What Skyjacking and Kidnapping Cases Can Teach Us About Responding to Ransomware Attacks

Stephen Smith

While ransomware is a relatively new phenomenon, ransom-related crimes have been around for generations. Here are four lessons from the past which we believe will help state and local governments protect themselves in today’s digital world.

In 2018, there were 56 targeted ransomware attacks reported by state and local governments in the United States, a 40 percent increase over the number reported the previous year, according to a May 2019 Recorded Future report. In the first half of 2019 alone there were 55 documented attacks, nearly equaling the 2018 total and suggesting that this trend is accelerating. 

The increasing number of ransomware attacks in state and local government has resulted in an explosion of media coverage, most of which has focused on current causes and effects. We believe there’s value in looking at past instances of ransom-related crimes, such as skyjackings and kidnappings, and examining the actions taken to reduce them. These examples offer response tactics we believe can be applied to today’s digital world. 

Let’s start with skyjackings. In the 1970s, over 150 planes were hijacked and held for ransom in the United States alone. Fast-forward to 2018: there were none. So what changed? Three things: 

  • More stringent airport screening; 
  • Hardened cockpits on planes; and
  • Aggressive responses by passengers and crew to potential threats. 

The response to political kidnappings can be equally instructive with regard to dealing with ransomware. The advent of “Kidnapping and Ransom (K&R)” insurance completely changed the calculus on these events by adding a risk reduction requirement to the policies. If you wanted K&R coverage you had to take precautions to actually reduce your risk of being kidnapped. 

Using Past Ransom Crises to Define Future Ransomware Response Strategies

What do the responses to these past threats have to do with today’s digital attacks? We see four lessons learned from past ransom crises which we believe can be applied to protecting state and local  governments from ransomware. 

  • Change behaviors. In the skyjacking example, increased airport screening has affected air travel for all passengers, but they’ve adapted to it. Taking off your shoes and going through a metal detector are now accepted practices. Similarly, cities might consider adopting e-screening techniques as a requirement before the public can access digital services. This might include something as simple as making sure residents have updated the operating system software on their mobile devices before allowing them access to city websites. Or, it might mean changing internal practices to implement more stringent patch management on agency-owned assets, such as using tools to prioritize this type of mitigation. In addition, city employees could be required to connect to work-related applications only with city-owned assets or via proprietary VPN connections using two-factor authentication. 
  • Harden the infrastructure. If a threat actor in a skyjacking scenario can’t get in the cockpit, they can’t take over the plane. Government IT infrastructure needs to be equally hardened. While information technology professionals understand the importance of implementing CIS controls and/or other standards, they often lack the budgetary influence to obtain the tools necessary to implement them. In the ongoing Deloitte-NASCIO Cybersecurity Study, which is based on biennial surveys of state CIOs, respondents have routinely cited a lack of sufficient funding as their No. 1 challenge in addressing states’ efforts to thwart threat actors. To address this, cities should transfer cybersecurity responsibility from IT to public safety. Public safety initiatives get funded because their work is visible to the public. More to the point, public safety leaders can acquire weapons and weapons systems — and cybersecurity tools could be branded as such. Here are three ways local governments can change the conversation when it comes to cybersecurity funding
  • All for one and one for all. Behave threateningly on an airplane today and fellow passengers will take action. While we’re certainly not condoning vigilantism, we believe cities should empower their communities to respond quickly and assertively to all forms of cyberthreats, from phishing attacks to complex exploits by threat actors. First, mayors should install someone in uniform as the city CISO and address cyberthreats in the same manner as any other potential crimes. Tools like Tenable’s, which offer predictive prioritization of vulnerabilities, can stand alongside crime reporting, analysis and forecasting tools like CompStat to ensure appropriate resources are applied based on the probability of these crimes occurring. Second, public safety officials should set up Crime Stopper-type channels for reporting cyberthreats and vulnerabilities and make them publicly available. Finally, mayors should create a “cyber corps” of local experts who can be called on as advisors during a crisis and also serve as a sounding board for public comment regarding cyberthreats. 
  • Use insurance as an instrument of change. Kidnapping and ransom insurance policies led to enhanced risk management requirements on behalf of the potential beneficiaries of these policies. The same will be true for cyber insurance. Cities will want to obtain the lowest rate possible for coverage and will therefore comply with similar risk management requirements. This will come with a cost, albeit a much lower one than a ransom. Mayors who choose to acquire cyber insurance can use this fact as a lever to gain increased budget for the acquisition of cyber tools and staffing to control the cost of premiums and further reduce the probability of future ransomware attacks. 

While it’s true that the challenges we’re facing in today’s digital world are unique, it’s helpful to consider these and other ways state and local governments have responded to other major public safety challenges. If you have other ideas on how we can use historical responses to guide our future strategy, email me at stsmith@tenable.com.

Learn more:

Read more >

Published on Sep 16, 2019

People also viewed

Senior Financial Analyst - Corporate Development

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Finance
Your Role:Become a core member of Tenable’s internal corporate development team and assist with business, financial and valuation modeling for mergers, acquisitions and other strategic investments and initiatives.  Assist with evaluating elements ...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Technology Internships
Your Role: The Cloud Security Intern will help Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for the cloud that assess risk, keeps Tenable data safe and bake in sec...

Salesforce Administrator

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Business Platforms Business Platforms
Your Role:Tenable Network Security is looking for a Salesforce.com Administrator to join our internal business platforms team. The qualified candidate will engage in the administration of Tenable’s  Salesforce.com instance, play a key role in the ...

Technical Support Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Internships
Your Role: The Technical Support Intern provides consistent, world-class security, network, and product support for specific Tenable products. In serving as the primary liaison between the company and customer, the Technical Support Intern resolve...

Research Intern - Plugin Automation

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Research Internships
Your Role: Tenable Research is looking for a Software Engineer Intern for the Plugin Automation team.  The position will involve developing frameworks for automated content creation, and processes for validating and publishing the content that is ...

Sales Development Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Lead Generation Sales
Your Role:Tenable is looking for an experienced SDR Manager that will report to the Senior Director of Worldwide Sales Development and is responsible for ensuring the success of the Americas Tenable Sales Development team’s goals, as well as contr...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.