Thursday, December 17, 2020

This is much bigger than anybody thought

If you want to read something really depressing – or if you don’t really want to, but you know you have to – then read these two articles about the SolarWinds attacks. The first is by Christian Vasquez of E&E News, discussing the impact on the energy industry. This came out before news that DoE, Los Alamos and Sandia National Labs, and the National Nuclear Safety Administration were attacked.

And FERC was attacked as well. Politico says “The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.”

The second article is an opinion piece in the NY Times, written by Thomas Bossert, former homeland security advisor to President Trump. One of its most important points is that the Russians have been inside some very important networks for many months. They have had the chance to take out lots of data and insert a lot of new malware (not the Sunburst malware, of course. That’s what got them in the door, but they have known all along that once this was be discovered, it would immediately be blocked). 

With so many networks now untrusted, a number of critical networks (all of them?) will need to be completely rebuilt, with of course lots of care to make sure that any compromises on the current networks are just transferred to the new ones.

I’d say the most depressing part of this article is these three paragraphs:

President Trump is on the verge of leaving behind a federal government, and perhaps a large number of major industries, compromised by the Russian government. He must use whatever leverage he can muster to protect the United States and severely punish the Russians.

President-elect Joe Biden must begin his planning to take charge of this crisis. He has to assume that communications about this matter are being read by Russia, and assume that any government data or email could be falsified.

At this moment, the two teams must find a way to cooperate.

Will that happen?

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

No comments:

Post a Comment