Tag Archives: cyber attacks

UK Security Chief: C1 Attack Likely in Next Two Years

The head of the UK’s National Cyber Security Center (NCSC), Ciaran Martin, said that a major cyber-attack on the UK is a matter of when, not if.

Martin said that the UK had been lucky to avoid  a so-called category one (C1)  attack.    Luck?  That’s comforting.

A C1 attack is defined as an attack that might cripple infrastructure such as energy supplies or the financial services sector.

Other countries, such as France and the US have already had C1 attacks.

The US?  Really?  That is because interference with the elections is considered a C1 attack also.

Martin, in an interview with the Guardian, said that he anticipated a C1 attack in the next two years – that he doesn’t expect to make it to 2020 avoiding such an attack.

The NCSC is the public face of GCHQ, the British version of the NSA, so they likely have a pretty good idea of what is happening.

The worst attack the UK has faced so far was WannaCry last year.  The NCSC categorized that as a C2 because there was not imminent threat of loss of life.  It certainly had an impact on healthcare in the UK.

The NCSC has classified 34 attacks at the C2 level since it opened through the end of 2017 – about 15 months.  They cataloged 762 C3 attacks in that same period.

We don’t have similar numbers for the US, but if we did, they would likely be larger.  We are a bigger target than most.

President Trump suggested he might use nuclear weapons in case of a cyber attack.  Hopefully, he was just bluffing, but that would be a good way to start World War III.

Cyber attacks are not going away any time soon.  For nation states, it is pretty easy to “encourage” private hackers in another country to be their attack proxy, which is why using nukes to retaliate is so scary.  What if the Chinese made an attack look like it came from Russia?  Or Germany?  Sometimes attribution is easy, but only if we have already hacked the hacker’s network.  If a nation state is effective at getting hackers in another country to launch an attack, then attribution is hard.  What if Chinese hackers compromise some computers in some place in the US, say Iowa, and launch an attack from those compromised PCs.  If the PCs are consumer owned, it is unlikely that there are any logs to help figure out where the attack was launched from.  At that point, figuring out where the attack came from is very, very difficult.

Information for this post came from The Guardian.


Facebooktwitterredditlinkedinmailby feather

The FBI is looking for a little love

According to an item on Govtech, The FBI is looking for a little help from businesses in their effort to bring cyber criminals to justice.

Assistant AG for National Security  John Carlin and FBI Director James Comey said they need more than knowing how a breach occurred.  They also want to know why the bad guys are after them.  So exactly what is in it for businesses to cooperate?

I assume that number one on most company’s list would be to get the bad guys, get the information back and put the perpetrator in jail for a long, long, time.  Let’s analyze this.

While some cyber attacks come from inside the US, many come from foreign countries.  Countries that are not terribly friendly to us.  Countries like Russia, China, North Korea and other places.  Do you think China is going to help us catch some cyber thieves?  Not likely.  Many of them are likely on the government’s payroll.  The ones that are not and are doing things that the government doesn’t like will likely disappear.  That problem is solved.  Sending them to the US to face trial?  Not gonna happen.

What are companies concerned will happen?

1.  My company will be turned into a crime scene.  To some extent, this is likely to happen.  The Feds are going to want to collect evidence.  Are they going to come thundering in and haul off all your computers?  Not likely, but there are no parameters that say what they are going to do and not do.  Are they going to question my employees and take their time?  Likely yes.

2. I will get a lot of PR – all bad.  This is likely to happen anyway unless you can keep the breach quiet.  If it consists of stealing corporate intellectual property, you can probably do that, but the odds of catching the bad guys go to zero.  On the other hand, once the IP is stolen, getting it back is probably not very useful, since it has likely already been copied and distributed.  You cannot get the cow back in the barn.

3. The FBI is not going to understand what I am telling them and I will get frustrated.  Also likely to an extent.  The FBI is hiring a bunch of cyber agents, but they are not programmers and not system administrators and they have not been involved with your company to understand how your systems work.  Still, they are getting much better than they were.

4. The bad guys won’t get caught.  Also likely.  The US just indicted a bunch of Chinese military hackers.  Do you think the Chinese are going to turn them over to us.  Not very likely.  That indictment was a publicity stunt to try to impress the uninformed.  At least we do have some idea of who was attacking us, but the odds of us getting our hands on them to put them through our legal process is as close to zero as you can get.

5. Information I don’t want to get out will get out.  Partly true.  Some information will be protected, but unless a judge agrees to seal an indictment or clear the courtroom before testimony,  which is very unusual, some information will get out and you won’t get to decide what does and what does not.

So it is a messy situation.  No easy answers.  Your board will have to make some decisions. Also consider, however, that if it involves PII (like credit cards) or PHI (like medical records), the decision is mostly out of your hands unless you want to break the law – and they know where you live, so that is probably not a good plan.

Best answer – work hard to protect yourself and hope that your breaches are small.

Sorry if you were looking for a better answer.






Facebooktwitterredditlinkedinmailby feather