A Successful Solar Winds Investigation

Uploaded on 2021-02-17 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Washington loves commissions and formal investigations. It’s often political blood sport with more heat than light. But some are, on a rare occasion, enlightening, instructive, and sometimes positively prospective with excellent recommended changes for the future.

In the past 20 years alone in the Intelligence arena, I have seen the 9/11 Commission, the Iraq Weapons of Mass Destruction Commission (WMD), Enhance Interrogation review, and the Russian Election investigations.  The WMD was the best of the lot for its forward leaning viewpoint and suggestions and unbiased description of the underlying problems.  

As we embark on one of the first major cyber incident investigations - looking at the Solar Wind debacle -  let me tell you what a hardened observer thinks works and doesn’t work when it comes to these Washington events.

A Systemic Failure, Not Stupid People

First, spare us the public hangings. Yes, Solar Winds was a debacle on the order of the Snowden Affair.  Yes, there were people at Solar Winds, DHS, FBI, and NSA, that were supposed to be monitoring for such attacks.

But, I think you’ll find that they were either overwhelmed with their current responsibilities or dealing with a system not built to handle a new type of attack – not stupid or lazy people, but a systemic failure.  The system was simply not built to deal with the “new, new” and had not adjusted/reviewed its underlying assumptions about the fast-moving cyber world in which we now live.

Second, please do not haul out some sci-fi author, movie writer, or futurist who guessed it right.  Well done them – but their identification of “black swans” is more dumb luck than anything else and a source of distraction from dealing with the problem and fixing the system. DC loves its “stars.”  But they add nothing to the process.

Third, this is the time for quiet, expert forensics and expert reviews - not too many public hearings.  With my 40 years of DC experience, let me tell you that the open hearing, for the most part, are scripted Broadway shows designed to “show off” individuals and occasionally the progress and insights of the committee.  They add little to the process and distract the committee members and staff from doing their job – solving the problem.

Fourth, and this is crucial, figure out fast triage and recommend in tranches best practices to do what needs to be done to stop another Solar Winds – now!  Don’t wait for some big rollout of the practices.  It doesn’t fix the future. It leaves us unnecessarily vulnerable. The triage needs to be done now as you would a wounded person from ambulance to hospital. 

And like all wicked problems - which cyber security surely is - it can only be addressed and solved by people who are not part of the problems. You, investigators, are those people.

Name Names and Act Decisively

And, finally, name and recommend punishment for the perpetrators publicly.  We have a natural tendency to want to be quiet about our capabilities.  A sensible approach. 

But, this incident is beyond the norm - in my opinion close to cyber war - and needs major, directed action.  Not swift action necessarily, but well thought out actions.  Actions that hurt and remind future perpetrators that we will search you out and we will punish you.

I sincerely hope the new investigation works.  We need it to protect our country and show the world we are not cyber suckers.  But forensics, focus, and understanding of the players is what will work if we truly want change.

Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

Image: Unsplash

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« Spotless Data
New British Cyber Security Council »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

SISA

SISA

SISA is a payment security specialist providing payment security assurance services, training and products to over 1,000 customers across the globe.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.