Cyber Scene #51 - The Viral Cyber Pandemic

Cyber Scene #51 -

The Viral Cyber Pandemic

As most of the U.S. leadership ushers in 2021 with a sigh of relief regarding election security and a hopeful view to containing the COVID-19 pandemic, a hack of increasingly numerous private and public sector networks with SVR's (Russia's Foreign Intelligence Service) fingerprints is casting a dark shadow over the new year. The attack may be seen through the lens of a 21st Century version of a classic diversion and trap door strategy.

While thwarting possible election interference, pandemic vaccine theft, and other nefarious applications of cyberthreats to national, state and local systems, US officials are now beginning to understand the expanding impact of the private sector-generated hackageddon. Media writ large are sizing up the scope of this development, with NBC among others exploring why it is extremely worrisome. Senator Mitt Romney (R-UT) notes: "You can bring a country to its knees if you don't have electricity, don't have water, and can't communicate."

This cyberattack clearly benefitted from surprise. It can be viewed that this cyberattack was successful because it targeted, first and foremost, private, domestic networks. The US Intelligence Community, particularly the National Security Agency (NSA) and Cyber Command, are constrained regarding domestic operations. They have no purview over private sector companies, even if these companies feed into and support US missions. And the end users in both private and public sectors, were unaware of the former Soviet Union players in the supply chain feeding into the US tech world.

The New York Times intelligence reporters David Sanger, Nicole Perlroth and Julian Barnes summarized on 2 January 2021, in "As Understanding of Russian Hacking Grows, So Does Alarm," the increasing understanding of the breadth and depth of the hack and how 250 federal agencies and businesses may now have been affected.

Senator Mark Warner (D-VA), the ranking (#2) member of the Senate Select Committee on Intelligence (SSCI) notes: "The size of it (the hack) keeps expanding. It's clear that the United States government missed it." The tipoff came from a private sector security firm, FireEye. It learned that the transmission occurred via a Texas company, SolarWinds, which served as the conduit. The latter's security operation was a distant second to profitability; one of its security experts had earlier resigned in protest due to the neglect of cyber protection, per the NYT in-depth summary, and the CEO of SolarWinds has now announced his imminent retirement. The NYT intelligence reporters also noted that the source of much of SolarWinds' cyber support came from the Czech Republic, Poland, and Belarus. The latter has been under heavy Russian influence since its "independence" with authoritarian rule, a controlled economy, and one leader since 1994. Its recent election is disputed. So even when Amazon's front door was closed and Microsoft also closed its "windows," an unobtrusive backdoor access was exploited, or rather a Trojan horse's trap door was introduced and the cyberattack released. History does not quite repeat itself but mutates with technological advances.

The Economist (14 December) notes in "Cyber-security: Bear hunt" that FireEye described the attack as "top-tier operation tradecraft." SolarWinds is quoted as saying that "fewer than 18,000 customers" may have been struck, though most would have had collateral damage.

However, some of those customers are current US Cabinet members. Treasury Department's "most senior leadership" was targeted, according to the 21 December as reported by NYT's David Sanger and Alan Rappaport. Senator Ron Wyden (R-OR), a member of the Senate Finance Committee, stated after a briefing for committee staff members, that Treasury "suffered a serious breach, beginning in July, the full depth of which isn't known." Microsoft runs the Treasury Department's software. Secretary Mnuchin spoke about the hack, noting that classified systems had not been breached.

Both Attorney General William Barr and Secretary of State Mike Pompeo believe that the attack "appears to be Russian." The current National Security Advisor, Robert O'Brien, convened a Principals' Committee (PC) session on 20 December to "take stock" of the situation. Other attendees included Commerce Secretary Wilbur Ross, acting Homeland Secretary Chad Wolf, and Energy Secretary Dan Brouillette.

At odds with his own senior leaders, President Trump tweeted on 19 December that the attack on "federal networks was under control, was being exaggerated by the news media and might have been carried out by China rather than Russia" according to Ellen Nakashima and Josh Dawsey of the Washington Post.

In addition to earlier cited diversions, distractions, and disagreement between the White House and the Cabinet, Homeland Security's Chief of its Cybersecurity and Infrastructure Security Agency, Chris Krebs, was fired in November 2020 and a federal judge declared Acting Secretary of Homeland Security's appointment unlawful. Moreover, as reported by NYT David Sanger and Eric Schmitt on 20 December, the present White House Administration and acting Defense Secretary Christopher Miller (following the firing of Mark Esper in November 2020) have recommended that Cyber Command and NSA be divided. This apparently "...led to a firestorm of protest on Capitol Hill. Democrats and Republicans alike say that the two institutions are too intertwined ...and any unilateral action by the administration to change the current structure would violate legal requirements for extensive assessments before altering it." Chairman of the Joint Staff General Milley was reported to have neither reviewed nor endorsed the recommendation.

These legal requirements, in a bipartisan bill introduced by US House Armed Services Committee Representatives Jim Langevin (D-RI) and Don Bacon (R-NE) and passed into law, require a 6 month strategic assessment of the objectives, and means to achieve them, for a separation of Cyber Command and NSA to become effective. This subject has been under discussion since the christening of Cyber Command, but is not a likely candidate for instantaneous creation even when the timing is troublesome.

Stepping back from the current cyber crisis, one strategic look at the divide between public and private sector cybersecurity policy across democratic countries worldwide, is offered by Marietje Schaake, President of the Cyber Peace Institute and International Policy Center at Stanford University. In Foreign Affairs, November/December 2020, she takes into consideration recent cyberattacks on the Norwegian Parliament, the New Zealand stock exchange, and the Vatican, underscoring the fact that these were not threats of a cyber-Pearl Harbor nature, but of "...attacks from below that threshold--intrusions that can still cause grave damage." She also addresses the Microsoft Windows hack and the UK National Health Service shutdown. She calls upon governments to recognize that "...the private sector wields outsize power in the digital world... and that public authorities are largely at the mercy of private companies." Many options for resolving this imbalance are offered, particularly... "for democracies that should extend norms and rules to ensure safety in the digital world."

In fact, such progress might just be underway. The US Senate and the US House of Representatives have coordinated on the new FY2021 Intelligence Authorization Bill. House Permanent Select Committee on Intelligence (HPSCI) Chair Adam Schiff explains what the new bill contains:

It includes important provisions related to global health and pandemics; the challenge posed by a rising China, emerging technologies like artificial intelligence and 5G; recruitment and retention for the workforce; and other regional priorities, including the Middle East, and Afghanistan. Further – and especially notable in light of the recent cyber breach of government agencies and private sector companies – the bill also includes several provisions designed to strengthen our cyber defenses, protect our supply chains, and provide additional resources and capabilities for responding to cyber-attacks. Many of the most important elements of the bill are contained within the classified annex that governs the necessarily secret elements of the IC's work.

While the references to Russia's cyberattack can only be inferred from Rep. Schiff's oblique reference to the classified annex, the summary does speak to the recent cyber breach crossing public and private sector domains. Likewise, the Senate, has worked via its SSCI, to hold two closed hearings where the hacking is likely to be addressed in December 2020 and one on 6 January 2021 in addition to all the stimulus, pandemic, seating new members on Capitol Hill, and other pressing issues.