Swimming Among Black Swans: Are Cybersecurity Outliers Becoming the Norm?
Cybersecurity is Swimming Among a Sea of Black Swans For centuries, it was believed that all swans were white. However, on January 10th, 1697, Dutch explorers travelled up a river, now called the Swan River in Western Australia, and discovered black swans, overturning 1500 years of Western understanding in a highly unexpected and rare occurrence. The “black swan” has since become a metaphor, originally coined by author Nassim Nicholas Taleb in 2007 to describe an event that is both unexpected and significant in impact. Using this metaphor, Taleb argued that the predictability of events tends to be overestimated and the potential impact of rare and unlikely events underestimated. Taleb succinctly summarised the central idea of the Black Swan event, writing that “rare events cannot be estimated from empirical observation since they are rare”. Although traditionally employed by financial and economic commentators, the notion of a Black Swan event is becoming an increasingly appropriate analogy for modern cybersecurity challenges. Black Swan events have a disproportionate impact on our understanding of the world and the way we make decisions. Cybersecurity has become so besieged with such events in recent years, that it has practically been swimming among a sea of Black Swans. Cybersecurity Black Swans: A Taxonomy of Recent Events The inundation of cybersecurity Black Swan events in recent years is not an artifact of the news cycle, which frequently reports the rare and rarely reports the frequent; on the contrary, many of these events have shaped the industry. To make this point, let us revisit some cybersecurity Black Swan events from the last ten years and highlight what made them so unexpected and significant.
- 2014 – A cyber-attack against a German industrial steel mill caused massive damage to the mill and resulted in physical damage to equipment. This incident was notable as one of the first cases of a cyber-attack causing significant physical damage in the industrial sector.
- 2015 and 2016 – In an attack on the Ukrainian power grid, hackers were able to gain access to the control systems of multiple power distribution companies and cause widespread blackouts. This incident was significant as one of the first successful cyber-attacks on a power grid.
- 2017 – The Triton/Trisis malware attack on a petrochemical facility in Saudi specifically targeted the facility’s safety systems and had the potential to cause a catastrophic release of toxic chemicals. This was one of the first instances of a cyber-attack being used to specifically target the Safety Instrumented System (SIS) of an industrial control environment.
- 2017 – The infamous WannaCry ransomware attack affected an unprecedented 200,000 computers in 150 countries, causing widespread disruption to businesses and government organisations worldwide.
- 2020 – The SolarWinds supply chain attack was a cyber-espionage campaign that involved the compromise of software updates for the SolarWinds Orion IT management software. The attack was notable for its level of sophistication and coordination in targeting and accessing a significant number of government and private sector organisations.
- 2021 – The cyber-attack on the Colonial Pipeline resulted in a shutdown of a major oil pipeline supplying fuel to the east coast of the United States. The attack was significant due to the extent of the disruption and the reaction of the populace to the fuel shortage.