If you want to read something really depressing – or if you don’t really want to, but you know you have to – then read these two articles about the SolarWinds attacks. The first is by Christian Vasquez of E&E News, discussing the impact on the energy industry. This came out before news that DoE, Los Alamos and Sandia National Labs, and the National Nuclear Safety Administration were attacked.
And FERC was attacked as well. Politico
says “The hackers have been able to do more damage at FERC than the other
agencies, and officials there have evidence of highly malicious activity, the
officials said, but did not elaborate.”
The second article is an opinion
piece in the NY Times, written by Thomas Bossert, former homeland
security advisor to President Trump. One of its most important points is that
the Russians have been inside some very important networks for many months. They
have had the chance to take out lots of data and insert a lot of new malware
(not the Sunburst malware, of course. That’s what got them in the door, but they
have known all along that once this was be discovered, it would immediately be
blocked).
With so many networks now
untrusted, a number of critical networks (all of them?) will need to be
completely rebuilt, with of course lots of care to make sure that any
compromises on the current networks are just transferred to the new ones.
I’d say the most depressing part
of this article is these three paragraphs:
President Trump is on the verge of
leaving behind a federal government, and perhaps a large number of major
industries, compromised by the Russian government. He must use whatever
leverage he can muster to protect the United States and severely punish the
Russians.
President-elect Joe Biden must
begin his planning to take charge of this crisis. He has to assume that
communications about this matter are being read by Russia, and assume that any
government data or email could be falsified.
At this moment, the two teams must
find a way to cooperate.
Will that happen?
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would
love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment