Oh, BTW, The Russians Cyberattacked the U.S. Critical Infrastructure

While we have been distracted by the dalliances of an errant president, the exfiltration from Facebook of personal information belonging to a gazillion users, and the use of those data to influence elections, the U.S. encountered an existential threat, which was given relatively short shrift by the news media. On March 15, 2018 the US-CERT issued an alert (TA18-074A), available at https://www.us-cert.gov/ncas/alerts/TA18-074A,  based on DHS and FBI analytic efforts, which “provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” BTW, it’s just nitpicking, I know, but why is “government” initial lower case for Russia and upper case for the U.S.? Or is this indeed another war—spelling war—to add to trade war, war of words, kinetic war, and cyber war? If this is a typo, then OK. If it is meant as a slight, then I think that we could do better.

The alert also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian Government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

Yes, the press did mention this, but its significance seems to have been lost in the flood of other news. However, the issue has returned. According to an updated April 17, 2018 article by R. Hutton and N. Syeed, there is a warning, from DHS, FBI, and the UK’s National Cyber Security Center, that “Russia is using compromised computer network equipment to attack U.S. and British companies and government agencies …” The article “Russia Steps Up Hacking, Spurring U.S.-U.K. Warning on Risk” is available at https://www.houstonchronicle.com/business/article/U-S-and-U-K-Issue-Joint-Alert-Warning-of-12837944.php

According to the warning, “Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to:

  • support espionage
  • extract intellectual property
  • maintain persistent access to victim networks, and
  • potentially lay a foundation for future offensive operations …”

The proposed solution is to “Make sure that your router software is up-to-date and its password is secure.” Well, that’s going to work, isn’t it? How many organizations will actually follow that advice? Not too many, if history is an indicator. No, some voluntary elective procedure in the face of a well-armed cyber enemy is nonsense.

So, what should we do? It’s not rocket science. We need to monitor this activity and remove all data that is at risk to a secure air-gapped system. If we want to be clever about it, we can put misleading—even dangerous—data in its place. That has worked before and might do so again. You have to assume that all data that is not so protected is in play. Will counterattacks work as a deterrent? I very much doubt it. It’s an asymmetric encounter, with the U.S. and the U.K. being disadvantaged by having much more to lose than do our adversaries. Consequently, we should have a much greater incentive to protect our sensitive data.

Wake up, Congress! Privacy legislation is important, except that that battle has already been lost to big tech. We are engaged in a cyberwar, as I and others asserted a decade ago, and we need wartime measures to shore up our National security. None of this namby-pamby advice to come up with a secure password for your routers that have already been compromised because you retained the initial default password. We need laws that will force organizations to go to much greater lengths to make sure that sensitive data cannot be accessed by criminals and adversaries—and we need them now!

Post a Comment

Your email is never published nor shared. Required fields are marked *