Saturday, June 30, 2018

I’ve Got No Secrets!

We already know that dedicated hackers can pretty much have their way with individuals’ Internet and computer accounts. There are constant reminders from some of the biggest commercial and non-profit organizations that their encrypted data, usually containing some very personal information concerning ordinary consumers, is increasingly hacked. Data, credit card information, medical histories, sensitive personal information, etc. is then bought and sold on the dark Web by nefarious traders, many of whom are in distant lands or living in a virtually untraceable anonymous cyber world.
Each year, billions and billions of dollars are stolen from cyber-linked accounts. Gone, gone, gone! Ransomware generates additional revenues for the criminal element. Not to mention governments – like North Korea – that generate massive income for themselves by cracking into private accounts (bitcoin theft is quite popular) to siphon off money. OK, so we know that the private cybernet world is rather dramatically vulnerable. Our financial systems could fall fast. A hardened enemy is also currently able to take down most of our power grids (inflicting damage that would take years to fix), as several “from Russia with love” exploratory intrusions have proven. All that is pretty terrible, but we have to have consummate security in our government’s most secret information, right?
We’ve seen how federal personnel records have been purloined, compromising information that a foreign power could easily use to figure out our weak links, where the most vulnerable federal agents live and what their weaknesses are. WikiLeaks has released thousands of pages of supersensitive governmental communications to the world. Some of most secret military weapon systems have been hacked, compromising us at every level. Russia, China and North Korea are the most cited culprits, but the Russian cyber-espionage force (overt and clandestine) are far and away the most advanced operators.
Apparently to avoid having to admit that Russia materially aided his 2016 election, even as the Trump-Putin Helsinki summit planned for July 16th approaches, Donald Trump still takes Putin’s word that Russia did not, is not and will not use its hacking skills and ability to spread malicious disinformation to further polarize the American body politic and influence our elections… even as Congress and our every national security and intelligence agency says Russia is escalating its efforts even beyond their wild success in 2016. The net impact is that Russia does not have to worry about Trump’s prioritizing constraining their planned cyber-political disruptions anytime soon.
That’s a problem. A very, very big problem. Not only does this threaten our democratic institutions and open biased individuals to vent their often “conspiratorial” biases within the political process, but the kinds of defenses we need – those that would parallel containing cyber-political interference – are insufficient within our own governmental agencies to halt data breaches and internal manipulations as to some of this nation’s most vital military and national security interests. You just might be surprised at how governmental agencies are interconnected… and how easy it is to use one agency’s vulnerabilities to access sensitive data in another governmental agency.
Barbara George, PhD, retired military office and executive director of the Washington Cyber Roundtable with a background in national security, cybersecurity and communications, and strategic planning, writing for the June 29th The Cipher Brief, explains: “Protecting the technology networks connecting more than two million employees working in over 400 government agencies serving about 325 million Americans is a herculean feat. In May, the Office of Management and Budget (OMB) released a report stating 74 percent of these federal agencies are at ‘high risk or risk’ of facing a cyberattack. However, because of the interconnected missions and nature of government networks, if one agency is vulnerable then all are in jeopardy. The solution is not simply for one cyber czar to shepherd those on the National Security Council (NSC) towards sound cyber policy, but rather broadly fostering a government leadership culture that automatically considers cybersecurity when discussing security issues and policy actions.
“While it may initially seem beneficial to have a cyber champion in the room during national security discussions with the president, it is better if everyone at the table is a cyber advocate. This means department secretaries should be in lockstep with their own cyber experts. Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) need to have a seat at the table with department leadership. Unfortunately, in the government most CIOs do not report directly to the secretary or deputy secretary, which is considered industry best practice, and it will take more than just issuing an executive order to make this a reality. By not including CIOs and CISOs in enterprise discussions, agencies are not exercising holistic approaches to cyber security…
“The key stakeholders based on role are:
• For asset response: the National Cybersecurity and Communications Integration Center (NCICC) within the Department of Homeland Security (DHS)
• For threat response: the National Cyber Investigative Joint Task Force (NCIJTF) within the Federal Bureau of Investigations (FBI)
• For intelligence support: the Office of the Director of National Intelligence (ODNI) through the Cyber Threat Intelligence and Integration Center (CTIIC)
• For managing incident effects on operations, customer and workforce the government will turn to the private sector
“The Cyber Incident Coordination plan was created in 2016, about seven years after the creation of the White House cybersecurity coordinator role, and has since shown tangible results. Following the PPD-41 protocols prevented the U.S. government from being significantly impacted by the WannaCry cyberattacks in 2016, one of the largest cyberattacks that impacted at least 150 countries and 200,000 computers. These efforts were spearheaded by DHS through the NCCIC, not the White House cybersecurity coordinator. As presented at the RSA Conference, the NCCIC credits strategic relationships and global information exchange as key to the successful WannaCry response.
“Rather than focusing on correcting embedded obstacles and praising proven processes, response to the Trump Administration’s decision to eliminate the cybersecurity coordinator role honed in on politics. Nevertheless, agencies with the responsibility and mission will continue to build capacity to address cybersecurity challenges. DHS is continuing to improve its approach to cybersecurity and released its cybersecurity strategy the same day the White House eliminated the cybersecurity coordinator position. Interagency cooperation is not a new concept and together the government can and will move forward to reduce the Nation’s risk of systemic cybersecurity and communications challenges.”
So what does this all mean? While we are improving slightly, we are still woefully uncoordinated and unprepared for cyber-penetration into our federal systems by a determined and sophisticated intruder. Even as recently updated, our legacy systems and practices remain ill-suited to the task at hand and too influenced by political considerations that place the personal interests of the President over the obvious efforts needed for an effective response.
I’m Peter Dekom, and none of this really matters… until it really does on a massive scale.

No comments:

Post a Comment