Can Philly’s Security Measures Stand Up to the Pope’s Visit?

As you are probably aware, the last weekend of September 2015 will usher in one of the most historically significant events that the city of Philadelphia (Capsicum’s home base) has ever seen. On September 26 and 27, Pope Francis will hold the World Meeting of Families in the heart of Philly. Anywhere from one million to two million visitors are expected to descend upon the city in hopes of seeing the Pope speak at Independence Hall and hold a massive Sunday sermon on the Benjamin Franklin Parkway. While an exciting event, the upcoming 2015 World Meeting of Families has also introduced several security concerns for the city and its residents. The logistical problems of tripling a city’s population for one weekend—in anticipation of one of the most popular religious figures in the world, no less—are daunting. The city’s security concerns for this event are twofold: to protect infrastructure and maintain a smooth flow of traffic during a massive influx of people, and to effectively prevent and disable terrorist threats. A sudden influx of people, in addition to the presence of a major religious figure, presents a ripe opportunity not just for physical security breaches or acts of terror, but also for crippling cyberattacks. Should malicious actors or hacktivists want to disrupt the 2015 World Meeting of Families, there are several potential targets available to them, including law enforcement communications systems, computer networks, the city’s power grid, its transportation system and cellular networks. Sophisticated hackers could easily cause widespread confusion and panic by disabling any one of these infrastructures. As the Obama administration noted in the 2010 National Security Strategy: “The very technologies that empower us to lead and create also empower those who would disrupt and destroy. They enable our military superiority . . . . Our daily lives and public safety depend on power and electric grids, but potential adversaries could use cyber vulnerabilities to disrupt them on a massive scale.” Currently, there is little information available about the cybersecurity measures being prepared for the Pope’s visit (for good reason). However, some vulnerabilities have already become apparent. As the SEPTA website crashed mere hours after the papal passes went on sale due to a web traffic overload, it appears that some of the city’s technical resources must be further elevated and secured in preparation for this important weekend. A high-profile event like the Pope’s visit to Philadelphia requires a robust cybersecurity strategy – a “cyberdefense posture” to be set by the City. It is important to note that this posture must be considered within a larger discussion – a world stage discussion – regarding cyberwarfare and cyberweaponry. A recent article in SC Magazine outlined issues related to global policy surrounding cyberespionage and cyberwar, and this post would be bereft if it did not mention such concerns within the context of the visit of a religious dignitary. While we cannot be sure of Philadelphia’s cyber-preparedness level, we can hope that every potentially vulnerable infrastructure has been enhanced with the necessary security measures. A cyberdefense posture includes both offensive and defensive aspects. Being proactive includes: identifying and addressing existing vulnerabilities; establishing security goals and designing a corresponding, dynamic strategy; integrating security into routine, daily operations; and identifying cybercapabilities and resources that can be called in to supplement in responding to a cyberevent. Part of a strong cybersecurity strategy would also necessarily include an incident response and restoration plan should an attack occur. Most likely, the security plan shall be regularly reviewed and tested by an outside advisory team able to perform technical assessments and strengthen the system in advance of ever-evolving cyberattacks capabilities. Building such a cybersecurity strategy is no small feat, especially when the system in question affects millions of people. However, a strong security design is a requisite for any organization handling sensitive information. If you are concerned about your data security strategy, Capsicum Group can help.