Federal agencies are still learning how badly the SolarWinds breach has impacted them. C4ISRNET reports Navy Chief Information Officer Aaron Weis says the breach has the Defense Department’s “full attention.”
“While it looks like sort of an espionage campaign right now, there’s just no full understanding yet of what was impacted,” Danelle Barrett, former Deputy Chief Information Officer of the U.S. Navy, told Francis Rose on “Government Matters” Monday.
It is not just the initial compromise of the software that is important, Barrett said. People are now trying to determine how far the adversary actually burrowed into the network.
“There are some insidious things there that could have been done,” she said, such as changing logs or escalating privileges. “If you can start altering logs or avoiding detection in other ways, then it makes it really, really hard for defenders, even with the best tools, to see what they’ve done.”
Barrett said the biggest concern from a cyber defender point of view is what actually happened and what happened to the data. She said anyone whose system was connected to a network affected by the breach could have been affected as well, depending on the permissions across those networks.
“This was a pretty sophisticated attack,” said Barrett, describing the use of block lists to make sure forensics could not be done, installation of Teardrop backdoors to affect what was logged, and other maneuvers.
Understanding what is normal for your network is essential for identifying anomalies, Barrett explained. “Are we smart enough today to question the data that we see on our operational and business systems to say, ‘okay, has that data been changed? Are those data right?’”
“There’s many countries who are after us from a cyber offensive posture,” said Barrett. She said Secretary of State Mike Pompeo has attributed the attack to APT29, which is Cozy Bear Russia. Barrett suggests the establishment of national cyber red lines. “A lot of work still needs to be done by the Biden administration – and I think they recognize that – on how do we define cyber warfare,” she stated.