Top brass at the U.S. State Department, Treasury and Defense are reportedly prepping a sharp offensive to fight back against state-sponsored cyber hackers (read Russia) attacking the country's critical infrastructure facilities.
The growing number of potentially disastrous forays against U.S. energy plants and other vital structures has administration officials convinced that strong deterrence is the strategic missing piece, the Wall Street Journal reported. The blueprint on the table aims to hurt the country's cyber enemies -- most prominently Russia, China and North Korea -- but not harm civilians, the report said. That’s a big ask.
The punitive measures under consideration include:
- More frequent use of indictments against named hackers, along the lines of charges filed last month against 12 Russian intelligence agents for meddling in the 2016 presidential election.
- Requests that other countries locate and detain suspects facing extradition via Red Notices from Interpol, similar to the arrests of three FIN7 operatives last week.
- Asset seizures and sanctions.
Maybe some of these work, maybe they don’t. History says not to expect much. But no matter, there’s a catch and it’s a big one: Administration officials advocating harsher penalties against nation-state bad actors lack President Trump’s endorsement. Considering the President has waffled between denying ongoing Russian cyber meddling and voicing belated and tepid support for his own intelligence community, it’s uncertain if or when he’ll back a counter offensive.
Trump Administration Statement
A White House official told the WSJ “the president understands that concrete action—not mere wishful thinking—is necessary to address the increasing cyber threat.” Still, it’s unclear if there’s a favorable nod buried in there advocating forceful deterrence.
Moreover, Senate Republicans are skeptical that hitting Russia with tougher sanctions gained through new legislation is the best approach, The Hill reported. With the November midterm elections only 92 days away, GOP senators are uncertain how to combat Russian cyber interference, the report said. Let’s just say that the fact that lawmakers don’t know what to do at this point is a problem on its own. Security pros and intelligence officials know that time has already run out, it’s only legislators who are wringing their hands.
Of course, Russia has said it wasn’t them, a defense Trump appeared to believe at the Helsinki summit before walking those remarks a few days later under duress from both sides of the aisle.
A strategy founded on fighting back would have the support of privately-owned utilities, which lack the necessary resources not only to hold their ground but also make the hackers pay, the WSJ's report said. “There must be accountability for bad actors,” Tom Fanning, CEO of utility Southern Co., told the WSJ. “I can’t fight back. I want to know the Department of Defense is going to be there and hold people accountable,” he reportedly said.
U.S. Cybersecurity and Department of Defense Developments
Here’s a rundown of some of MSSP Alert’s coverage on the subject:
- Last week, the Department of Homeland Security (DHS) announced the opening of the National Risk Management Center to coordinate cyber security efforts between the feds and private industry, a good move but one unlikely to buttress the front lines.
- Two weeks ago, DHS warned that an infiltration by Russian hackers last March was much worse than initially believed, affecting hundreds of U.S. utilities rather than the few dozen first thought.
- In the March attack, Russian hackers surreptitiously gained access to U.S. critical infrastructure and could have shut down or crippled nuclear power plants and systems controlling water, electricity, aviation and commercial manufacturing. The campaign appeared to be a reconnaissance mission, perhaps laying the groundwork for a future full-on assault.
- In mid-July, U.S. National Intelligence Director Daniel Coats compared the warning signs of an impending Russian attack against the country’s digital infrastructure to the blinking red lights just ahead of the 9/11 terrorist catastrophe. “And here we are nearly two decades later, and I’m here to say, the warning lights are blinking red again,” he said.
- Last May, a massive IoT botnet called VPNFilter that infected more than 500,000 devices worldwide reportedly set the stage for Russia to launch a massive cyber attack.
- In November, 2017, word surfaced that the FBI knew for more than a year that the Russia-linked Fancy Bear cyber attackers were behind a scheme to break into the private Gmail accounts of dozens of U.S. government individuals and organizations but neglected to alert the potential targets.
- In July, 2017, cyber attackers working for an unidentified nation state breached more than 12 U.S. power plants. Russia was suspected of being behind the attacks.