To answer this burning question, senior contributor Ted Koppel sat down with leading cybersecurity experts, including IronNet’s Co-CEO General (Ret.) Keith Alexander, to gain insights on the SolarWinds/SUNBURST incident speculated as a Russian cyber attack. As Koppel notes, “When it was finally, belatedly discovered, the outrage, for a few days at least, was epic.”
While the private and public sectors have come together for rapid incident response of this egregious backdoor attack, which infected more than 18,000 corporate and government networks, the question remains, Was this a traditional, massive espionage operation or a “cyber Pearl Harbor”?
Here is what General Alexander and other experts are suggesting:
- General (Ret.) Keith Alexander: “I think the real objective is to gain information; they want insights into what’s going on in our country.” Whether the Russians have planted “cyber landmines,” which would allow the adversaries to have access to critical infrastructure, is yet to be determined.
“There have been no insights yet as to the Russians actually setting landmines as opposed to gathering information, but we can think of this as the recon phase. During this point of intrusion, they could set up backdoors so they have a way of getting in and out of the networks.
“You don’t necessarily have to set up [cyber] landmines at that time; you would probably keep your information on those networks down low so that it’s not detectable, and just have the backdoor capability to get in, and then do something when the need arises.”
- Theresa Payton, former White House Chief Information Officer, points out in the segment, “This vulnerability allowed the nefarious cyber operatives to create what we refer to in the industry as ‘God access or a God door,’ basically giving them rights to do anything they want in stealth mode.”
- Richard Clarke, the first “cyber czar” of the U.S. and current Chairman of Good Harbor cybersecurity consulting company: “This is not just about an espionage attack. This is about something called preparation of the battlefield, where they are now able, in the time of crisis, to eat the software in thousands of U.S. companies.”
- Journalist David E. Sanger: “If [a hacker] went into your computer system just to read your email, that’s pure espionage. But what people discovered over time, was that the same computer code that enabled [hackers] to break into somebody’s system would also enable [them] to manipulate that system. … If the network was connected to an electric power grid, to a gas pipeline, to a water distribution system, to a nuclear centrifuge plant, you might be able to manipulate the data and cause havoc in those systems. And that’s much more than mere espionage.”
To catch threats at the reconnaissance phase, when the adversaries are dwelling on networks, is crucial — making visibility across public and private sectors in real time more critical than ever. As Clarke urges, “Neither the government nor the private sector can defend our networks alone. They have to work together.”
It is for this reason that IronNet continues to advocate for, and enable, Collective Defense as a model for detecting attacks with behavioral analytics, and sharing that information anonymously in real time, to provide member organizations early warning into unknown attacks potentially heading their way. Read about how IronNet detected the SolarWinds/SUNBURST behavior, as well as our ongoing observations about the attack.
Watch the full CBS Sunday Morning segment below.
*** This is a Security Bloggers Network syndicated blog from IronNet Blog authored by IronNet. Read the original post at: https://www.ironnet.com/blog/solarwinds-a-modern-day-pearl-harbor