The Awakening and What’s Behind President Joe Biden’s Executive Order on Cybersecurity
There has never been a more opportune time to implement a pro-active cyber-defense strategy against Nation-State grade level threats for both the public and the private sectors in the US. The recent wave of cyber-offenses on government entities, utilities and businesses have finally woken everybody up to the awareness of the increasing cyber threats and risks to US interests.
Last month, President Joe Biden signed an executive order designed to strengthen the nation’s cybersecurity posture and raise the standards in protecting computer networks and systems across the federal government and the enterprise. Among many important steps, the order requires the Homeland Security secretary to form a Cybersecurity Safety Review Board, co-chaired by senior officials from the government and private sector. The group is designated to convene after each cyber incident to analyze what occurred and provide practical methods to deal with them. Still, the best practice is for each organization to act before the next incident and implement proactive defenses on its own to prevent the devastating impact of an attack.
Then, the US Department of Justice kicked things up a notch by announcing that moving forward, it would be treating ransomware attacks with the same priority level as it handles terrorism cases. This, following the recent attacks on one of the world’s largest meat processing companies, JBS, and on Colonial Pipeline, a major oil pipeline for the East Coast of the US. Additionally, the White House sent out a warning to all companies to take “immediate steps” to increase their security, stating that any business could be targeted by foreign cyber criminals.
Furthermore, Congress, among many other legislative efforts related to cyber security, would now like to address the lack of federal requirement that companies such as meat processors have cybersecurity protections in place. It will take time, but eventually legislation and security compliance measures will help improve the security posture of government, critical infrastructure, and organizations in the private sector.
The Cyber Events That Got The Ball Rolling
Financially motivated criminal hacking groups DarkSide (Colonial attack) and REvil (JBS attack), are most likely based in Russia and Putin has continuously provided cover for them. The cyber-attack on JBS, shut down as much as 20% of the US beef production capacity; separately, Colonial ultimately had to pay a reported $5 million to DarkSide after it was hacked.
Another notable Nation-State grade level cyber incident that was carried out by a Russian backed group is the infamous SolarWinds hack that took place in December 2020. The cyber attack had global reach and many US government agencies were affected, including the US Energy Department (which controls the National Nuclear Security Administration).
The cyber attack took place almost a year before it was detected and was accomplished by inserting ‘back doors’ into the networks of dozens of companies, government agencies, and think-tanks across the US and beyond, and gaining persistent access; all through a software update provided by privately owned software company, SolarWinds. It appears that no data has been altered or deleted, or that the intrusion has resulted in any physical damage or destruction. The intent behind this intrusion is suspected to be a means of espionage and the NSA and the FBI have classified it as an ‘intelligence gathering’ effort.
Consider This. Proactive Cybersecurity Measures.
Even though the executive and legislative branches of government are finally beginning to take significant steps in the right direction to handle these threats, the best security practice for each organization, whether private or public, is to take immediate steps to protect itself against nation-state grade cyber threats such as these. In fact, there is a good chance your organization has already been penetrated long ago, you just do not know about it yet. Therefore, it is necessary to take proactive cybersecurity measures right away and to constantly try, test, and revise them.
The other thought to keep in mind is that each organization is different in its methods, workflows, structure, geography, culture, budget, and business practices. While compliance, security standards and regulations will be a welcome change, there are still many areas in which each organization will have to create its own security practices and make decisions that best suit its business needs.
Additionally, when designing cyber defenses, it is highly beneficial to look at cybersecurity threats and ransomware attacks from the attackers’ perspective and motivations. Then, based on the analysis, you can create security strategies that will be more targeted and best serve your organization and its unique needs. These should include proactive cyber defense programs consisting of advanced and sensitive detection elements, multi-faceted preventative countermeasures, threat intelligence gathering, a well-defined incident response program, deceptive techniques, and more.
Three Recommended Action Items For Cyber Resilience
One of the first things any organization can do is to conduct a thorough 360 degree risk assessment and work with professionals who truly know the craft of relentless, persistent hacking. While preparing your cyber assessment, there is an incredible advantage in thinking like a hacker rather than like a defender, because the mindset, methods and success benchmarks are quite different. Bottom line: If you remain unaware of your vulnerabilities, there really is not much you can do until it is too late.
Second, careful attention should be given to handling third party supply chain weaknesses. The SolarWinds intrusion can be used as a quick lesson for everyone involved with organizational security to ensure effective preventative measures are implemented and how important it is to understand the attacker’s motivations.
Third, it is recommended to build an approachable cyber security strategy that focuses on prioritization rather than achieving every item on a long list of possible threats that most likely will never affect your organization. This means carefully considering the risk landscape and vulnerabilities facing the organization, along with its critical business requirements, to be able to function smoothly and handle increasing workloads. The last thing anyone should do is secure an organization while completely crippling its productivity and growth. Security and business growth will have to co-exist in your organization for a long time. Prioritization also means that you handle the most critical vulnerabilities decisively and as quickly as possible, while creating a realistic timetable for the rest, and perhaps not handling vulnerabilities that are not relevant to your business at all.