13 August 2017

Capitol Hill: Zeros and Ones of Resilient Vigilance...

Walking past the Cannon House Office Building this week, on the way to a meeting at the U.S. Capitol, created some reflective thoughts.  As our Capitol came into full view, you have to wonder how many congressman have made that walk since the early 1900's?  How many representatives from across America contemplated whether their work was making a real difference, for their constituents and for our country.

The future of America is bright and our level of resilience as a nation has endured, yet we must remain vigilant.  There are thousands of people who get up every day and travel into the District of Columbia and surrounding suburbs, because they are Patriots and they care so very much about our growing Republic.  You have to see it in their eyes, to realize how much that is true.

Entering the South door on the House side, we proceeded to our meeting room, H-137.  As our small cadre sat down for a light meal, the focus quickly turned to our purpose for gathering.

National Security and Intelligence was the high level reason, yet the dialogue quickly drifted into what was an 80/20.  It seems that the "Cyber" related conversations these days are taking up about 80% of the nuances to Critical Infrastructure Protection (CIP) and for good reason.  The fact is, more than 85% of our nations Critical Infrastructure are out of the direct control and ownership of the government.

Private Sector companies and other non-government entities control 16+ vital sectors of the nations infrastructure assets.   They are the owners and operators of Energy companies, Telecommunications, Financial, Water, Transportation and our Information Technology Sectors and including the Defense Industrial Base to name a few.

What was not mentioned in the room over our 90 minutes, were some of the most sensitive issues confronting those on the front lines of the private sector critical infrastructure protection industry.  "Fancy Bear," "Eternal Blue," "Vault7" were on some peoples mind.  These references mean nothing to many of the "John Q. Citizens" in America who are working using smart phones and lap top computers at home, on the job or in our free lance economy.  Until these electronic tools are no longer functioning correctly.

So what?

Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June.

The owners and operators of Critical Infrastructure across the globe, are now operating on high alert.  The executives and policy-makers in discussion behind closed doors, around the U.S. Capitol understand the magnitude of the current problem-set.  Utilization of these exploit tools will continue by rogue individuals, Crime, Inc., and cyber terrorists that are no different than other examples in the physical world associated with IED's or weapons of mass destruction.

The Private Sector will need to step up its resilience and readiness game in the next few years, if not months.  The capabilities and Return-on Investment (ROI) for non-state actors to play in a whole new league, are becoming ever more apparent.

To continue our resilient vigilance across the nation, we will require a whole spectrum of new capabilities and some, that have worked for years...

No comments:

Post a Comment