Cyber Scene #57 - New Cybersecurity Developments
Cyber Scene #57 -
New Cybersecurity Developments
This month has been overflowing with cybersecurity developments—new hacks, fallout and rebounding from past and recent hacks, assessments of crystal balls past and present, and most importantly, where the U.S. stands regarding the 17 June Biden-Putin meeting. We will start with the latter and flash back.
On 17 June, U.S. President Joe Biden and Russian President Vladimir Putin held their first meeting as presidents under the cloud of the recent Russian-originated cyberattacks. President Putin had already declared "nyet" when questioned just prior to the meeting with President Biden regarding Russian governmental involvement in recent, Russian-traced cyberhacks. The setting was cast by the U.S. as a meeting and not a summit, framing the discussions as expectations being limited but a start. NBC has captured both the essence and the video. The tenor was not friendly, but histrionics were also absent on both sides and the meeting itself was historic. The door to further contact was left open.
As the world cries "Where's the beef?" with the hack of JBS, SA, a global Brazilian-owned meet producer in the U.S., the expansive spread of ransomware likely gives this readership pause. Ditto for your car, if recent gas prices brought you to a halt, particularly if you live east of the Mississippi, in the South, or on the Eastern seaboard. The Mid West may have escaped the shortage of gas but not of McDonalds offerings. And this is just the fallout of attacks in very recent 2021 history that have reached public view.
As for the role of government, on 19 June Wired's Gilad Edelman writes that the U.S. Government is now moving at the speed of tech. He believes that one strong indicator is the appointment of new Federal Trade Commissioner (FTC) Lina Khan. He states: "This week, Khan, at all of 32 years old, was appointed chair of the FTC, one of the two agencies with the most power to enforce competition law. Congress, meanwhile, has introduced a set of bills that represent the most ambitious bipartisan proposals to update antitrust law in decades, with the tech industry as their explicit target."
Lina Khan's ascendance to the top of the FTC, and a set of bipartisan antitrust proposals, show just how much has changed in Washington—and how suddenly. Politics, in other words, may at least be aspiring to finally be moving at the speed of tech.
While Mr. Edelman's report may be more aspirational than foundational, he does provide proof that both corners in the ring have found common ground, for disparate and different reasons, for moving to try to restore a fair playing field (to mix metaphors) with common ground. Ms. Khan will lead the FTC in looking at Amazon and fellow FAANGs.
Such is the glimmer of bipartisanship that speaks volumes of a functional future. Catching up with tech, however? Well, the future will tell us.
Some have been correct in predicting it in the past. One such clairvoyant is Leon Panetta, former Director of CIA, as well as other positions, who warned of a looming "Cyber Pearl Harbor" a decade ago, per NYT's Nicole Perlroth's "Are We Waiting for Everyone to Get Hacked?" of 6 June. She admits that he didn't call every issue, and some predictions haven't happened yet, but "…the stark vision he described is veering dangerously close to the reality we are living with now." Ms. Perlroth cites 2021 hacks attempting Super Bowl water contamination and attempts at disrupting Martha's Vineyard ferries in addition to the well-known recent hacks, and adds that the list does not include all the businesses that are paying off extortionists quietly. The entire article is well worth a read.
The Colonial Pipeline hack did much to highlight Mr. Panetta's predictions. Although the restart of pipeline operations occurred in early May, NYT Clifford Krause and David Sanger note that many gas stations and refineries were slow to start. The NYT authors describe the attempts to resume fueling for mass transit, truck deliveries, chemical producers and airlines and the reaction of individuals, one of whom categorized this hack as like the beginning of the pandemic where people "just freaked out."
On a macro level, The Economist 15 May "Hacking and Ransoms; Post-Colonial studies," discusses how such a cyberattack underscores growing risks to infrastructure in the U.S. It goes on to cite several energy-specific initiatives that have been in place to counter cyberattacks, including the 2020 Cybersecurity Multi-year Program Plan. But vulnerabilities obviously remain, and hackers have doubled ransom amounts, thereby increasing incentives.
It was Pete Buttigieg's first crisis as Secretary of Transportation, and U.S. Cabinet members "…held a series of briefings to describe efforts to get freight trains, trucks and more ships into what amounted to a complex bucket brigade to bring fuel up the East Coast."
The fallout continues. Details of the Russian-affiliated DarkSide in Ransomware Powerhouse as reported by NYT's Andrew E. Kramer, Michael Schwirtz and Anton Troianovski reveal not only a sweeping, high profile attack, but also that "It casts a spotlight on a rapidly expanding criminal industry based primarily in Russia that has morphed from a specialty demanding highly sophisticated hacking skills into a conveyor belt-like process. Now even small-time criminal syndicates and hackers with mediocre computer capabilities can pose a potential national security threat." And for a mid-crisis assessment of where it all stands, see CNN's Zachary B. Wolf's What Matters regarding ransomware hacks. Even as individuals try to fill the tank and calm down, the U.S. Government is trying to systemically, and in a bipartisan way, counter fallout and repetition.
CNN itself is sensitive: AP's Kelvin Chan 8 June reported that CNN, as well as the NYT and Britain's government home page plus dozens of other web pages were victims of a cloud computing outage of the service Fastly. The San Francisco-based service said the problem was technical and not a cyberattack, but it gives one pause.
On 8 June NYT David Sanger and Nicole Perlroth updated their lessons-learned/way forward synopsis of ransomware attacks such as the Colonial Pipeline. Pointedly, they concluded that "The episode underscored the emergence of a new "blended threat," one that may come from cybercriminals, but is often tolerated, and sometimes encouraged, by a nation that sees the attacks as serving its interests. That is why Mr. Biden singled out Russia — not as the culprit, but as the nation that harbors more ransomware groups than any other country."
FBI Director Christopher Wray confirmed in a broad-based 4 June article by Wall Street Journal's Aruna Viswanatha and Dustin Volz, that Colonial had paid approximately $4.4 million in ransomware. However, subsequently FBI recovered the money in both cash and bitcoins. In this article, Director Wray also addresses the role of government in the ransomware world. He took a page from Mr. Panetta, comparing the recent cyberattacks to 9/11. The WSJ goes on to discuss Biden administration officials as characterizing these attacks as an urgent national security threat, and that "they are looking at ways to disrupt the criminal ecosystem that supports the booming industry.'
This WSJ tech news briefing continues, describing what is a "whole of government" focus on countering ransomware. From the judicial branch of government, Deputy Attorney General Lisa Monaco urged all ransomware investigations to be coordinated with a task force created in April.
Part of this challenge is public-private coordination. Anne Neuberger, White House Deputy National Security Adviser for Cyber and Emerging Technology, contacted corporate executives and business leaders to "…immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations." Ms. Neuberger added that the Biden administration was working with other countries to counter ransomware gang attacks. She concluded: "We cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices."
Days later on 8 June the Associated Press' Mike Corder, Nick Perry and Elliot Spagat reported that the FBI executed a major cybersecurity "unprecedented blow" to organized crime in Trojan Shield. In conjunction with 15 other nations, the FBI rolled up 800 suspects, 32 tons of drugs, 250 firearms, 55 luxury cars, and over $148 million in cash and cryptocurrencies. How? In 2018, FBI took down an IT company, Phantom Secure, that provided end-to-end encrypted devices and replaced it with a secure messaging system of its own, ANOM. Business was herded to ANOM. The FBI worked with USDA as well as the EU's Europol with world-wide impact, according to Dutch National Police Chief Constable Jannine van den Berg. Beneficiaries reached as far as Australia.
As Ms. Neuberger asserted, this is not only a private-public matter, but also a global one. NATO's Secretary General Jens Stoltenberg reminded the Atlantic Council that NATO includes cyber-attacks as demanding an Alliance "Article 5" military response—"all for one and one for all." This means that all NATO members will support the country or countries in a cyber environment that are attacked. The only time so far that NATO has declared an Article 5 was for 9/11. And this resulted in 47 countries (NATO and others) joining the U.S. in a military-on-the-ground response.
Capitol Hill has been incredibly supportive of this direction. Indeed, the Senate has just confirmed the appointment of Chris Inglis as National Security Advisor for Cyber via a voice vote, indicative of the strong expectation of few if any nays. This bipartisanship was matched with multiple accolades from Senators on both sides of the aisle. While the Senate is responsible for confirmations, it also plays a role in funding as Congressional purse keepers. However, the Senate has not funded Mr. Inglis' office yet nor sorted out various directives regarding his execution of duties.
So perhaps the U.S. Government is not quite moving at the speed of tech, but it appears to be approaching a broader domestic and international, public-private, and comprehensive most-if-not-whole of government acceleration.