Anika Begay
“It’s not just that the water runs out, it’s that when the only wastewater treatment facility in your community is down, really bad things start to happen. For example, no water means no hospital,” he says. “I’ve really encountered a lot of this in my leadership of the Covid Task Force. There’s such an interdependence between basic functions of society.”
UnDisruptable27 will focus on engaging with communities that are not reached by Washington, D.C.-based policy discussions or the Information Sharing and Analysis Centers (ISACs), which are supposed to represent every U.S. infrastructure sector. The project aims to communicate directly with the people who actually work on the ground in U.S. critical infrastructure and to address together the reality that cybersecurity disasters could impact their daily work.
“You have a data breach, you get some service like identity protection for a certain period of time, and life goes on, and people think there’s no long-term impact,” says Megan Stifel, IST’s chief strategy officer. “There’s this expectation that everything is fine, that things are just going to continue. So we’re very interested in addressing this issue and thinking about how we can approach critical infrastructure security with perhaps a new approach.”
Corman notes that while cybersecurity incidents have become a well-known fact of life, business owners and infrastructure operators are often shocked and taken by surprise when a cybersecurity incident actually affects them. Meanwhile, when government entities seek to impose cybersecurity standards or partner with defense initiatives, communities often balk at the intrusion and perceived overreach. Last year, for example, the U.S. Environmental Protection Agency was forced to rescind new cybersecurity guidelines for water systems after water companies and Republicans in Congress filed a lawsuit challenging the initiative.
“Time and time again, trade associations or lobbyists or owners and operators have an allergic reaction to the oversight and say, ‘We prefer volunteering, we’re doing fine on our own,’” Corman says. “And they’re really trying to do the right thing. But then time and time again, people are just shocked that a disruption could happen and feel very blindsided. So you can only conclude that the people who feel the pain of our failures are not included in the conversation. They deserve to understand the risks that come with this level of connectivity. We’ve tried a lot of things, but we haven’t tried to be honest with people.”
UnDisruptable27 launches this week to give visibility to attendees of BSides and other conferences, Black Hat and Defcon, which run through Sunday in Las Vegas. Corman says the goal is to combine a hacker mentality and, essentially, a call for volunteers with plans to work with creative collaborators to produce engaging content to fuel discourse and understanding. Information campaigns using memes and social media posts or moonshots like narrative podcasts and even reality TV are all on the table.
“We need to prioritize the safety, security, and resilience of critical infrastructure, including water, healthcare, and utilities,” Craig Newmark, the founder of Craigslist whose philanthropy is funding UnDisruptable27, told WIRED. “The urgency of this problem demands influencing human behavior through storytelling.”
