On Chaos and The Cyber Supply Chain

Supply chain issues are much in the news today.  However, a story we should not forget, aired on 60 Minutes last July, focuses on how truly vulnerable we are to attacks on the cyber supply chain.

We go through our daily lives, probably mostly unaware of just how interconnected, just how dependent, just how vulnerable we are to others.  We expect or hope those we depend upon are holding up their end and operating in good faith.  We entrust our money, our needs, our very lives, to a highly complex system that can flip the switch at any time, and plunge us deep into chaos.

We saw a bit of that in The Handmaid’s Tale.  When Moira and June could not use a credit card to purchase coffee in an early episode, they were at the beginning of a descent into chaos.

We also saw a bit of that at the start of the pandemic, when suddenly, the world we knew was no more, and soon we were wondering what the “new normal” would look like.

Either we consciously or subconsciously choose to ignore all the threats that surround our daily existence, or we imagine there are ways to increase our independence and prepare for all manner of emergencies.  These are not easy choices when crystal balls fail to alert us to dangers ahead.  We do the best we can, accepting, at some level, that we do not control everything, and will not survive everything.

Still, the temptation to “be prepared” is great.

The story below caught my attention because it startled me to consider how dependent we have become on computer technology – and how vulnerable this technology is to asymmetric warfare.  “Russia has demonstrated that none of the software we take for granted is truly safe, including the apps on our telephones, laptops, and tablets. These days…any device can be sabotaged,” said Jon Miller in the 60 Minutes segment.

So, what’s a girl to do?

The coronavirus pandemic reminded some of us of how much we miss face-to-face contact with other human beings, the human touch, a real-life hug – things the virtual world attempts to replicate, but in current technology, still falls short.  So I wonder, is it too late to find more balance between the online and off-line worlds?  Would we be able to cope more effectively with old ways of being if we reduced our dependence on modern technology?  Is there truly a way to decrease vulnerability and increase preparedness for the coming chaos?

The story below left me with questions like these.  I wonder what it will evoke in you.  — LMO

Here are a few excerpts from the 60 Minutes story on the SolarWinds cyber attack.

“Bill Whitaker reports on how Russian spies used a popular piece of software to unleash a virus that spread to 18,000 government and private computer networks.”  — 60 Minutes

“Last year, in perhaps the most audacious cyber attack in history, Russian military hackers sabotaged a tiny piece of computer code buried in a popular piece of software called SolarWinds…the hidden virus spread to 18,000 government and private computer networks by way of one of those software updates we all take for granted…Russian agents went rummaging through the digital files of the U.S. departments of Justice, State, Treasury, Energy, and Commerce…for nine months, they had unfettered access to top-level communications, court documents, even nuclear secrets.”

“When Presidents Biden and Putin met in Geneva last month – it was the first time that the threat of cyber war eclipsed that of nuclear war between the two old super-powers… and ‘SolarWinds’ was one big reason why. Last year, in perhaps the most audacious cyber attack in history, Russian military hackers sabotaged a tiny piece of computer code buried in a popular piece of software called SolarWinds. As we first reported in February, the hidden virus spread to 18,000 government and private computer networks by way of one of those software updates we all take for granted. After it was installed, Russian agents went rummaging through the digital files of the U.S. departments of Justice, State, Treasury, Energy, and Commerce –among others—and for nine months, they had unfettered access to top-level communications, court documents, even nuclear secrets.”  — 60 Minutes

“Brad Smith: I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen.”

“Brad Smith: I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen.

“Brad Smith is president of Microsoft. He learned about the hack after the presidential election this past November. By that time, the stealthy intruders had spread throughout the tech giants’ computer network and stolen some of its proprietary source code used to build its software products. More alarming: how the hackers got in… piggy-backing on a piece of third party software used to connect, manage and monitor computer networks…

“…there’s an asymmetric advantage for somebody playing offense.”

“Brad Smith: I think that when you look at the sophistication of this attacker there’s an asymmetric advantage for somebody playing offense.

“Bill Whitaker: Is it still going on?

“Brad Smith: Almost certainly, these attacks are continuing…

“The world runs on software…But it can’t run with confidence if major governments are disrupting and attacking the software supply chain in this way.”

“Brad Smith: I do think this was an act of recklessness. The world runs on software. It runs on information technology. But it can’t run with confidence if major governments are disrupting and attacking the software supply chain in this way.

“Bill Whitaker: That almost sounds like you think that they [want] to foment chaos?

“Brad Smith: What we are seeing is the first use of this supply chain disruption tactic against the United States. But it’s not the first time we’ve witnessed it. The Russian government really developed this tactic in Ukraine…”

“Brad Smith: What we are seeing is the first use of this supply chain disruption tactic against the United States. But it’s not the first time we’ve witnessed it. The Russian government really developed this tactic in Ukraine…

“For years the Russians have tested their cyber weapons on Ukraine. NotPetya, a 2017 attack by the GRU, Russia’s military spy agency, used the same tactics as the SolarWinds attack, sabotaging a widely-used piece of software to break into thousands of Ukraine’s networks, but instead of spying – it ordered devices to self-destruct.

“Brad Smith: It literally damaged more than 10% of that nation’s computers in a single day. The television stations couldn’t produce their shows because they relied on computers. Automated teller machines stopped working. Grocery stores couldn’t take a credit card.”

“Brad Smith: It literally damaged more than 10% of that nation’s computers in a single day. The television stations couldn’t produce their shows because they relied on computers. Automated teller machines stopped working. Grocery stores couldn’t take a credit card. Now, what we saw with this attack was something that was more targeted, but it just shows how if you engage in this kind of tactic, you can unleash an enormous amount of damage and havoc…”

“Chris Inglis spent 28 years commanding the nation’s best cyber warriors at the National Security Agency – [serving] as its deputy director – and now sits on the Cyberspace Solarium Commission – created by Congress to come up with new ideas to defend our digital domain.

“Chris Inglis: It’s hard to kind of get something like this completely out of the system. And they certainly don’t understand all the places that it’s gone to, all of the manifestations of where this virus, where this software still lives…And the only way you’ll have absolute confidence that you’ve gotten rid of it is to get rid of the hardware…”

“Chris Inglis: It’s hard to kind of get something like this completely out of the system. And they certainly don’t understand all the places that it’s gone to, all of the manifestations of where this virus, where this software still lives. And that’s gonna take some time. And the only way you’ll have absolute confidence that you’ve gotten rid of it is to get rid of the hardware, to get rid of the systems.

“Bill Whitaker: Wow. So unless you get rid of all the computers and all the computer networks, you will not be sure that you have gotten this out of the systems.

“Chris Inglis: You will not be…”

“Jon Miller:…Russia has demonstrated that none of the software we take for granted is truly safe, including the apps on our telephones, laptops, and tablets.”

“Jon Miller: I build things much more sophisticated than this. What’s impressive is the scope of it. This is a watershed style attack. I would never do something like this. It creates too much damage.

“Miller says with the SolarWinds attack, Russia has demonstrated that none of the software we take for granted is truly safe, including the apps on our telephones, laptops, and tablets. These days, he says, any device can be sabotaged.

“Jon Miller: When you buy something from a tech company, a new phone or a laptop, you trust that that is secure when they give it to you. And what they’ve shown us in this attack is that is not the case. They have the ability to compromise those supply chains and manipulate whatever they want. Whether it’s financial data, source code, the functionality of these products. They can take control.”

Published by Loga Michelle Odom @Odomanian

Founder/Host, Reading Changes Lives; Senior Producer, OUR COMMON GROUND Media / TruthWorks Network / If America Fails?: The Coming Tyranny

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: