Shawnee Delaney
Shawnee Delaney was a clandestine officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is a subject matter expert on insider threat and is the CEO of Vaillance Group.
Cipher Brief Expert Dan Hoffmanis a former senior CIA Officer, three-time station chief and former senior executive Clandestine Services officer. He is currently a national security analyst with Fox News. This column first appeared in FOX News Opinion on FoxNews.com.
Shawnee Delaney was a Clandestine Officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is currently the CEO of Vaillance Group.
OPINION — For Russia today, past is prologue.
The KGB was the vanguard of the Soviet Union. The Cold War was all about cloak and dagger espionage. Russian president Vladimir Putin served in the KGB and later as Director of Russia’s ruthless FSB security police. It should therefore come as no surprise that he is directing full throttled attacks on the U.S. in the unregulated, wide-open, man-made domain of cyberspace, which has become the backbone infrastructure of 21st century commerce and free expression.
The Kremlin allows criminal cyber hacking groups like DarkSide and REvil to homestead on its territory.
In April 2021, DarkSide launched a cyberattack on Colonial Pipeline, the largest fuel pipeline in the U.S., which was forced to shut down its network for days. DarkSide hacked into the network using a compromised password, encrypted files to deny Colonial Pipeline administrators access, and extorted the company with a five million dollar bitcoin ransom payment to restore service.
REvil conducted a destructive cyberattack in May 2021 against JBS, the world’s largest meat processing company. REvil struck again in July with a supply chain ransomware attack on Kaseya, which led to the compromise of over 1000 companies.
Most recently, Russian Intelligence, well known for hacking U.S. social media, the Democratic National Committee, and Secretary Clinton’s email server, penetrated SolarWinds operating systems and spread malware into its "Orion" security software, through which Russia gained a backdoor into SolarWinds’ 30,000 customers’ information technology systems, including major Fortune 500 companies. The Kremlin stole protected information from a panoply of private sector and U.S. government agencies.
Engage directly with Cipher Brief Experts on the national security threat posed by Russia at The Cipher Brief Threat Conference October 24-26 in Sea Island, GA. Seats are limited. Apply today.
Cipher Brief Expert Daniel N. Hoffman is a retired clandestine services officer and former Chief of Station with the Central Intelligence Agency. His combined 30 years of government service included high-level overseas and domestic positions at the CIA. Hoff man is an advisor to Vaillance Group.
Shawnee Delaney was a clandestine officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is a subject matter expert on insider threat and is the CEO of Vaillance Group.
OPINION — If there is one thing we have learned from doing business during the COVID-19 pandemic, it is the great benefits but also associated risks, of relying on cyberspace. A force multiplier for free expression and commerce, cyberspace is also an unregulated playing field subjected to exploitation from adversaries like China, Russia, Iran, and North Korea as well as criminals and terrorists.
Now more than ever, organizations are recognizing that no matter what technical controls and policies they have in place, it is the human threat (both internal and external) that is their greatest vulnerability. While use of the internet enables companies to get work done, it also leaves them and their employees vulnerable to exploitation.
The shift from working in an office, with security measures long in place, to a home environment has highlighted a new set of security risks to businesses including the use of personal unprotected devices, a general lack of cyber hygiene, and an ignorance of the vulnerabilities employees pose to their companies.
When we served in the U.S. Intelligence Community, being in the incident response phase - or “to the right of boom” – of a counterterrorism operation meant we had not collected enough of the disparate intelligence or perhaps did not analyze it properly in order to prevent an attack. In most cases, terrorists, like hackers, conduct reconnaissance before mounting an attack. Failing to detect enemy reconnaissance and learn about the threat, allows the attacker to enjoy the element of surprise.
For this reason, cyber savvy companies should focus on prevention during the pre-attack phase. But the first thing they should do is assume they will be (or already have been) successfully hacked and prepare accordingly. This also applies to the human threat - or insider threat.
Join The Cipher Brief March 23-25 for a three-day Virtual Cybersecurity Summit co-hosted by Cipher Brief CEO & Publisher Suzanne Kelly and former NSA Deputy Director Rick Ledgett, featuring Microsoft President Brad Smith, FireEye CEO Kevin Mandia, General David Petraeus, former PDDNI Susan Gordon, Silverado Policy Accelerator's Dmitri Alperovitch and a host of other public and private sector experts. Attendance is free and registration is required. Sign up today.
