As news breaks about what looks to be a pretty large-scale hack, I have the utmost confidence in the @CISAgov team and other Federal partners. I'm sorry I'm not there with them, but they know how to do this. This thing is still early, I suspect. Let's let the pros work it.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.
If you’re a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team. Odds are you’re not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this.
I'd also be paying very close attention to what @CISAgov does next. They have authority to issue directives to Fed agencies to take cybersecurity steps. While those directives only apply to Feds, everyone else should follow suit.
Lots of foreign election influence news/drops this week. Here's one from @CISAgov, @FBI, & @ODNIgov highlighting a few tactics we're seeing from the "usual suspects" (Russia, China, Iran): narrative farming, AI generated images & Audio clips, hack & leaks, paying witting & unwitting cutouts (PR firms!) to spread messages, & flooding social media with content to create illusion of consensus.
So what do we do about this: 1) AI Companies need to monitor & disrupt abuse of platforms (in line w/ the Tech Accord to Combat Deceptive Use of AI) 2) Fed govt needs to ID & intervene in Foreign info ops 3) Election officials need to ramp up communications w/ voters on how elections work & where to get authentic info 4) We (the people) need to become harder targets, take a beat before getting riled up.
Remember, the majority of RU, CN, & IRN efforts target on existing divides, they're playing us against each other. If there's one thing most people hate is getting manipulated, and the Kremlin is trying its damnedest here...
No question there’s an acceleration of hostile action against foreign companies. A combination of new laws/regs and actual enforcement (evidenced by Bain/Capvision/Mintz raids) laying the groundwork for more of the same. Question for companies building out in China: You ready?
Concentration of power in Xi allies, “securocrats,” shows a shift in priorities. Courting foreign investment and build out now subordinated to internal control and boosting national champions (even if they’re not ready for prime time).
There’s a subplot in today’s RU/US exchange. Any time you do a deal with the Russians you have to think beyond the headlines. Diplomacy is messy and a bunch of other factors get woven in for more strategic, yet unrelated objectives.
The Kremlin uses prisoner exchanges, among other things, for domestic & Intl narrative shaping & influence ops. Worth noting they’ve long stoked racial divisions here and cracked down on LGTBQ communities at home. Not really breaking news but yeah, BG was a pawn here.
While there’s legit conversation on whether this was a good deal. (IMO not great, but you bring Americans home where you can. Opinions vary on the cost and how Whelan fits). But recognize there’s a game being played by Putin, w/ actions & responses gamed out on both sides.
The Moore County, NC substation incident is just another in a string of attacks on the US grid. In the last 3 weeks, there've been 6 incidents at substations in the Pacific NW per industry experts. 2 involved gunfire (others vandalism & arson). But they had little impact.
We're still trying to figure out what happened in North Carolina (& out west). It could be local rubes taking potshots (happens all the time, actually). But the timing of attacks on 2 substations targeting the *right* equipment, suggests something more coordinated & concerning.
Concerning b/c domestic extremists are targeting the grid to cause chaos (or worse). In fact, in January DHS alerted industry partners to this threat per media reports. The alert indicated there'd likely only be limited damage, absent insider help or technical knowledge.
I'd like to highlight a couple notable election-related alerts from @CISAgov & @FBI this week, put in context some recent news, & frame my main areas of concern for threats to the 2022 election (NB: it's not just "Midterms", as there are statewide elections).
1st, this alert from Monday reinforces prior govt position no cyber activity has prevented voting, affected counting, affected integrity of voter info. It goes further, stating that it's *unlikely* cyber itself would disrupt/prevent an election. cisa.gov/sites/default/…
That's a stronger line than I've seen before, though I've long held this view. Mainly b/c the layered controls in place & the overall resilience of the voting process (hooray for paper!) to spot/stop/prevent. Moreover, affecting the vote at scale undetected is nearly impossible.
Really loving this alert from USG as it's a timely reminder China security services are still incredibly active against targets in their core areas of interest (intelligence, economic espionage, influence, & positioning for disruptive operations).
It's timely from where I sit because as @alexstamos & I have briefed a bunch of Boards & execs lately, (where most are interested in Russian threats), we're seeing an increasing interest at the Board/C-level in risks posed by China BECAUSE of Russia's invasion of Ukraine.
My line of late has been: "You know your product, your TAM, your competitors, but do you know how the rest of the world, including the Chinese security services, see you? How you might fit into their agenda or help advance their objectives." Sometimes their response is why us?