WASHINGTON – Critical intelligence from a cybersecurity firm has enabled the Defense Ministry to act quickly to mitigate potential damage to its networks from a Russian government intrusion last year, according to a senior official.
The so-called SolarWinds incident involved Russian intelligence personnel planting malicious code in software updates provided by government provider SolarWinds, allowing unprecedented access for months on federal networks.
Gen. Paul Nakasone, commander of US Cyber Command and director of the National Security Agency, said on Tuesday that threat intelligence firm FireEye was the key to exposing the threat, in a story never told before.
Days before Thanksgiving last year, FireEye chief executive Kevin Mandia visited the NSA with strong indicators that a hostile foreign adversary was in FireEye’s corporate system, Nakasone said during of a speech at the Mandiant Cyber Defense Summit.
NSA signals intelligence personnel corroborated this threat and worked to understand it better. A so-called Cyber Command chase team deployed to investigate potential intrusions into the network and discovered the same actor. The team managed to prevent the opponent from harming networks and exploiting targets.
“Partnerships between US government and industry allowed us to uncover the scope and scale of a foreign intelligence operation that took advantage of private infrastructure and caused immense damage to the private sector,” Nakasone said. . “Partnerships across the industry have made it possible to share solutions. How can we quickly mitigate this operation and prevent future similar attempts? “
The SolarWinds intrusion was “a significant incident for both the US private sector and the US government” and a turning point for the nation, Nakasone. However, he echoed DoD assurances that Pentagon networks were not compromised.
“Instead of decades of access to the US government, the power of partnerships was able to expose our adversaries before they burrowed into our networks, our data or our weapon systems,” Nakasone said.
Nakasone also addressed the threat of ransomware, noting that it is an ongoing threat.
He said Cyber Command was “springing up” to respond to the preponderance of events. Some of the recent targets, including critical infrastructure, pose a threat to national security.
“When ransomware starts to impact our critical infrastructure, it’s important,” he said.
This reflects a change over the past few years. Previously, ransomware was considered a criminal act under the jurisdiction of the FBI, and not Cyber Command or DoD, which typically focuses on activities and enemies outside of US borders.
“Yes [ransomware] is not important to the US Cyber Command and the National Security Agency, which are built for the express purpose of defending the nation, there is something wrong, ”he said. “We currently have a push underway both in the agency and in the command in terms of understanding the threats of ransom.
“Understand the tactics, understand how we tackle the adversary, how to better associate ourselves. This is what we do really efficiently. We can put our best people there and come up with new and innovative solutions, ”Nakasone continued.
The Pentagon is also devoting its attention to the ransomware challenge.
“Criminals, especially ransomware players, have become a priority for the Department of Defense, so we are actually devoting a fair amount of resources to this threat,” said Mieke Eoyang, Assistant Deputy Secretary of Defense. for cyberpolitics, during the press conference. an event hosted by the Aspen Institute on September 29.
Mark Pomerleau is a journalist for C4ISRNET, covering information warfare and cyberspace.