
NATO and Ukraine in the Trump 2.0 Era
EXPERT INTERVIEWS — While the North Atlantic Treaty Organization (NATO) has long counted the United States among its most generous and loyal members, many NATO nations […] More
OPINION — Two events last week made me more aware than ever of the danger to individuals and to governments from the internet.
First, I was hacked by a scam that froze my computer and then, hackers claiming to be contractors for my service, wanted several hundred dollars to provide a firewall that I already had. It took assistance from my local Computer Geeks group to clean up the problem and explain how often such scams take place.
Second, was a revelation I had after a Center for Strategic and International Studies (CSIS) webinar featuring Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) and General Paul M. Nakasone, who runs both U.S. Cyber Command and the National Security Agency (NSA).
When asked what responses have been put in place if a major event such as the May 2021 Colonial Pipeline hacking took place again, Easterly referred to what was done when “Log4Shell” occurred – which was a serious vulnerability contained in open source software that was incredibly easy to exploit.
It involved a vulnerability in Apache Log4j2, a popular Java library for logging error messages in applications. The vulnerability, which quickly became known to malicious actors, enabled remote attackers to take over any Log4j2 user’s internet-connected service.
Apparently, the Chinese company Alibaba first reported the problem to Apache in late November 2021, but it was not until December 9, 2021, that Apache informed its users. What followed was what one security expert called “an exploit storm,” with some 50,000 scams or exploitation attempts made within nine hours, expanding to 100-per-minute. It quickly grew to over one million, because most Java users did not know they had that Apache Log4j application.
Easterly explained that after the Apache disclosure in December, CISA marshaled the Federal government on the Log4j problem. “We were very worried about incursions on federal or civilian networks or ransomware” and worked together to ensure we were putting out authoritative guidance – how do you find this vulnerability and how do you mitigate it.”
The Cipher Brief hosts expert-level briefings on national security issues for Subscriber+Members that help provide context around today’s national security issues and what they mean for business. Upgrade your status to Subscriber+ today.
She explained how CISA had “led the Federal response working with all our partners, terrific collaboration with the technology and with the researchers that gave us amazing insights into what they saw across the eco-system.”
The result, Easterly said, showed wider cybersecurity cooperation over the past year with the so-called “public-private partnership” enabling the transformation of “the whole idea of partnership into real time operational collaboration, so we are getting those insights so we can take those dots, connect those dots and we can drive them to the nation’s scale.”
On the international side, Easterly said she had been incredibly impressed by the Ukranian’s ability to withstand cyberattacks which she attributed in part to “the power of international partnerships.”
She said the U.S. had been working with the Ukrainian Emergency Computer Response Team, but also with “our partners from Latvia, Lithuania, Estonia, Poland, the Czech Republic, in a fantastic sharing platform to essentially get ahead of potential cyber activity. I think that’s also something that’s helped give us some insight of what could potentially happen here.”
For Gen. Nakasone, the lesson was, “How am I going to be able to bring that kind of action with a number of really important partners and synchronize it in terms of when we need it. We’ve learned a lot on that.”
Based on the idea that foreign allies had experiences that helped contribute to cyberattack responses, I looked at list of significant cyber incidents that CSIS maintains covering “attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.” The CSIS list described 96 such attacks worldwide so far this year.
Here for illustration, are those CSIS reported for September 2022:
As Easterly observed, “This is a borderless cyber space.”
Nakasone said in this type of international cyber warfare, “You judge your success by staying ahead of the adversary.”
He added, “That’s something we do very well at the agency [NSA] and the command [CYBERCOM], and trying to figure out the next act, the next tool, the next operation.” The success of the latter steps, he attributed to “the creativity of the people I work with.”
Easterly agreed, “At the end of the day it’s all about the talent of the people who are doing these operations — the defenders, the folks who are listening for intel, that are doing the hunt for admissions, that’s where the creativity lies and that’s going to enable us to be successful in protecting the nation.”
The Internet today is like a small town in the Old Wild West, with no sheriff yet controlling all of the evil doers drawn to that town.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Related Articles
EXPERT INTERVIEWS — While the North Atlantic Treaty Organization (NATO) has long counted the United States among its most generous and loyal members, many NATO nations […] More
BOTTOM LINE UP FRONT — Two utterly different events, in two very different parts of the world, have raised fresh concerns about a return to […] More
EXPERT PERSPECTIVE — When The Cipher Brief looked at the global security landscape for 2025, Greenland didn’t rate a mention. That was probably true of new […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
DEEP DIVE – The Office of the Director of National Intelligence (ODNI) is a relatively recent addition to the institutional architecture of the U.S. Intelligence […] More
DEEP DIVE — For years, Iran’s Islamic Revolutionary Guard Corps (IRGC) has tried and failed at all sorts of half-baked schemes to eliminate enemies living in […] More
Search