A Successful Solar Winds Investigation

Washington loves commissions and formal investigations. It’s often political blood sport with more heat than light. But some are, on a rare occasion, enlightening, instructive, and sometimes positively prospective with excellent recommended changes for the future.

In the past 20 years alone in the Intelligence arena, I have seen the 9/11 Commission, the Iraq Weapons of Mass Destruction Commission (WMD), Enhance Interrogation review, and the Russian Election investigations.  The WMD was the best of the lot for its forward leaning viewpoint and suggestions and unbiased description of the underlying problems.  

As we embark on one of the first major cyber incident investigations - looking at the Solar Wind debacle -  let me tell you what a hardened observer thinks works and doesn’t work when it comes to these Washington events.

A Systemic Failure, Not Stupid People

First, spare us the public hangings. Yes, Solar Winds was a debacle on the order of the Snowden Affair.  Yes, there were people at Solar Winds, DHS, FBI, and NSA, that were supposed to be monitoring for such attacks.

But, I think you’ll find that they were either overwhelmed with their current responsibilities or dealing with a system not built to handle a new type of attack – not stupid or lazy people, but a systemic failure.  The system was simply not built to deal with the “new, new” and had not adjusted/reviewed its underlying assumptions about the fast-moving cyber world in which we now live.

Second, please do not haul out some sci-fi author, movie writer, or futurist who guessed it right.  Well done them – but their identification of “black swans” is more dumb luck than anything else and a source of distraction from dealing with the problem and fixing the system. DC loves its “stars.”  But they add nothing to the process.

Third, this is the time for quiet, expert forensics and expert reviews - not too many public hearings.  With my 40 years of DC experience, let me tell you that the open hearing, for the most part, are scripted Broadway shows designed to “show off” individuals and occasionally the progress and insights of the committee.  They add little to the process and distract the committee members and staff from doing their job – solving the problem.

Fourth, and this is crucial, figure out fast triage and recommend in tranches best practices to do what needs to be done to stop another Solar Winds – now!  Don’t wait for some big rollout of the practices.  It doesn’t fix the future. It leaves us unnecessarily vulnerable. The triage needs to be done now as you would a wounded person from ambulance to hospital. 

And like all wicked problems - which cyber security surely is - it can only be addressed and solved by people who are not part of the problems. You, investigators, are those people.

Name Names and Act Decisively

And, finally, name and recommend punishment for the perpetrators publicly.  We have a natural tendency to want to be quiet about our capabilities.  A sensible approach. 

But, this incident is beyond the norm - in my opinion close to cyber war - and needs major, directed action.  Not swift action necessarily, but well thought out actions.  Actions that hurt and remind future perpetrators that we will search you out and we will punish you.

I sincerely hope the new investigation works.  We need it to protect our country and show the world we are not cyber suckers.  But forensics, focus, and understanding of the players is what will work if we truly want change.

Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

Image: Unsplash

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« Spotless Data
New British Cyber Security Council »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

WeVerify

WeVerify

WeVerify is a platform for collaborative, decentralised content verification, tracking, and debunking.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.