“It’s not just that the water is cut off, but when the only wastewater treatment facility in your community stops working, really bad things start to happen. For example, if there is no water, there is no hospital,” he says. “I encountered many similar situations during my leadership of the COVID-19 Task Force. There is a huge interdependence between the basic functions of society.”
UnDisruptable27 will focus on engaging with communities that are not reached by the policy debates taking place in Washington DC or by the Information Sharing and Analysis Centers (ISACs), which are intended to represent every sector of US infrastructure. The project aims to communicate directly with people working on the ground in critical US infrastructure and together grapple with the reality that cybersecurity-related disasters could impact their daily work.
“If you have a data breach, you get the services you want, like identity protection, for a while, and life goes on, and people think there won’t be any long-term consequences,” says Megan Stifel, chief strategy officer at IST. “There’s an expectation that everything will be fine, that things will continue as normal. So we’re very interested in addressing this issue and thinking about how we can approach critical infrastructure security with a new approach, perhaps.”
Corman notes that while cybersecurity incidents have become a well-known fact of life, business owners and infrastructure operators often feel blindsided and surprised when a cybersecurity incident actually affects them. Meanwhile, when government entities try to enforce cybersecurity standards or become partners in defense initiatives, communities often resist the intrusion and perception of overreach. Last year, for example, the U.S. Environmental Protection Agency It was forced to rescind new cybersecurity guidelines for water systems. after water companies and Republicans in Congress filed a lawsuit over the initiative.
“Time and time again, trade associations, lobbyists, owners and operators have an allergic reaction to oversight and say, ‘We prefer the will, we’re doing fine on our own,’” Corman says. “And they really are trying to do the right thing. But also, time and time again, people are surprised that there could be disruption and are very blindsided. So one can only conclude that the people who feel the pain of our failures are not included in the conversation. They deserve to understand the risks inherent in this level of connectivity. We’ve tried a lot of things, but we haven’t tried to be honest with people.”
UnDisruptable27 launches this week to gain visibility among attendees at BSides, as well as the other conferences, Black Hat and Defcon, running through Sunday in Las Vegas. Corman says the goal is to combine the hacker mentality and, essentially, a call for volunteers with plans to work with creative contributors to produce engaging content to drive discourse and understanding. Information campaigns using memes and social media posts or ambitious projects like narrative podcasts and even reality shows are on the table.
“We must prioritize the safety, security, and resilience of critical infrastructure, including water, healthcare facilities, and utilities,” Craig Newmark, the founder of Craigslist whose philanthropy funds UnDisruptable27, told WIRED. “The urgency of this issue requires affecting human behavior through storytelling.”