Greetings from Kartikay on the cybersecurity team. My colleagues and I have spent the last month exploring the depths of one of the most brazen nation-state cyber-attacks on record. One astounding possibility remains: It could be vastly bigger than we know. U.S. officials and cybersecurity experts believe the SolarWinds attackers were elite operatives carrying out a Russian espionage operation targeting the American government and entities close to it. Yet, nearly a month after we first learned of the sprawling campaign, intelligence gaps persist, ones that will likely take at least a year to close under the Biden administration, if they ever do. Researchers started to piece together a picture of the intrusion using information found in the networks of U.S. agencies and companies. But there's another potential group of victims who haven't yet disclosed any attacks, in part because they may not yet know. That's America's critical infrastructure, which includes everything from bridges and airports to the electrical grid and hydroelectric dams. When nation-states target these networks, capable of powering machinery on or off or diverting resources from one portion of a system to another, the results tend to be far more damaging than pure espionage. Like the IT systems of FireEye Inc. and government agencies, critical infrastructure systems were exposed to the Orion software from SolarWinds that was compromised by the hackers and used for further attacks. The hackers, believed to be tied to the Russian government, installed malware in Orion updates that was received by as many as 18,000 SolarWinds customers. It gets worse. Only a small fraction of global infrastructure operators has the ability to survey the scope of their exposure to such an attack, said Rob Lee, founder and chief executive officer of security firm Dragos Inc. In some cases, utilities had no idea Orion—among the most popular network monitoring platforms—was even in their network, Lee said. "And in most cases, customers don't have the visibility or monitoring to know what to do, or know what happened." Reports from critical infrastructure on their exposure to the hack range from "don't know" to, "I think something happened, but I don't know what," said Tony Turner, vice president of security solutions for Fortress Information Security, which works with infrastructure operators. The U.S. Cybersecurity & Infrastructure Security Agency has identified critical infrastructure as an active target in this attack, while the Department of Energy is investigating a breach of the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, according to Politico. So what do operators of industrial control systems do if they've been using SolarWinds all of this time? Assume they've been compromised, that the backdoor is open, said Lee. "We're dealing with espionage today; we don't know that they don't want to do something disruptive later." —Kartikay Mehrotra, with Will Wade |
Post a Comment