Cyber Scene #55 - Cyber Meteorology - Part One: The Ghost of Cold War Past
Cyber Scene #55 -
Cyber Meteorology - Part One: The Ghost of Cold War Past
This issue of Cyber Scene examines which way(s) the cyber wind is blowing and ultimately, who among Western "meteorologists" are willing, able and armed to fight this war.
Historically, the frigid winds from Siberia fly across Europe every winter, race down the Rhone River valley, and in addition to causing some physical destruction, drive the locals temporarily mad. The cyber world continues to anticipate, weather, and counter threats from Russia, not merely in Europe but particularly in the US and its Five Eyes allies. The KGB or SVR or FSB or "mistral" by any name blows strong. Potential victim nations anticipate attacks, shutter their homes (sanctions), try to redirect (expulsions), and generally armor up with learned advice (cyber experts take the con).
Simultaneously, from the country that created explosives for the world, we detect a global change in climate. Your technology summers get warmer. Under ransomware attacks you are already flooded before you know it. Denial of service creeps in, dries up your communications and parches your cyber landscape. And worse is likely to come. National or global power loss? Algae in your drinking water digitized into contaminated home downloads? Buckle up and call your tech pros who understand the cyber world and wield influence and respect of those who control the tools of statecraft.
First to Russia without love. The aptly named SolarWinds attacks (think Siberian wind) came sweeping down into US public and private systems and, like that mistral, have been sourced to Russia. The US White House under President Biden has fought back openly against a bundle of incursions (election-related interference, SolarWinds, military threats to Ukraine, etc.) in both sanctions and expulsions against Russia. As reported by New York Times (NYT) intelligence experts Julian Barnes, David Sanger and Lara Jakes on 14 April, the new National Security Advisor Jake Sullivan indicated that there are both seen and unseen retaliatory actions. Among the "seens" are sanctions against the Russian financial sector (inter alia, US-dollar denominated bonds and Russian debt) and build-up of US military within threatening reach of the Russian troops deployed to the Ukrainian border. The US had also expelled 10 Russian diplomats and sanctioned 32 others for 2020 presidential election interference as reported separately two days earlier by NYT's Andrew E. Kramer. The "unseens" will not of course be specifically identified which, by definition, would convert them to "seens" but would predictably include cyberoperations and cyberexercises with allies.
As reported above, President Biden did contact President Putin about these actions, which the US considered "proportional." Foreign Minister Sergey Lavrov stated that the US actions were actually "escalatory and regrettable." Mr. Lavrov announced the banning of most senior serving US intelligence/cyber officials and several former ones implied that the US might recall its ambassador to Russia (a "suggestion" not a "demand") as Russia had done with its ambassador to the US, and went on to note that since Poland had expelled some Russian diplomats in solidarity with the US, Russia retaliated with the expulsion of some Polish diplomats from Russia. George Kennan, who penned the US policy of Cold War containment, must be turning in his grave.
SolarWinds played a pivotal role in putting the proverbial final nail in the US-Russian "all's well" friendship coffin. Associated Press's Frank Bajak looked in detail at the ransomware contribution to the present state of affairs. He reports that damages alone in 2020 include over 100 federal, state and municipal agencies, 500+ hospitals (and this, during the pandemic, no less), 1,680 schools, colleges and universities and hundreds of businesses. He assesses that tens of billions of dollars in losses have accrued. He also cites former British intelligence cyber chief Marcus Willett as this being "arguably more strategically damaging than state cyber-spying." The looming question is, how does the US go from this catastrophic situation to resolution and safety, and what role might the recent reactions by the US play in the future? How do the US and its allies, and their companies around the world, protect against these attacks?
Many will appreciate the Bill Whitaker's CBS 60 Minutes refresher on SolarWinds' guilt in launching this US-Russian volley of threats as well as presenting a view to where US policy could go. He interviews three individuals savvy about the attacks regarding whether these recent ones crossed the line ("yes"), the difference between more traditional cyber spies and these attacks, the downstream impact upon up to 300,000 users, and the folly of avoiding "making Russia mad" when the US "should make it afraid." Watch the video and you will gain a serious appreciation for the direction cyber operations will take under the new Biden Administration, particularly if you read the rest of this Cyber Scene as well.
Remaining on the US front, the Washington Post's Joe Davidson examines the current state of US cybersecurity and opines that its status "is good reason for Americans to be insecure." This is likely to change for the better. Cyber Scene readership is conversant with the role of the bipartisan, bicameral Congressional Cyberspace Solarium Commission. Its four leaders, Sen. Angus King (I-ME), Rep. Mike Gallagher (R-WI), Sen. Ben Sasse (R-NE), and Rep. Jim Langevin (D-RI), had in January called for the creation of a national cyber director post, as had a GAO report and the Commission done previously. The four Solarium leaders explained:
"As our adversaries' attempts to probe our networks become bolder, the need for a leader with statutory authority to coordinate the development and implementation of a national cyber strategy to defend and secure everything from our hospitals to our power grid could not be more clear."
President Biden, on 11 April, nominated former NSA Deputy Director John (Chris) Inglis as the first US National Cyber Director; former NSA senior executive Jen Easterly to replace the fired Chris Krebs as head of the Cybersecurity and Infrastructure Security Agency (CISA); and Robert Silvers as Undersecretary for Strategy, Policy and Plans at DHS per the Washington Post's Ellen Nakashima. As reported by Joe Davidson (above) the Cyberspace Solarium Commission has praised the President's nominations. Rep. Jim Langevin went so far as to say: "I am absolutely thrilled with the appointment of Chris Inglis as the first national cyber director." Inglis, Easterly and Silvers require Senate confirmation, which is expected to be smooth. They, joining the already-in-place Anne Neuberger to serve as Mr. Inglis's deputy, have their work cut out for them, as the 60 Minutes video captures. Politico provides a comprehensive biographical background for Chris Inglis, who served as the second longest ever deputy director of NSA, and Jen Easterly who had, inter alia, assisted General Keith Alexander in establishing Cyber Command as one of his "Four Horsemen." One of the other three is current NSA Director Paul Nakasone. Rob Silvers has served as DHS Assistant Secretary for Cyber Policy during the Obama administration; as Undersecretary (a move of increasing responsibility) Silvers will likely put his cyber background to good use. Chris Krebs, himself, declared the three picks as "brilliant."
To avoid excluding a Cyber Scene peek at the third (judicial) branch of government, it should be noted that the nominee, announced on 17 April, for Deputy Attorney General, is also a cyber expert. Lisa Monaco, who served the Obama Administration on counterterrorism issues, is well prepared for her remit to tackle not only domestic extremism but cyberattacks from abroad. The Senate Judiciary Committee, per the NYT's Katie Benner's report, "voiced unanimous support and a bipartisan coalition of senators is expected to confirm her in the coming days." They did, 98-2, three days later on 20 April, per the Senate's own count.
Near unanimity in the Senate as well as the bipartisan strength of the bicameral Cyberspace Solarium Commission bode well for the advancement of cyber security in the coming years, as does support from alliances.
Deepening the cyber bench is not restricted to political appointments. The US Senate is trying to bolster DoD's cyber security status by expanding quantum computing. As reported by C4ISRNET's Joe Gould, the two bills, one from Sen. Maggie Hassan, (D-NH) and one from Sen. John Thune (R-SD), are part of the Quantum for National Security Act, which would impact the Pentagon, and the Quantum Network Infrastructure and Workforce Development Act. The two bills were introduced to the Senate on 16 April. The two senators are supporting each other's bill—another sign of bipartisanship regarding technology--which would enhance quantum computing research, expand partnerships, and generally place quantum computing on the front lines of DoD technology.
NATO, awaiting President Biden's visit to Belgium, is also fortifying its cyber defenses, as reported, again, by C4ISRNET.
On 15 April NATO convened a virtual NATO Cyber Defence Pledge conference hosted by the government of Estonia to discuss needed improvements in the alliance's cyber posture. Estonia also hosts NATO's Cyber Security Center of Excellence. Among other topics, one theme in the publicly available remarks by top leaders was "a newfound urgency in protecting key infrastructure against cyberattacks as the coronavirus pandemic has forced an even greater reliance on data connectivity across all sectors of society." Estonian Prime Minister Kaja Kallas referred to "malicious cyber activities" near and far, her apparent reference to Russia and China. The two key themes were mandating certain levels of resilience among NATO members, including cyber resilience, and leveraging NATO's capacity for harnessing next-generation technology.
Lastly, as the Economist reported in late March, the UK is placing science and technology "at the heart of a foreign and defence policy shake-up." This derives from Prime Minister Boris Johnson's recent "integrated review of foreign, security, defense and aid policy." However, the review highlights the aspiration of the UK to become a science and technology superpower, as the country anticipates technology becoming the prime metric of national power. The review cites the need to influence "the future frontiers of cyberspace…data and space" among other references to cyber's central role.
And yes, the UK approach does call out China, which will return as a topic, also viewed through meteorology, for the May edition of Cyber Scene.