The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem — GCN

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

10 ways to recharge cybersecurity ops centers

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network management product. SolarWinds sells software that organizations use to manage their computer networks. The hack, which allegedly began in early 2020, was discovered only in December when cybersecurity company FireEye revealed that it had been hit by the malware. More worrisome, this may have been part of a broader attack on government…


Space Force Looks to Boost Cyber Defenses of Satellites with Acquisition Reorganization

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The ongoing restructuring of Space Force acquisition authorities is designed in part to ensure proper cybersecurity testing and monitoring of new programs as they are developed and deployed, a senior Space Force procurement official said May 10.

The stand-up of Space Systems Command, and it’s absorption of the Space and Missile Systems Center (SMC), details of which were unveiled last month, was advertised as an effort to increase the speed and agility of Space Force acquisitions.

But in a lunchtime keynote at the CyberSatDigital event on May 10, Cardell DeLaPena, program executive officer for Space Production at SMC, stressed that it was also intended to improve the resilience of Space Force overhead architecture against new kinetic and cyber threats.

“The reason why we’ve stood up … a separate Space Systems Command for acquisition, and launch, and architecting is to make that shift from today’s peacetime architecture, … an architecture which was never envisioned to conduct offensive or defensive operations,” he said. In its place, Space Force plans a new architecture that could survive kinetic and cyberattacks by near-peer adversaries. “To make that pivot,” DeLaPena added, “We integrate all of those responses to those threats to our satellites into an integrated architecture, which will achieve space superiority.”

The new architecture, DeLaPena said, would rely on digital twinning technology, more properly called model-based systems engineering, in which a detailed virtual model of a satellite or other complex system is built so that it can be attacked and its cyber defenses tested.

DeLaPena said that cyber threats to U.S. satellite systems would be addressed in detail in a classified session later in the week, but outlined a series of “potential threats” in the cyber domain, which he said the newly reorganized acquisition elements in the Space Force would be “testing against” before turning new products over to operational commanders.

“The types of threats we are looking for [are] things like insertion of rogue components—that’s more on the supply side—malicious software, electronic warfare…


US and UK Issue Joint Alert on Russian Cyber Activity

Critical Infrastructure Security
Cyberwarfare / Nation-State Attacks

SVR’s TTPs and General Tradecraft Detailed

US and UK Issue Joint Alert on Russian Cyber Activity

U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive

The U.K.’s National Cyber Security Center, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency say the SVR, through its threat group APT29, will continue to attack, so organizations need to understand the threat facing them.

“APT29 will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies,” CISA says in its own alert.

CISA attributed the SolarWinds supply chain attack that resulted in follow-on attacks on nine government departments and 100 private companies to APT29, also known as The Dukes, Cozy Bear and Yttrium. The agency notes that the SVR’s cyber operations have posed a…


Ethics of Cyber Warfare against Nation States | Articles

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Dear Editor, 

Ethics starts with determining the laws of war and trying to regulate what is considered legal in the eyes of international law. The additional protocols of the Geneva Convention in 1977 mentions the prevention of “an attack which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination of thereof, which would be excessive in relation to the concrete and direct military advantage anticipated” (ICRC, 1977).

As a nation state, national security is one of the most important duties that involve protecting the government and its people. In the beginning, national security pertained to various types of military threats, while cyber security became a late addition to ongoing threats that no longer requires a declaration before taking action. Regardless of time and location, attacks can be conducted at any moment as long as there is access to the cyber world.

Conducting an offensive cyber warfare on a nation state can raise severe ethical issues for the public. Being completely different from any type of conventional weapon, the general population is at the greatest risk of being exposed to the destruction of its economy, energy, food, and critical infrastructure. A state’s critical infrastructure is composed of physical, non-physical, and cyber resources or support services that are necessary for society and its economy to function at its minimum standard.

Stuxnet is one of the earliest forms of cyber warfare where it achieved its goal of hindering Iran’s nuclear program for roughly a year. It was able to “launch an offensive on four companies” (Zetter, 2017) that had connections with the nuclear program. Delaying the progress of a nation state’s weapon capabilities might be one of the very few ethical attacks. Meanwhile, near-peer adversaries such as Russia has shown capabilities to interfere with elections and government affairs throughout the world and reap the benefits of chaos and instability.

In a way, cyber warfare against nation states have been long underway due to being a subject of uncertainty and the lack of enforcement by any…