Between Volt Typhoon and Insider Threat, the Pentagon Had a Bad Week
While the Pentagon grinds agonizingly slowly towards improved cybersecurity with CMMC, the hackers continue to make them look like amateurs. Congress doesn’t seem to be much help in the crisis.
Last week the DoD Inspector General crucified the DoD’s operational units for doing a uniformly bad job at protecting Controlled Unclassified Information or CUI.
Government officials have also confirmed that Volt Typhoon’s (AKA China’s) malware is much more endemic that previously publicly admitted. It has been found inside numerous networks controlling communications, power and water feeding military bases here in the US and in other countries.
Those same networks also feed commercial businesses and consumers, so how wide spread the damage could be is unknown.
This is the same Chinese advanced persistent threat detected a few months ago in the Guam power grid. Guam is particular important to the Chinese because it is an important part of the U.S. military’s strategy to support Taiwan.
Even if we remove that malware, that doesn’t mean the network on which it was found is secure. Were there multiple points of persistence in each network? Are these points of persistence the same in each network?
In the meantime, the government does what it does best. Either moving agonizingly slowly forward or not making any progress at all when it comes to cybersecurity.
Some experts say that the Chinese intrusion into U.S. critical infrastructure predated the Guam attack by a year. Or maybe more.
If the Chinese are able to remain undetected in these military and also civilian critical infrastructure, they could cause total panic if they wanted to. Think about the panic that ensued after Colonial Pipeline shut down for a few days. What would it look like if the Chinese turned off the water and power to significant parts of the U.S. in a time of crisis?
Of course, you should assume that the U.S. has done similar things to Chinese infrastructure. Depending on the level of computer automation, returning the Chinese attack favor may not be as simple, because it is hard to hack a mechanical dial or lever from around the world.
Separately, but at the same time, the Air Force is investigating a 48 year old engineer from Arnold Air Force Base. According to the search warrant, the engineer had stolen $90,000 worth of radio equipment and taken it home. This allowed him to gain unauthorized access to technology used by the Air Education and Training Command.
Law enforcement discovered a computer running Motorola radio programming software “which contained the entire Arnold Air Force Base (AAFB) communications system”. They also found evidence of access to privileged communication from the FBI and other agencies.
Likely some policies will need to be changed and some heads will roll as a result.
But, until the Pentagon gets really serious about cybersecurity, not much will change.
By serious, I mean heads at the general officer level need to roll. This is a failure of leadership at the command level and nothing less. Credit: Dark Reading
by 