A Successful Solar Winds Investigation

Washington loves commissions and formal investigations. It’s often political blood sport with more heat than light. But some are, on a rare occasion, enlightening, instructive, and sometimes positively prospective with excellent recommended changes for the future.

In the past 20 years alone in the Intelligence arena, I have seen the 9/11 Commission, the Iraq Weapons of Mass Destruction Commission (WMD), Enhance Interrogation review, and the Russian Election investigations.  The WMD was the best of the lot for its forward leaning viewpoint and suggestions and unbiased description of the underlying problems.  

As we embark on one of the first major cyber incident investigations - looking at the Solar Wind debacle -  let me tell you what a hardened observer thinks works and doesn’t work when it comes to these Washington events.

A Systemic Failure, Not Stupid People

First, spare us the public hangings. Yes, Solar Winds was a debacle on the order of the Snowden Affair.  Yes, there were people at Solar Winds, DHS, FBI, and NSA, that were supposed to be monitoring for such attacks.

But, I think you’ll find that they were either overwhelmed with their current responsibilities or dealing with a system not built to handle a new type of attack – not stupid or lazy people, but a systemic failure.  The system was simply not built to deal with the “new, new” and had not adjusted/reviewed its underlying assumptions about the fast-moving cyber world in which we now live.

Second, please do not haul out some sci-fi author, movie writer, or futurist who guessed it right.  Well done them – but their identification of “black swans” is more dumb luck than anything else and a source of distraction from dealing with the problem and fixing the system. DC loves its “stars.”  But they add nothing to the process.

Third, this is the time for quiet, expert forensics and expert reviews - not too many public hearings.  With my 40 years of DC experience, let me tell you that the open hearing, for the most part, are scripted Broadway shows designed to “show off” individuals and occasionally the progress and insights of the committee.  They add little to the process and distract the committee members and staff from doing their job – solving the problem.

Fourth, and this is crucial, figure out fast triage and recommend in tranches best practices to do what needs to be done to stop another Solar Winds – now!  Don’t wait for some big rollout of the practices.  It doesn’t fix the future. It leaves us unnecessarily vulnerable. The triage needs to be done now as you would a wounded person from ambulance to hospital. 

And like all wicked problems - which cyber security surely is - it can only be addressed and solved by people who are not part of the problems. You, investigators, are those people.

Name Names and Act Decisively

And, finally, name and recommend punishment for the perpetrators publicly.  We have a natural tendency to want to be quiet about our capabilities.  A sensible approach. 

But, this incident is beyond the norm - in my opinion close to cyber war - and needs major, directed action.  Not swift action necessarily, but well thought out actions.  Actions that hurt and remind future perpetrators that we will search you out and we will punish you.

I sincerely hope the new investigation works.  We need it to protect our country and show the world we are not cyber suckers.  But forensics, focus, and understanding of the players is what will work if we truly want change.

Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

Image: Unsplash

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« Spotless Data
New British Cyber Security Council »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.