Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/5/2018
06:25 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Mandia: Tipping Point Now Here for Rules of Cyber Engagement

FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.

Kevin Mandia believes cybersecurity has reached a critical juncture globally.

"My gut is everyone is escalating in cyber. It feels different now," said the CEO of FireEye in an interview this week about current nation-state hacking activity. "We're going to have to do something, have some kind of international dialogue."  

Mandia has watched nation-state hacking and online activity evolve since the 1990s when serving as a cybercrime investigator with the US Air Force. It has shifted, he said, from a purely espionage operation – often with the spirit of mutual respect on both sides of the wire – to a more destructive and increasingly dangerous game crossing once-respected spy rule lines. Case in point: Russia's aggressive efforts to influence the US presidential election, including strategically leaking stolen information from the Democratic side, was the culmination of a shift that first appeared in 2015, he said.

"There is no solution to cybersecurity," he said. "We're at this juncture. ... Especially when there are very good hackers in Russia, North Korea, China, and Iran. So it's going to take technology and people. Now we have added diplomacy: We've got to have the conversation."

That means either the United Nations or NATO taking the lead and drawing the "red lines" of cyber engagement. "People say it's too hard to define a red line; what is too far? But is it?" Shutting down a utility would be an obvious line crossed, he said. "This isn't hard," Mandiant said. "You just start somewhere."

Former US Secretary of State Madeleine Albright, who delivered the keynote at the FireEye Cyber Defense Summit in Washington, DC, this week, also expressed her support of established norms for the Internet to quell malicious use and abuse. "It will take cooperation, and we [the US] as the innovators are the ones who need to take the lead on this," she said during an on-stage interview with Mandia.

"I happen to believe that the Russians are interfering in our elections and trying to separate us from our allies by using information technology. And the Chinese are getting better and better at it," Albright said. "This is why we need to have rules of the game."

All it would take is setting "intolerable events" – hacking lines that can't be crossed and consequences for a nation that does so, according to Mandia. It's getting frighteningly close to a time when "if you see a video, you cannot believe what you saw, end of story," he said. "And you do not want nations taking action on 'fake news' [such as that]. I think we're coming close to a tit for tat" environment online among nation-states.

Nations have to "sit down and talk" about cyber norms, he added.

The Global Commission on the Stability of Cyberspace (GCSC) at The Hague, meanwhile, in September outlined five new norms of responsible behavior on the Net, with the goal of governments, companies, and other organizations adopting them as policy and law. Among the proposed norms are ones that call for curbing botnet creation and offensive cyber operations by nation-states. 

"They've got the right idea," Mandia said.

Teamwork
Meanwhile, Britain, The Netherlands, and the US last week all called out Russian GRU military officers and hackers for alleged criminal activities. The US Department of Justice indicted seven Russian military intelligence officers for allegedly hacking and disparaging international anti-doping organizations and officials with online leaks.

While Britain called out Russia for major cyberattacks, the Dutch government expelled four of the indicted Russians after catching them from their rental car hacking into the Wi-Fi network of the organization investigating a chemical used in the recent attack on a former Russian spy in Britain.

"A multinational calling-out of another country" – in this case, Russia – is key, Mandia said. "Multinational pressure is far better than one country doing it."

So far, Iran and China appear to be following specific rules of cyber engagement when hacking US interests. "Iran [does] have their rules of engagement, which are different in different geographies. They are abiding by those rules when they attack the US now," he said.

Mandia said he has seen China mostly remain true to the 2015 pact between former President Barack Obama and Chinese president Xi Jinping, which promised that neither nation would engage in cyber espionage for economic gain. 

North Korea, however, remains an enigma when it comes to its cyber operations. "I can't see a pattern there. I don't know what's next; I couldn't guess what's next," he said.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.