More on the Latest Cyberattacks
Just when it seemed as if all were quiet on the Western front, Jeanie Larson, the Department of Energy’s (DOE’s) program manager for incident response, shattered the silence during her presentation at the recent Government Forum of Incident Response and Security Teams (GFIRST) conference. In a nutshell, Jeanie said that although fewer attacks against US government networks are occurring, the state of security is by no means better. Instead, attackers are more carefully choosing their targets, usually by focusing on a few government employees and contractors whom the perpetrators believe have information that is highly valuable to them, then using various methods (email, malicious Web sites, and more) of infecting their computers with malware that captures all input and output. The targets are chosen through extensive reconnaissance and intelligence-collection activities that often last for months before an attack is ever carried out. Much of the malware hides itself very carefully after it is loaded into a victim system, and then it deletes itself when an attack is finished. Perimeter security is ineffective in countering these threats. Cooperation and information sharing among government agencies is vital in dealing with these threats, but neither is happening. The full story is at http://www.federalnewsradio.com/?nid=169&sid=1415201.
I’ve already written about this general topic—see http://www.high-tower.com/blogs/gschultz/strategies-for-dealing-with-latest-cyberattacks-the-need-to-reinvent-the-wheel/. But Jeanie has contributed a good deal of valuable additional information. Because statistics indicate that increasingly fewer cyberattacks have been occurring, the temptation to relax one’s guard (in particular by allocating fewer resources to address the problem) grows. However, there is more need now than ever to resist this temptation. Metrics such as the number of attacks thus do not accurately depict what is really happening. Additionally, individuals are increasingly the targets of attacks, yet I wonder how many US government agencies have actually considered and dealt with the potential value of what each employee and contract knows in their risk analyses and security control strategies. The fight against cyberperpetrators is now not so much on a network-by-network basis, nor on a system-by-system basis, but rather on the level of individuals and the knowledge they possess—a very problematic shift in today’s security risk landscape.
Where is all this going? Government agencies now need to cooperate with each other more than ever before, but they are not doing so. Lack of cooperation among government agencies is really nothing new. For many years, or at least as long as I can remember, government agencies have not cooperated with others. When I managed the DOE’s incident response team, I remember plenty of cooperation from NASA and the Department of Defense, but not from many others. Why? Frankly, bureaucratic barriers with governments are almost insurmountable. Additionally, to survive, agencies need to hold on to power as strongly as they can. New information, especially information about international espionage attempts, translates to power; to share it thus means to dilute one’s power.
The good news is at least that the DOE is attempting to counter the problem by using systems that capture all email messages, inspect them on the basis of the likelihood that they contain malware, and, if appropriate, quarantine them for more analysis. The bad news is that the cyberattacks that are occurring will continue to change over time to avoid today’s detection technology. And there is no end in sight. As was once said, may the times in which you live be interesting. Clearly, in today’s cyberworld this wish has been fulfilled.