Leap Year, Constant Threats: Protecting Critical Infrastructure from Nation-State Threat Actors

Every four years, most humans acknowledge a shortcoming of our Gregorian calendar by adding a Leap Day. This cyclical tradition has been in place since 46 B.C. and was refined in 1582, per an Encyclopaedia Britannica, Inc. article on the matter , getting us to where we are today. As the precise rotation of the Earth was uncovered over the centuries, changes were made to various calendars to account for the extra fraction of a day in the solar year.

Just as it took trial, error, and innovation within human civilization to adopt a widely used and agreed upon calendar, a similar cycle of observing and reacting and technological progress seems to be unfolding regarding global cybersecurity threats and defenses. Recent news reports indicate a significant and rapidly intensifying threat to the U.S. economy and general infrastructure, as well as other countries, by way of nation-state threat actors, particularly those backed by the Chinese government. These reports echo those of a few years ago (2018), and of many years ago (2013), and many years before that (2008), when similar threats were revealed.

Between 2008, technology has improved significantly to repel and outmaneuver the threats of the time, which have also been intensified by this same tech. Finding ourselves at this similar inflection point once again, it is worth asking, 'what has changed?' and ‘how should we respond?’

Current Federal Bureau of Investigation (FBI) Director, Christopher Wray, put the threat this way : “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities…” If significant attacks against resources involved in energy production, communications, water treatment, or banking, for instance, are realized, it could—in the worst case—create an existential threat by inducing panic and devastating the day to day lives of millions of people. Given that most of our infrastructure is now accessed, maintained, and operated in interconnected cloud networks, the potential damage cannot be easily overstated.

Just over one week ago , anonymous leakers produced via GitHub numerous documents detailing the Chinese government’s current cyber espionage programs. Claims made in these documents include the development and deployment of spyware developed by a Taiwanese threat intelligence organization, I-Soon, for offensive purposes. In other words, various software and tools are designed with the intent of conducting unprovoked attacks against American critical infrastructure and organizations, as well as against other countries.

And if these threats, which seem to focus on potential future events, were not enough, additional indications point to nation-state threat actors actively lodging within U.S. infrastructure for at least five years already. A joint report from Cybersecurity and Infrastructure Security Agency , National Security Agency , and numerous additional American and foreign governmental agencies, “have recently observed indications of Volt Typhoon [a Chinese state sponsored threat group] actors maintaining access and footholds within some victim IT environments for at least five years” (emphasis present in the source document).

The goals of such actions include espionage, intelligence gathering, destabilization, and political disruption. While the objectives of groups like Volt Typhoon are certainly sophisticated and malicious, the tactics, techniques, and procedures used to conduct these operations are run-of-the-mill when it comes to adversarial threat operations. According to the joint release, “Volt Typhoon typically gains initial access to the IT network by exploiting known or zero-day vulnerabilities in public-facing network appliances” and from there can move laterally to gather intel and “wreak havoc”.

While this is by no means good news, the program businesses can implement to better protect their sensitive data and critical infrastructure is fairly standard and readily available.

A common reaction to this particular type of threat is to look to government entities to enact sanctions or implement an all-encompassing national program to largely prevent the attacks forecasted by these impending threats. Relying on another entity to protect your organization and its critical data, however, should not be the favored approach.

The best way to defend against state-sponsored attacks—which is the same for any threat group, with the only real difference here being the financial resources of nation-state actors—is with preparation and network visibility. These components of a robust security program, which were covered in a previous newsletter , require an organizational foundation of employee education and training, the development of proactive assessment cadence, enhanced visibility, preferably via a 24/7 Security Operations Center (SOC) and a well-practiced Incident Response (IR) plan.

The cyber threats facing individuals, businesses, critical infrastructure operations, and governments are neither new nor isolated. Fortunately, a blueprint exists for how to manage the gravity of the stated warnings. Protecting against even the most advanced cyber challenges present on today’s landscape does not require some societal altering advancement like we saw with the Julian and Gregorian calendars; focusing on basic cyber hygiene is what we need at every level.

?If your organization needs assistance in establishing a mature cybersecurity program, contact our team today.

In the United States, Zurich Resilience Solutions managed security services are provided by SpearTip, LLC.

Copyright ? 2024 SpearTip, LLC