By Sara Friedman of Inside Cybersecurity
January 13, 2021
With the full impact of the SolarWinds attack still unknown, former DHS cyber leader Suzanne Spaulding says the government approach to cyber needs to change from shoring up systems to limiting damage and protecting critical information.
“My biggest concern from this massive hack is that we for some time are going to assume in government and many private industries that we have been impacted [and] the adversary is in our systems,” Spaulding said at event Tuesday hosted by George Washington University. “We are going to be spending a long time getting the adversary out of our system.”
Spaulding said the bad actors will not “just melt away” now that they are being discovered on federal systems and the U.S. should expect “hand-to-hand combat.”
One of the ways to limit the damage of future attacks is “to have a clear plan for what we are going to do when lines are crossed,” Spaulding said, and to operate with the “assumption” that more attacks will occur.
Standing up the Office of the National Cyber Director will play an important part in helping both government and industry understand SolarWinds impacts, according to Spaulding.
“There are pieces of the SolarWinds hack and our understanding of it spread out across government and the various departments and agencies doing battle right now that have been impacted and obviously many private sector victims and the cybersecurity firms that are helping them and companies like Microsoft that were also part of the technology deployed here,” Spaulding said.
On “day one” of the NCD’s term, Spaulding said they will have a “perfect opportunity” to start “operationalizing the kind of collaboration” envisioned by the Cyberspace Solarium Commission to bring “the private sector folks to the table as well as across the interagency and our allies overseas who may have insights for us and are working hard to share more information than we are normally comfortable sharing.”
Spaulding, a Solarium commissioner, said information sharing will play a critical part of the NCD’s role in the executive branch and to also allow for collaboration “on an operational basis” with a focus on “Who has the capability to do what and how do we empower them to do it?”
Retired Adm. Mike Rogers, former NSA director and U.S. Cyber Command chief, also spoke at the event highlighting how the U.S. approach to responding to attacks needs to change to meet new threats.
“What we have never said as policy across multiple administrations is the penetration of national security systems through espionage purposes is outside the acceptable rules,” Rogers said. “One of the challenges for the incoming Biden team is we need to step back and ask ourselves just what kind of behavior is unacceptable and if so what are the things we can use to set thresholds so to speak.”
In the defense and intelligence worlds, Rogers said “much of our authority is all predicated on external” threats from foreign adversaries and Russia “clearly saw” ways to exploit our “domestic infrastructure.”
“They have clearly pivoted into a different operational scheme, different operational methodology and they are using our structures and processes in some ways against us,” Rogers said. “We need to be thinking our way through what are the implications of that for us.”
Others: https://www.afcea.org/content/us-civil-unrest-may-move-cyber-realm
