Retour aux nouvelles

21 janvier 2021 | International, C4ISR, Sécurité

After huge hack, Biden security picks want more cyber coordination with industry

WASHINGTON — Two top national security nominees advocated Tuesday for stronger federal cybersecurity and increased collaboration with contractors in the aftermath of a supply chain breach that infiltrated numerous federal agencies.

If confirmed, retired Army Gen. Lloyd Austin and Avril Haines, President-elect Joe Biden's nominees for defense secretary and director of national intelligence, respectively, would start their jobs in the middle of the national security community's assessment of damage from a cybersecurity breach pinned on Russian hackers. They gained access through software from SolarWinds, a major government contractor.

“We must elevate cybersecurity as an imperative across the government in order to defend the American people and U.S. critical infrastructure,” Austin told the Senate Armed Services Committee in his answers to the lawmaker's advance policy questions. “Additionally, the government must continue to strengthen its partnership with the private sector to foster greater information sharing and collaboration.”

So far, federal investigators have discovered breaches at “fewer than 10” federal agencies, though the Pentagon and intelligence community haven't confirmed whether their offices were among the victims. Haines, who served as deputy CIA director and deputy national security adviser to President Barack Obama, found it concerning that the breach first came to light through cybersecurity company FireEye, instead of through U.S. government cybersecurity operators.

“[I] absolutely share ... concern that we're actually able to detect these because that's obviously absolutely critical to us protecting against them,” Haines said before the Senate Select Committee on Intelligence. “I think ... it was pretty alarming that we found out about it through a private company as opposed to our being able to detect it ourselves to begin with.”

In response to the breach, Austin committed to reviewing the DoD's cyber posture and emphasized that Russia must be punished for infiltrating federal networks. In the advance questions, Austin stopped short of calling the breach an act of war, arguing that designation “requires a case-by-case and fact-specific determination.”

“For example, malicious cyber activities could result in injury, death or significant property destruction,” Austin wrote. “These activities would need to be considered in their totality.”

An early January announcement from several federal investigators, including the NSA and Office of the Director of National Intelligence, stated that the breach was believed to be an espionage campaign and “likely Russian in origin.”

“If that's the case, I think Russia should be held accountable,” Austin said at the hearing. “That's my personal belief.”

Sen. Jack Reed, D-R.I., who sits on both SASC and SSCI, called the breach “the greatest cyber intrusion in the history, I think, perhaps, of the world” and said that the stovepiped nature of the U.S. national security apparatus needed to be addressed. Reed said one challenge for Haines will be developing a “more coherent, cohesive, integrated approach” to dealing with cybersecurity threats, particularly from advanced nation-state actors.

Under questioning from senators, Haines said the SolarWinds supply chain hack was a “grave threat,” and the government needs new to improve its defenses against such attacks, though she noted that she hasn't received a classified briefing on the intrusion. In 2019, a report from ODNI warned of growing software supply chain hacks that provide an “efficient way to bypass traditional defenses and compromise a large number of computers.”

“To prevent a recurrence of this kind of attack, we need to close the gap between where our capabilities are now and where they need to be in order to deter, detect, disrupt and respond to such intrusions far more effectively in the future,” Haines wrote in her questionnaire. “If confirmed as DNI, I will review the expert conclusions from the SolarWinds incident and the current intelligence about supply chain vulnerabilities and what steps may be taken to address any vulnerabilities.”

Haines told senators that she would assess how the intelligence community can improve its cybersecurity partnerships with industry and the whole federal government.

“I believe that the IC plays an integral role in detecting and warning against nation-state targeting of U.S. networks and infrastructure,” she wrote. “If confirmed, I will examine how better collaboration between the IC and the rest of the U.S. government, coupled with closer partnerships with the private sector and our international allies, can enhance our ability to deter, detect, and mitigate cyberattacks.”

Haines will review whether the intelligence community is allocating resources properly to face advanced cyber threats and will examine the adequacy of the IC's existing authorities to protect the digital infrastructure of the United States, she said. Austin pointed to a cyber-threat sharing partnership the department has with the defense industrial base and stated that the department should “continue to look for ways to better integrate with interagency partners and the private sector.”

In light of the SolarWinds breach, the senators on SSCI wrote that they are worried about a “lack of mandatory threat information sharing between the private sector and government,” adding that any information sharing from the private sector after the breach is voluntary. Haines would review the relationship.

“Information sharing between the IC and the private sector is increasingly important to ensure that our data systems and networks are secure,” she wrote. “If confirmed as DNI, I look forward to reviewing the Intelligence Community's data sharing and information exchange relationship with the private sector, to engaging with IC experts and private sector leaders on what information is currently being shared, and to examining the efficacy of the current framework for sharing threat information.”

The incoming Biden administration has signaled that it will prioritize cybersecurity in the aftermath of the SolarWinds breach. The Biden team named Anne Neuberger, the NSA's cybersecurity director who worked to improve information sharing with the private sector, to National Security Council as deputy national security adviser for cyber and emerging technology.

Haines wrote that she will “ensure” that the intelligence community has a “robust data sharing and information exchange relationship” with private companies and said that she will be “studying current information sharing to determine how it can be improved and what types of information can be shared to enhance cybersecurity protections.”

“The private sector has unique insight and expertise on malicious activity occurring within its networks,” Haines said. “Real-time integration of private sector and government data could lead to more effective prevention and mitigation outcomes.”

Cyber norms and deterrence

For the last few years, the U.S. government wrestled with the concept of deterrence in the cyber domain, a complex challenge that including resilient defenses, risk management and strong international partnerships. As the SolarWinds breach demonstrated, deterring adversaries from hacking, which is seen as below the threshold of an armed response, is difficult.

In response to a question from Sen. John Cornyn, R-Texas, about how to approach cyber deterrence, Haines pointed to many of the same tenets of current U.S. cyber deterrence, including imposition of costs for malicious actors' behavior, bringing foreign allies together to impose those costs, building resilient systems that are hard to hack, developing norms and creating strong relationship with the private sector.

Haines wrote that setting norms should include outlining sanctionable behavior with the agreement from allies. A cornerstone to sanctioning is attributing cyberattacks to actors, a challenging undertaking in the cyber realm. Sen. Mark Warner, D-Va., said he wanted Haines to be more forthcoming with attribution of cyberattacks, stating that he found it “extraordinarily concerning” that the “[Trump] White House underplay[ed] attribution on Russia.”

Attribution, Haines said, would be a major piece of the ODNI's role in deterrence.

“Something we [ODNI] can do is promote the ability to detect when adversaries are engaging in such activity so as then to provide information about attribution, for example. And then hold adversaries to account through that.”

https://www.c4isrnet.com/cyber/2021/01/20/after-huge-hack-biden-security-picks-want-more-cyber-coordination-with-industry

Sur le même sujet

  • Short-range air defense is making a comeback

    21 septembre 2020 | International, Aérospatial, C4ISR, Sécurité

    Short-range air defense is making a comeback

    Brig. Gen. Shachar Shohat (ret.) Recent events in the Middle East have led some to wonder how countries, including Israel, can protect their own strategic installations. Israel's adversaries, such as Hezbollah chief Hassan Nasrallah, have threatened to strike sensitive Israeli targets. Saudi Arabia absorbed a painful strike in September 2019 when an Iranian drone swarm combined with cruise missiles struck oil fields, causing heavy damage. The attack on Saudi Arabia is the latest tangible example of the evolving threat: precision-guided, sophisticated enemy air attacks. Each country designates its own strategic sites for special defense. They range from nuclear power plants to air force bases to Olympic stadiums. And the hardening of defenses around strategic sites was especially prominent until around three decades ago. At that time, attackers using close-range munitions had to approach a given site in order to attack it. Visual contact was often required, and simple air-to-ground munitions would suffice for an attack. Defense systems of that time were similarly simplistic. Air force bases might be protected by a 40mm anti-aircraft cannon, for example, in order to prevent a direct attack on a runway. That same concept would be applied to any sites deemed critical by a state. In addition to being limited in range, though, such defenses required many munitions and high numbers of personnel. The 1980s and 1990s witnessed a revolution in the world of weaponry. Precision, long-range (standoff) munitions entered the battle arenas, and close-range air defenses became largely obsolete. Once attackers no longer needed proximity to their targets, close-range defenses could neither hit the longer-range munitions nor their launchers. But over the past decade, we have seen the addition of GPS-guidance systems to those munitions. The advent of this technology, combined with the overall revolution of the '80s and '90s, has heightened the need for states to return to close-range air defenses — but in a new configuration. Additional systems are now in the pipeline. Small, affordable interceptor missiles and laser beam defenses are the answers to the new categories of close-range threats seen around the world, including gliding bombs, cruise missiles and drones. In 2019, the Iranians proved that if they have intelligence on their target and the ability to send munitions to the “blind spot” of radars, attacks can be successful. That attack should serve as a “wake-up call” for countries around the world. If states want to protect strategic sites, radars that look in every direction, 360 degrees, 24 hours a day, are needed. Effective new defense systems must now be multidirectional in their detection of incoming threats, a response to the enemy's ability to turn, steer and evade radar coverage and detection. That coverage must be combined with multiple layers of defense, including defense mechanisms very close to the asset being defended. Examples of what is now needed for strategic sites' defenses are already evident in the realm of military vehicles. The Israel Defense Forces installed the Trophy defense system on a growing number of tanks and armored personnel carriers as a result of a series of incidents in Lebanon and Gaza. Airframes also need such systems, as the downing of an Israeli transport helicopter by Hezbollah in the Second Lebanon War demonstrated, as do ships — and so too do strategic assets. The age-old military axiom asserts that lines of defense will always be breached. As such, we must develop the maximum number of opportunities for interception possible. Longer-range air defense systems, such as the Patriot, David's Sling or the S-400 can intercept threats at tens or hundreds of kilometers away. But today, because state enemies can bypass long-range defenses, countries must always have the ability to directly intercept the actual munitions. Without close-defense capabilities forming part of a country's multilayer defense systems, strategic sites are simply not adequately protected. In the context of multilayer defense development and deployment around strategic sites and sensitive targets, Israel has taken on the role of global leader. In 2020, short-range air defenses are making a comeback, and this time they are set to remain as a permanent fixture. Retired Brig. Gen. Shachar Shohat served as a chief commander of the Israel Air Defense Forces and a publishing expert at The MirYam Institute. https://www.defensenews.com/opinion/commentary/2020/09/18/short-range-air-defense-is-making-a-comeback/

  • North Korea tested firing cruise missiles on Feb 2 -KCNA

    4 février 2024 | International, Terrestre

    North Korea tested firing cruise missiles on Feb 2 -KCNA

  • Contracts for June 7, 2021

    8 juin 2021 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

    Contracts for June 7, 2021

    Today

Toutes les nouvelles