Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

6/26/2017
07:00 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

The New Nation-State Normal

Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.

<p.When it comes to weapons, military organizations lead the way. Look at any weapon currently used in civilian law enforcement, personal protection, hunting or sports, and you'll see something that can trace its roots back to the battlefield. That same progression has made its way to the networks and computers on which we work.

If you've looked at the news in the last six month or so, you know that there is compelling evidence that hackers in, or sponsored by, Russia launched a sustained attack against the US federal election in 2016. In December 2016, the power grid in Ukraine's capital Kiev was hit by hackers from Russia in a successful attack that disrupted power to the city for two days. According to a superb article in Wired, the attack in Ukraine was just a taste of what we should now think of as the "new normal."

What, precisely, are security professionals to make of all this? The general public seems split between two responses. Either they're taking their panic in the direction of off-grid "prepper" bunkers away from the Internet and the coming collapse of civilization, or they're pretending nothing is happening because it's so scary and complex that they just can't think about it. Security professionals don't really have the option of doing either, so what is to be done?


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

I think the first thing to do is decide whether your organization is likely to be a direct target of nation-state attacks. To be honest, if you're in a business like critical infrastructure then you've already got plans in place to fend off and respond to the kind of hacks that take down power grids and financial systems. The real urgency comes for businesses that aren't obvious targets. There are three levels of concern with a different set of responses for each.

Level 1: The critical infrastructure you depend upon is hit
So you're not a bank or an electric utility but you probably use the services of at least one of each, and your business would suffer if you couldn't use those services. How do you prepare? Redundancy is your friend. And remember, we're not just talking about multiple paths into a single point of failure: While you're always going to have primary relationships in finance and other services, have secondary providers in place with as much geographical and logical space between primary and secondary as possible.

For the electric power grid, by the way, this means that your secondary is a generator with a lot of fuel and a careful maintenance plan. For internet access, it's a second provider that uses a different upstream provider than your primary. And your secondary bank should be part of a different Federal Reserve region than your primary. When it comes to redundancy planning, paranoia is a virtue.

Level 2: You're not a direct target, but you become "collateral damage"
Some cyber weapons are sniper-like in their precision. Others are more like shotguns or hand grenades. If the second type of weapon is in use, then your systems could be hit and damaged even if they're not the primary target. To prepare yourself, make sure you have a solid backup and recovery plan and look carefully at business continuity services with a well-defined "big red switch" for moving your operation.

It should be noted that most of the "big hacks" take advantage of un-patched vulnerabilities that have existed for some time. In most cases, the vulnerabilities have been patched, but the victims have not applied the patches or updates. Your strategy: Patch and update as quickly as possible. If you have critical applications that depend on particular features of older operating systems, then have an emergency sandbox procedure in place to allow for rapid trial and updates. And for heavens sake, have your perimeter defenses in place and up to date. They really do matter.

Level 3: You become a direct target
Welcome to the big league! You're going to be fending off a zombie horde with nothing more than your pluck and spunky determination, so hunker down and get ready. Assuming you've done everything mentioned in levels 1 and 2, then your call here is to partners: Your ISP, your CASB provider and your cloud partners. Let them know what's going on (though they'll likely know that somethingis wrong), and enlist their help in fighting it. Better yet, have plans in place to call on them and rehearse those plans a couple of times a year.

While it's unlikely that you'll escape completely unscathed if you find yourself a target, you can minimize the damage and keep the business afloat; you just have to plan for the worst and be willing to declare an emergency as early as possible. Don't let pride become the anchor that sinks you in a nation-state cyber storm.

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13151
PUBLISHED: 2020-08-05
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use ...
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...