Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

6/26/2017
07:00 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

The New Nation-State Normal

Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.

<p.When it comes to weapons, military organizations lead the way. Look at any weapon currently used in civilian law enforcement, personal protection, hunting or sports, and you'll see something that can trace its roots back to the battlefield. That same progression has made its way to the networks and computers on which we work.

If you've looked at the news in the last six month or so, you know that there is compelling evidence that hackers in, or sponsored by, Russia launched a sustained attack against the US federal election in 2016. In December 2016, the power grid in Ukraine's capital Kiev was hit by hackers from Russia in a successful attack that disrupted power to the city for two days. According to a superb article in Wired, the attack in Ukraine was just a taste of what we should now think of as the "new normal."

What, precisely, are security professionals to make of all this? The general public seems split between two responses. Either they're taking their panic in the direction of off-grid "prepper" bunkers away from the Internet and the coming collapse of civilization, or they're pretending nothing is happening because it's so scary and complex that they just can't think about it. Security professionals don't really have the option of doing either, so what is to be done?


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

I think the first thing to do is decide whether your organization is likely to be a direct target of nation-state attacks. To be honest, if you're in a business like critical infrastructure then you've already got plans in place to fend off and respond to the kind of hacks that take down power grids and financial systems. The real urgency comes for businesses that aren't obvious targets. There are three levels of concern with a different set of responses for each.

Level 1: The critical infrastructure you depend upon is hit
So you're not a bank or an electric utility but you probably use the services of at least one of each, and your business would suffer if you couldn't use those services. How do you prepare? Redundancy is your friend. And remember, we're not just talking about multiple paths into a single point of failure: While you're always going to have primary relationships in finance and other services, have secondary providers in place with as much geographical and logical space between primary and secondary as possible.

For the electric power grid, by the way, this means that your secondary is a generator with a lot of fuel and a careful maintenance plan. For internet access, it's a second provider that uses a different upstream provider than your primary. And your secondary bank should be part of a different Federal Reserve region than your primary. When it comes to redundancy planning, paranoia is a virtue.

Level 2: You're not a direct target, but you become "collateral damage"
Some cyber weapons are sniper-like in their precision. Others are more like shotguns or hand grenades. If the second type of weapon is in use, then your systems could be hit and damaged even if they're not the primary target. To prepare yourself, make sure you have a solid backup and recovery plan and look carefully at business continuity services with a well-defined "big red switch" for moving your operation.

It should be noted that most of the "big hacks" take advantage of un-patched vulnerabilities that have existed for some time. In most cases, the vulnerabilities have been patched, but the victims have not applied the patches or updates. Your strategy: Patch and update as quickly as possible. If you have critical applications that depend on particular features of older operating systems, then have an emergency sandbox procedure in place to allow for rapid trial and updates. And for heavens sake, have your perimeter defenses in place and up to date. They really do matter.

Level 3: You become a direct target
Welcome to the big league! You're going to be fending off a zombie horde with nothing more than your pluck and spunky determination, so hunker down and get ready. Assuming you've done everything mentioned in levels 1 and 2, then your call here is to partners: Your ISP, your CASB provider and your cloud partners. Let them know what's going on (though they'll likely know that somethingis wrong), and enlist their help in fighting it. Better yet, have plans in place to call on them and rehearse those plans a couple of times a year.

While it's unlikely that you'll escape completely unscathed if you find yourself a target, you can minimize the damage and keep the business afloat; you just have to plan for the worst and be willing to declare an emergency as early as possible. Don't let pride become the anchor that sinks you in a nation-state cyber storm.

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31414
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
CVE-2021-26073
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
CVE-2021-26074
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
CVE-2018-19942
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QT...
CVE-2021-27691
PUBLISHED: 2021-04-16
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request...