A Successful Solar Winds Investigation

Uploaded on 2021-02-17 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Washington loves commissions and formal investigations. It’s often political blood sport with more heat than light. But some are, on a rare occasion, enlightening, instructive, and sometimes positively prospective with excellent recommended changes for the future.

In the past 20 years alone in the Intelligence arena, I have seen the 9/11 Commission, the Iraq Weapons of Mass Destruction Commission (WMD), Enhance Interrogation review, and the Russian Election investigations.  The WMD was the best of the lot for its forward leaning viewpoint and suggestions and unbiased description of the underlying problems.  

As we embark on one of the first major cyber incident investigations - looking at the Solar Wind debacle -  let me tell you what a hardened observer thinks works and doesn’t work when it comes to these Washington events.

A Systemic Failure, Not Stupid People

First, spare us the public hangings. Yes, Solar Winds was a debacle on the order of the Snowden Affair.  Yes, there were people at Solar Winds, DHS, FBI, and NSA, that were supposed to be monitoring for such attacks.

But, I think you’ll find that they were either overwhelmed with their current responsibilities or dealing with a system not built to handle a new type of attack – not stupid or lazy people, but a systemic failure.  The system was simply not built to deal with the “new, new” and had not adjusted/reviewed its underlying assumptions about the fast-moving cyber world in which we now live.

Second, please do not haul out some sci-fi author, movie writer, or futurist who guessed it right.  Well done them – but their identification of “black swans” is more dumb luck than anything else and a source of distraction from dealing with the problem and fixing the system. DC loves its “stars.”  But they add nothing to the process.

Third, this is the time for quiet, expert forensics and expert reviews - not too many public hearings.  With my 40 years of DC experience, let me tell you that the open hearing, for the most part, are scripted Broadway shows designed to “show off” individuals and occasionally the progress and insights of the committee.  They add little to the process and distract the committee members and staff from doing their job – solving the problem.

Fourth, and this is crucial, figure out fast triage and recommend in tranches best practices to do what needs to be done to stop another Solar Winds – now!  Don’t wait for some big rollout of the practices.  It doesn’t fix the future. It leaves us unnecessarily vulnerable. The triage needs to be done now as you would a wounded person from ambulance to hospital. 

And like all wicked problems - which cyber security surely is - it can only be addressed and solved by people who are not part of the problems. You, investigators, are those people.

Name Names and Act Decisively

And, finally, name and recommend punishment for the perpetrators publicly.  We have a natural tendency to want to be quiet about our capabilities.  A sensible approach. 

But, this incident is beyond the norm - in my opinion close to cyber war - and needs major, directed action.  Not swift action necessarily, but well thought out actions.  Actions that hurt and remind future perpetrators that we will search you out and we will punish you.

I sincerely hope the new investigation works.  We need it to protect our country and show the world we are not cyber suckers.  But forensics, focus, and understanding of the players is what will work if we truly want change.

Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

Image: Unsplash

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« Spotless Data
New British Cyber Security Council »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.