Back to news

April 27, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

In chaos, there’s opportunity … and that’s bad news

James Yeager

This year is only four months old and it's already one for the history books — and not in a great way.

As the defense community works in tandem with the broader government to keep citizens safe and healthy, cybersecurity threats are only becoming more aggressive.

If we've learned anything about cyber adversaries, it's that they will seize on any opportunity to gain an advantage in targeting their victims, including exploiting the fears of the public during a global pandemic. As COVID-19 has moved from the East to the West, adversaries have followed suit, using lures that play into people's desperation for information on the disease. In “The Art of War,” Sun-Tzu said“In the midst of chaos, there is also opportunity.”

The COVID-19 virus is infecting more than just people. The pandemic has created chaos and handed adversaries an irresistible opportunity to exploit the situation to gain entry into our networks, whether that's to steal intellectual property, disrupt operations, or gain a strategic advantage if they are a nation-state actor.

Already, we are seeing an increase in phishing campaigns using COVID-19 as a hook to launch malware in emails disguised as alerts. Particularly vulnerable are the thousands of remote workers — government employees and contractors alike — who are using their own home networks, which are largely less sophisticated and secure than their work environments.

The stakes are high, particularly for those in defense jobs, where an errant click can have devastating consequences. Coincidently, 2020 is the year when the DoD's Cybersecurity Maturity Model Certification has grown teeth and will force more than 300,000 defense contractors to up their cybersecurity game or face bottom-line consequences. Now is not the time to make mistakes.

In CrowdStrike's recent Global Threat Report, we captured and analyzed real-world inputs from observed trends in cyber-attacks on commercial and government enterprises. The following are some of the notable attack vectors and trends we observed across the public sector during 2019:

  • An escalation in ransom demands, including ransomware attacks on defense supply chain providers, schools and local municipalities.
  • Surpassing the volume of malware attacks are malware-free attacks that use code which executes from memory or stolen login credentials.
  • Continued state-sponsored targeted intrusions aimed at the government and defense sector. In fact, we have witnessed adversaries exploiting fear around COVID-19 to socially engineer their way to user credentials and sensitive data.

In the months ahead, I contend we'll see many more of the same tactics from the same bad actors: Russia, China and newer players on the block, such as Iran, which has leveraged U.S. social media platforms to develop information operations campaigns.

Amidst massive change, periodic chaos and long-term disruption, the defense community — government and industry — must put a premium on speed. Speed to detect. Speed to investigate. Speed to mitigate. We recommend that agencies and companies implement cybersecurity practices that follow the 1-10-60 Rule: detect intrusions within 1 minute; investigate and gain a comprehensive understanding of the attack within 10 minutes; and contain and remove the threatening adversary from the network within 60 minutes.

This benchmark will limit the damage caused by inevitable attacks. Yes, inevitable. Cyberattacks are a constant and while building a bigger, wider and thicker wall may help keep bad actors out, they are persistent and determined enough to eventually get in, and when they do, you're on the clock.

This year will only get worse as the impacts of COVID-19 will be deep, damaging and long-lasting. We're all faced with loss and uncertainty as we attempt to recover from the global pandemic. For the defense community, there is no time to recover and regroup. You are already on the clock, as those who wish to do our nation harm are already hard at work.

https://www.fifthdomain.com/opinion/2020/04/24/in-chaos-theres-opportunity-and-thats-bad-news/

On the same subject

  • Is U.S. A&D Sector At Risk Of Chinese Investors Flooding In?

    June 4, 2020 | International, Aerospace

    Is U.S. A&D Sector At Risk Of Chinese Investors Flooding In?

    Does Western aerospace and defense need to be better protected against Chinese investment? Should Washington directly invest in the U.S. defense industrial base? Does anyone know how a nationally... https://aviationweek.com/aerospace/manufacturing-supply-chain/us-ad-sector-risk-chinese-investors-flooding

  • We prepared for war, but should have spent our money elsewhere

    June 11, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    We prepared for war, but should have spent our money elsewhere

    By: Laicie Heeley As the host of a national security podcast literally named “Things That Go Boom,” I spend a lot of my time thinking about what keeps us safe. And usually these thoughts are pretty focused on big, obvious threats — things like bombs. But with the world seemingly imploding, a global pandemic spreading, nationwide protests against police brutality erupting and world economies tanking, it's clearer than ever that we've been preparing for the wrong crisis. You could say we were preparing for World War III, when we got hammered by World War C. Staying safe means recognizing what threats we're facing — the ones we're expecting and the ones that might catch us off guard. But we didn't do that. Instead we invested hundreds of billions of dollars in weapons and wars while the coronavirus slipped silently and invisibly across our borders, into our homes and even onto our military aircraft carriers. The greatest threats of the past decade have come in the form of a deadly virus, climate-related natural disasters, economic meltdowns, and attacks on free and fair elections. So why are expensive weapons systems and massive military installations still a foregone conclusion? America spends over $700 billion a year on our national defense. That's about a sixth of our overall budget and more than health care, education and all the rest of our discretionary spending combined. And the money is solid, meaning that most of the time, it's not subject to normal swings in the economy. Things are bad? We can't let the military feel the pain. Things are good? The military has to prepare for the next big threat. Bad or good, it's always a great time to invest. You can't put a price tag on security, they say. And they don't. According to the Watson Institute's Costs of War Project, America's war on terror — which now spans more than 80 countries — has cost taxpayers over $6 trillion since 2001, with no signs of slowing down. And in its latest budget proposal, the Trump administration proposed spending $20 billion more on military programs than on all other federal programs combined. Conversely, in 2018, the Trump administration cut the Centers for Disease Control and Prevention's budget by 80 percent, forcing it to scale back its efforts to prevent epidemics in 39 of 49 countries, including China. These and other major cuts to global health spending left the U.S. unprepared for the crisis we're facing now. As vital American businesses — from my son's preschool to our friends' farm — struggle to survive, the defense industry has unsurprisingly had no such problem. In late April, for example, some contractors received a windfall of business when the State Department approved over $2 billion in weapons sales to repressive regimes like India, Morocco and the Philippines, with more supposedly on the way. The defense industry is doing so well in fact that it is showing up on investment lists as an example of one of the best places to “hedge in hard times.” Despite their already deep financial pockets, Congress decided to give these huge contractors billions of dollars in coronavirus relief funds. This comes as a bit of a surprise when you consider that the Pentagon just recently diverted $13.3 billion in unused funds for the construction of the president's border wall. And the first-ever audit of the Department of Defense revealed that it failed to spend almost $28 billion from 2013-2018, all the while asking for more funding. Unfortunately, experts believe this money, which is supposed to be used to help keep workers safe and employed, will instead only help make the companies' executives richer. We're already seeing this play out. Deemed “essential workers” due to the pending arms sales, workers in these manufacturing plants recently went on strike after they were forced to go to work even as a number of their colleagues tested positive for coronavirus. Flush with additional resources from a growing military budget, and as other departments' budgets have been cut, the Pentagon has also become deeply embedded in domestic affairs. Last year, Defense Secretary Mark Esper went so far as to proclaim election security a core part of the Pentagon's mission, despite the hesitance of past officials to allow such forms of military creep. The separation of the civilian and the military is one of the hallmarks of our democracy. The breakdown of these norms isn't good for our country, and it isn't good for the Pentagon, which has already sounded the alarm on what the military can — and cannot — do to deal with the pandemic. What's more, the migration of funds to the Pentagon saps other agencies of vital and limited resources. By many accounts, it also makes us worse at winning wars, as the Pentagon foregoes more focused and essential strategic planning in favor of a do-it-all, buy-it-all reality. Consider that some estimates put the annual cost of eradicating homelessness in the United States at about $20 billion, and the cost of eradicating hunger in America at about $26 billion. And consider, in the midst of an outbreak, that we could buy 2,200 ventilators for the price of one F-35. It doesn't have to be this way. While some may see the Pentagon budget as a sacred cow, it's not. Reconsidering our spending to invest more heavily in the programs that really keep us safe is not only possible, but long overdue. https://www.defensenews.com/opinion/commentary/2020/06/10/we-prepared-for-war-but-should-have-spent-our-money-elsewhere/

  • Pentagon’s Shyu to discuss missile defense partnerships with Australia

    August 29, 2023 | International, Aerospace

    Pentagon’s Shyu to discuss missile defense partnerships with Australia

    Heidi Shyu said a visit to Australia this summer started a conversation about how the two countries might partner on air and missile defense projects.

All news