Retour aux nouvelles

27 avril 2020 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

In chaos, there’s opportunity … and that’s bad news

James Yeager

This year is only four months old and it's already one for the history books — and not in a great way.

As the defense community works in tandem with the broader government to keep citizens safe and healthy, cybersecurity threats are only becoming more aggressive.

If we've learned anything about cyber adversaries, it's that they will seize on any opportunity to gain an advantage in targeting their victims, including exploiting the fears of the public during a global pandemic. As COVID-19 has moved from the East to the West, adversaries have followed suit, using lures that play into people's desperation for information on the disease. In “The Art of War,” Sun-Tzu said“In the midst of chaos, there is also opportunity.”

The COVID-19 virus is infecting more than just people. The pandemic has created chaos and handed adversaries an irresistible opportunity to exploit the situation to gain entry into our networks, whether that's to steal intellectual property, disrupt operations, or gain a strategic advantage if they are a nation-state actor.

Already, we are seeing an increase in phishing campaigns using COVID-19 as a hook to launch malware in emails disguised as alerts. Particularly vulnerable are the thousands of remote workers — government employees and contractors alike — who are using their own home networks, which are largely less sophisticated and secure than their work environments.

The stakes are high, particularly for those in defense jobs, where an errant click can have devastating consequences. Coincidently, 2020 is the year when the DoD's Cybersecurity Maturity Model Certification has grown teeth and will force more than 300,000 defense contractors to up their cybersecurity game or face bottom-line consequences. Now is not the time to make mistakes.

In CrowdStrike's recent Global Threat Report, we captured and analyzed real-world inputs from observed trends in cyber-attacks on commercial and government enterprises. The following are some of the notable attack vectors and trends we observed across the public sector during 2019:

  • An escalation in ransom demands, including ransomware attacks on defense supply chain providers, schools and local municipalities.
  • Surpassing the volume of malware attacks are malware-free attacks that use code which executes from memory or stolen login credentials.
  • Continued state-sponsored targeted intrusions aimed at the government and defense sector. In fact, we have witnessed adversaries exploiting fear around COVID-19 to socially engineer their way to user credentials and sensitive data.

In the months ahead, I contend we'll see many more of the same tactics from the same bad actors: Russia, China and newer players on the block, such as Iran, which has leveraged U.S. social media platforms to develop information operations campaigns.

Amidst massive change, periodic chaos and long-term disruption, the defense community — government and industry — must put a premium on speed. Speed to detect. Speed to investigate. Speed to mitigate. We recommend that agencies and companies implement cybersecurity practices that follow the 1-10-60 Rule: detect intrusions within 1 minute; investigate and gain a comprehensive understanding of the attack within 10 minutes; and contain and remove the threatening adversary from the network within 60 minutes.

This benchmark will limit the damage caused by inevitable attacks. Yes, inevitable. Cyberattacks are a constant and while building a bigger, wider and thicker wall may help keep bad actors out, they are persistent and determined enough to eventually get in, and when they do, you're on the clock.

This year will only get worse as the impacts of COVID-19 will be deep, damaging and long-lasting. We're all faced with loss and uncertainty as we attempt to recover from the global pandemic. For the defense community, there is no time to recover and regroup. You are already on the clock, as those who wish to do our nation harm are already hard at work.

https://www.fifthdomain.com/opinion/2020/04/24/in-chaos-theres-opportunity-and-thats-bad-news/

Sur le même sujet

  • Air Force to replace Kadena F-15 squadrons with rotational fighters

    27 octobre 2022 | International, Aérospatial

    Air Force to replace Kadena F-15 squadrons with rotational fighters

    But the longer-term plans for fighters at Kadena are not yet set.

  • DARPA Looking to Infuse Aerial Systems with AI

    29 avril 2021 | International, Aérospatial

    DARPA Looking to Infuse Aerial Systems with AI

    DARPA Looking to Infuse Aerial Systems with AI

  • Marines want a better way do force-on-force tactical shooting training

    11 juin 2018 | International, Terrestre

    Marines want a better way do force-on-force tactical shooting training

    After decades of using laser-type devices for shooting simulations and force-on-force tactical warfighting, the Marine Corps is asking for a new way to do fake shooting. A recent request for information is asking the commercial industry to bring ideas to the Corps that would help it make simulated shooting more realistic for up to a battalion-size force and improve current systems. Some versions of those systems have been in operation since Nintendo's Duck Hunt video game was considered high-tech shooting and laser tag advertisements dominated Saturday morning cartoons. This won't hit every Marine Corps installation but many will have it. Based on the RFI, the systems would be employed “to provide turnkey instrumented exercises with After Action Review (AAR) at 29 Palms, Camp Lejeune, Camp Pendleton, MCB Hawaii, MCB Okinawa or MCB Quantico within 3 weeks of notice, as well as support additional exercises upon request at Camp Fuji, Japan, Marine Corps Mountain Warfare Center, MCB Yuma, and specified reserve locations.” And the Marines are not doing this alone. They will be leveraging the Army's Live Training Engagement Component software. That's a tactical training framework so that simulations can be on the same standards and work jointly with other services and potentially foreign partners. One of the key cross functional teams that the Army formed last year included simulated training environment work. The goal is to incorporate better simulations for training at all levels, beginning in the design and procurement of future weapons and other equipment systems. The Corps wants a system that would be able to simulate all weapons and vehicles typically seen in a battalion, which would include at least: M4/M16; M9 or sidearm, the M27 Infantry Automatic Weapon; hand grenades; rocket propelled grenades; Light Anti-Tank Weapon; 60mm mortars; 81mm mortars; Claymore antipersonnel mine; Mk-19 grenade launcher; Russian machine gun; AK-47 variants; M41 TOW; Javelin missile and the Carl Gustaf recoilless rifle. It would distinguish between a hit, wound or miss and record information for after-action reviews. Marine Corps Times first reported news of this initiative last year following an interview with then-program manager for Training Systems at Marine Corps Systems Command, Col. Walt Yates. At the time, Yates described some of the shortfalls of using lasers when gauging accuracy and real-world effects. “A laser is at the speed of light, and the bullet is not,” he said. Yates previously said that though the current shooting systems are a generational change from old MILES, or multiple integrated laser engagement system, lasers have fundamental flaws for realistic battle scenarios. For example, laser-based systems shoot line-of-sight, making arcing weapons such as mortars and grenade launchers more difficult to simulate. Lasers can also be deflected by light concealment such as tree leaves and thin walls. And the number of troops and shooting ranges will change with new systems. The first generation ITESS accommodated 120 Marines and opposition forces, the second generation expanded to 1,500 with a communication radius of 5 to 8 km. The third seeks to track up to 2,500 Marines, making it capable of battalion on battalion exercises envisioned by the commandant, Yates said in the November interview. A new simulator must act more like a real bullet, requiring Marines to lead their moving targets, fire rifles on semi, burst and fully automatic modes and ensure the bullet travels in the realistic path, which is not perfectly line of sight, he said. https://www.marinecorpstimes.com/news/your-marine-corps/2018/06/04/marines-want-a-better-way-do-force-on-force-tactical-shooting-training/

Toutes les nouvelles