Introduction
According to Bullock, Haddow, and Coppola (2016), the main reason for the increasing threat of cyber attack is the development of technology: “Communications, commerce, finance, and all forms of information management and access can be achieved from almost anywhere, using devices so compact that they fit into our pockets” (p. 321). Technological advancements have affected all critical infrastructures; however, arguably the most prominent effects of development can be seen in the telecommunications sector.
Telecommunication systems have become a part of critical infrastructures, and protecting them is considered to be a matter of national security (Kamien, 2012). The threat of cyber attacks on telecommunication systems is critically important, as the disruption of telecommunication functions can have an adverse effect on many other structures, including federal and state agencies, businesses, and commercial enterprises (Johnson, 2015). Cyber attacks on telecommunication infrastructures are increasingly common, and experts believe that future attacks are inevitable (Masi, Smith, & Fischer, 2010). It is important to understand the potential third and fourth-order effects of cyber attacks on telecommunication structures in order to identify ways of prevention and mitigation.
Data Protection Failure
One of the most prominent possible third-order effects of attacks on telecommunication is the use of sensitive information by malicious forces (Masi et al., 2010). The attack on telecommunication systems impairs the data protection abilities of the said systems, leading to the criminals obtaining sensitive information. The use of this sensitive information thus becomes a third-order effect, and the specific threat associated with the use of this information depends on the nature of data obtained.
For example, civilian information can be used for identity theft, whereas the stealing of financial information can affect the functioning of businesses and other corporate structures. However, telecommunication networks are also responsible for the protection of sensitive defense-related information, which can be used by the attackers to plan future physical or cyber attacks to threaten the national security of the country.
Military information can also become a target of the hackers, which would lead to jeopardization of the U.S. military operations abroad and pose a threat to the U.S. armed forces. Accessing the sensitive information related to the functioning of the telecommunication systems, on the other hand, can be used to plan effective cyber attacks on other infrastructures or on specific employees that are in possession of certain data or authority. The fourth-wave effects of data protection failure may include damage to financial systems, businesses, military operations, defense mechanisms, as well as further attacks on other critical infrastructures.
Impaired Public Safety
Impaired communication is another potential goal of cyber attacks on telecommunication services. Distributed denial-of-service (DDoS) are commonly used to disrupt communications across various networks (Genge & Siaterlis, 2013). Depending on the nature of network affected, the attacks can produce a variety of effects. One of the most concerning third-order effects is impaired public safety, which may lead to a fourth-order effect of threats to civilians’ safety and security. When DDoS attacks target civilian communication channels, they cause an overload that leads to the denial of service due to server unavailability (Genge & Siaterlis, 2013).
Civilians rely on telecommunication networks for being able to contact their friends, relatives, colleagues, and other people. However, in the case of DDoS attacks, communication is impaired, which can lead to a public safety threat. For instance, if the cyber attack is used in conjunction with physical attacks, there will be a delay in emergency response due to the civilians’ inability to notify the law enforcement or other protection agencies.
This may lead to an increase in casualties from the physical attacks, and the fourth-wave effects may be indeed catastrophic. Alternatively, the attackers can use hacked communication channels to generate false messages. For instance, if the attackers use compromised telecommunication networks to send false threat messages, this can cause mass panic, thus impairing public safety and leading to unpredicted security results.
Damage to Control Systems
By targeting telecommunication networks and services, cyber attacks can also target the systems that are dependent on these networks for their operations. Many facilities related to other critical infrastructures, such as the electrical grid and water treatment facilities, as well as refineries, pipelines, and dams, rely on Internet-linked control systems (Masi et al., 2010). If these telecommunication networks are compromised, this may lead to damage to control systems governing these structures, which in turn may cause power outages and other malfunctions as third-order effects (Masi et al., 2010).
For instance, in 2008, “a Central Intelligence Agency official disclosed that public utility networks outside the United States had been infiltrated and equipment had been disrupted, causing power outages in multiple cities” (Masi et al., 2010, p. 19). The potential fourth-order effects of such attacks can be catastrophic, as power outages in critical locations may lead to chaos, damaged transportation systems, accidents, impaired functioning of financial systems, and more. Masi et al. (2010) state that some experts believe that a short, a 15-minute cyber attack on telecommunication may catastrophically impact vital communication and utility infrastructure in the United States.
Conclusion
Overall, it is clear that cyber security threats to the telecommunication networks have to be treated as threats to national security of the United States, as cyber attacks on these systems can have catastrophic effects on a whole variety of other critical infrastructures. Cooperation between the government security agencies and telecommunication companies is crucial to the development of effective defense and mitigation mechanisms.
References
Bullock, J. A., Haddow, G. D., & Coppola, D. P. (2016). Introduction to homeland security: Principles of all-hazards risk management (5th ed.). Oxford, UK: Butterworth-Heinemann.
Genge, B., & Siaterlis, C. (2013). Analysis of the effects of distributed denial-of-service attacks on MPLS networks. International Journal of Critical Infrastructure Protection, 6(2), 87-95.
Johnson, T. A. (Ed.). (2015). Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare. Boca Raton, FL: CRC Press.
Kamien, D. G. (Ed.). (2012). The McGraw-Hill homeland security handbook: Strategic guidance for a coordinated approach to effective security and emergency management (2nd ed.). New York, NY: McGraw-Hill.
Masi, D. M. B., Smith, E. E., & Fischer, M. J. (2010). Understanding and mitigating catastrophic disruption and attack. Sigma: Rare Events, 10(1), 16-22.