecommerce partners from processing the information needed to deliver their shipments on time. This can lead to considerable losses in revenue—as much as $5,600 for every minute of time offline, based on industry research. In addition to the obvious impact on the bottom line, DDoS attacks cut employee productivity significantly. By definition, ecommerce business is conducted through the Internet, and when a network is disabled through a coordinated DDoS attack, that business is temporarily shut down.
More significant than the loss of productivity and profit is the damage to corporate reputation. Ecommerce companies forced to contend with disruptions to service resulting from DDoS attacks are less likely to retain customers and more likely to cede business to competitors. Lastly, and most significant, is the threat to customer data caused by DDoS attacks. Out of necessity, ecommerce companies catalogue a substantial amount of personally identifiable information (PII) about their customers. DDoS and similar attacks can make databases vulnerable to a data breach, endangering customers’ information and identities.
Every day, millions of people depend on the Postal Service and its business partners to communicate and conduct business, including delivering medicine and sending messages to loved ones. To ensure the resilience of our information systems and protect our customers and business partners from DDoS and related cyberattacks, the Postal Service has committed to pursuing four strategic objectives. The objectives serve as the central framework of our cyber risk management strategy and drive our efforts to ensure the safety of our cyber operations:
• Improve cyber governance, compliance, education, and risk management;
• Protect, shield, and defend the Postal Service enterprise from cyber threats and prevent disruptive cyber incidents;
• Respond to and recover from incidents, and sustain operations when incidents occur;
• Monitor the internal and external cyber environments, and detect and hunt attacks on the network.
Because of the importance of delivery continuity for government organizations and our ecommerce business partners, staying cyber safe is of utmost importance to the Postal Service’s mission and the mission of our business partners across ecommerce. That’s why the Postal Service has taken three critical steps to promote the practice of safe cyber behaviors and maintain the resilience of our network in the face of cyberattacks.
i. Develop Cyber Awareness
Employees and suppliers are the frontline of the Postal Service’s defense against cyber threats—from the cybersecurity experts who comprise CISO, to corporate staff at Headquarters and mail processing clerks in the field—everyone has a role in keeping information safe. To ensure personnel can successfully carry out these responsibilities, the Postal Service launched CyberSafe at USPS®, the cornerstone of its program for fostering an enterprise-wide cyber culture through annual training courses, monthly awareness campaigns, anti-phishing simulations, and online resources.
The Postal Service is the core of the more than $1.4 trillion mailing industry, and recognizes its responsibility in sharing cyber best practices with its customers and business partners. The public-facing website, USPSCyberSafe.com, was launched in September 2016 to support the organization’s awareness and training efforts through an interactive platform offering content that highlights cybersecurity best practices, tips, and tricks and information on trending cybersecurity topics relevant to the general public.
ii. Network Monitoring
Preventing DDoS and similar attacks requires all of an organization’s systems to work in unison. Firewalls need to block harmful content, monitoring systems need to spot abnormalities, and incident response plans need to coordinate with providers to redirect traffic and maintain critical functions. To this end, the Postal Service operates a 24/7 Cybersecurity Operations Center (CSOC) to provide continuous network monitoring and immediate notification of any cyber breach.
iii. Strengthen Telecommunications and Response Capabilities
The Postal Service works with several telecommunications and content delivery providers across the country to ensure sufficient network management and redundancy in the event of DDoS attacks. This enables our response capabilities to scale-to-size and prevents single points of failure that can be exploited by an attack.
Our ability to quickly respond and investigate threats is supported by ongoing relationships with the United States Postal Inspection Service (USPIS), DHS, FBI, and other law enforcement agencies. The Postal Service also participates in numerous programs brought forth by the intelligence community to share indicators of compromise (IOCs) and carry out shared missions in cybersecurity.
We encourage our partners in ecommerce to pursue similar objectives and develop organizational cultures that promote and reinforce safe cyber practices. It is our collective responsibility to stay vigilant in the face of increasing cyber threats and take the necessary steps to protect our networks, our employees, and our customers.