What’s Next After Russian Attacks on Critical Infrastructure?
Dan Lohrmann
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
In an unprecedented move, the US CERT revealed details of Russian hacking of U.S. critical infrastructure operators, including energy, nuclear, water, aviation, and critical manufacturing facilities. What was announced and where is this heading next? Most important, how can your public- or private-sector organization respond? Let’s explore.
The level of nation-state sponsored cyberattacks against civilian businesses crossed a dangerous new threshold this month.
In a series of briefings, press releases and well-timed reports, the United States accused Russia of cyberattacks on our power grids and other critical infrastructure facilities:
“The US government has accused Russia of remotely targeting the US power grid, as part of its newly unveiled sanctions on the country.
The Department of Homeland Security released details of what it called a multi-stage effort by Russia to target specific government entities and critical infrastructure.”
Here are a few of the other related headlines with related reports from different news sources:
- Bloomberg News: Russian hackers attacking the US power grid and aviation, FBI warns
- Free Beacon: DHS, FBI Warn Companies of Ongoing Cyber Attacks on Critical Infrastructure
- Newsweek: Russian Hackers Attacked U.S. Nuclear, Aviation and Power Grid Infrastructure, FBI and DHS Warn
Why Is This an Escalation in Threats?
As reported by SC Magazine UK: “The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) took the unusual step Thursday of issuing an alert naming the Russian government for targeting US critical infrastructure with cyber-attacks.”
While there have been numerous reports, surveys discussions about foreign infrastructure being hacked, and quiet back-room discussions among cyberpros that these activities have been going on for a while, never before has this level of detail been revealed to the public.
I really like the interviews and analysis of the situation offered by TheCipherBrief.com. They called the Russian targeting of critical infrastructure our “Achilles Heel."
Here are some of the noted experts and their comments:
Chris Inglis, former Deputy Director, NSA
“What I read out of the DHS note is that it’s a pretty broad effort to get into a number of critical infrastructures: energy; nuclear; commercial facilities; water; aviation; critical manufacturing — there’s almost nothing off the list. So the Russians are doing a fairly broad penetration.
Rob Dannenberg, former CIA chief of the Central Eurasia Division
“There is no question that the Russian cyber activity as reported Thursday, but observed for years, should be interpreted both as preparation of the battlefield and as a message to the U.S. of Russia’s cyber capabilities, and possible use of kinetic cyber activity in response to a U.S. action such as, for example, a strike against Syrian leader Bashar Assad.”
James Lewis, Senior Vice President, CSIS
“In the Cold War, Russia and the U.S. floated reconnaissance satellites over each other to identify targets for attack. This cyber reconnaissance is the same thing. It identifies targets and sends a threatening message.”
These announcements came the same week when the United Kingdom (UK) expelled 23 Russian diplomats for over ex-spy’s poisoning, and U.S. officials supported the U.K. regarding this incident.
The situation is so heated that some countries are threatening a 2018 FIFA World Cup (soccer) boycott.
Meanwhile, the Washington Post reported that the U.S. is getting tougher on Russia with new sanctions. "In its toughest challenge to Russia to date, the Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America’s electric grid, factories, water supply and even air travel through cyber hacking. The U.S. also hit targeted Russians with sanctions for alleged election meddling for the first time since President Donald Trump took office. …”
For the rest of this important article, including next steps and more, please visit: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/next-steps-after-russian-attacks-on-us-critical-infrastructure.html
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
6 年Thanks Caston. What are your thoughts on the quotes by DHS Secretary Nielsen at the RSA Conference about Russia and N. Korea? Do you believe her? The background is listed here: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/rsa-conference-2018-security-industry-is-a-work-in-progress.html Excerpts: "Last year, both Russia and North Korea unleashed destructive code that spread across the world, causing untold billions in damage. ..."
I appreciate you perspective, Dan. A couple of points that drive my view of the information that is released... 1) The intelligence agencies have a recent history of either bad intelligence or political motives that misused or even falsified intelligence. Witness "weapons of mass destruction", "9 intelligence services validating the Russians attacking the DNC", and the accusations that ~20 states' voting processes were attacked". 2) In the past, intelligence has been just that... intelligence. Movements in battle groups, flexing muscles, counter-intelligence operations have remained the domain of the intelligence services. They weren't made headlines and shouted from the mountain-tops so to speak. No, when the media starts putting these allegations on the front page, then it needs to be backed up so that the American people are informed about what we are being led into. 3) Cyber war can lead to millions of lives lost. Colin Powell claims he was misled about intelligence that has led us into quagmire after quagmire & the rise of terrorism. The stakes are higher confronting Russia more than our past "adversaries". Even if I trust the intel, I don't trust the weaponization of intel by politicians.
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
6 年Caston - I hear you. But the sad truth is that it is very, very difficult to know if claims made by our US 3-letter agencies are accurate or not - unless you have a clearance yourself, in which case you cannot talk (or write about) such things without serious consequences. I generally believe these reports, based upon professional relationships with trusted individuals in these critical infrastructure organizations. Also, the storyline and security trends make sense. As a former NSA employee and a State CISO /CSO /CTO who had a clearance for more than 2 decades, I can tell you that all these stories are certainly complicated and have two sides to them. Nevertheless, if we do not believe what the US Government is openly telling us about cyberattacks against us - and our United Nations friends like the UK, S. Korea and France are saying the same things - can we trust anyone at any time regarding cyber? I do agree that 'trust and verify' is very, very hard in our new online world - harder than even the Cold War. Reminds me of the IRA battles in the UK and Ireland in the 80s and 90s - always 2 different perspectives on the same conflicts.
Am I the only one who views claims about Russian cyber attacks with great skepticism? When I step back and look at the tools and methods and resources put into just the information that was exposed eyeshadow brokers in Edward Snowden, the US activity in cyber security defenses and attacks dwarfs all other initiatives. It seems to me a hyper hypocritical to be crying about the Russian activity when we are doing at least as much, if not more.