infoTECH Feature

January 26, 2015

Stealth Mode: Lying in Wait inside the White House's Network

By TMCnet Special Guest
Wallace Sann, federal chief technology officer with ForeScout

Recent data breaches involved an unclassified computer network used by President Obama’s senior staff, prompting countermeasures by the administration resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardware, or assuming control of other systems at the White House, which poses the question – what were the hackers looking for?

Washington Post reports have disclosed cyber-­espionage campaigns by hackers thought to be working for the Russian government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top-tier of states with cyber-capabilities. The Washington Post also reported the nature of this breach is consistent with a state-sponsored attack.

Interestingly, FireEye (News - Alert) developed a report supporting this assertion. According to the report, APT (Advanced Persistent Threats) 28: A Window Into Russia’s Cyber Espionage Operations, FireEye believes APTs that target malware, language and focused operations indicate a government sponsor that is most likely Russian. While there have been no reports that definitively confirm the Russian government was responsible for this particular breach, the ways in which the actors behaved are similar to those described in the FireEye report.  

The truth is, attacks such as this are becoming more prevalent and the actors are becoming more devious. The Department of Homeland Security reports that cyberattacks are growing more “sophisticated, frequent, and dynamic.” To decrease the likelihood of future breaches, government entities are encouraged to join the Continuous Diagnostics and Mitigation (CDM) program to implement tools that identify cybersecurity risks on a continuous basis, prioritize risks based upon potential impact, and enable cybersecurity personnel to mitigate the most significant problems first. 

Different agencies in the federal government experience breaches of increasing levels of gravity. This results in these particular agencies moving up in priority on the CDM task order list and getting closer to obtaining funds for CDM. Sadly, it seems as though a data breach needs to happen before elevating it within the task order listing, which is a bit of circular logic. Agencies should take a more proactive stance by:

  • Shifting their security mindsets from “incident response” to “continuous response,” wherein systems are assumed to be compromised and require continuous monitoring and remediation
  • Adopting an adaptive security architecture for protection from advanced threats
  • Spending less on prevention; investing in detection, response and predictive capabilities

Federal agencies need to become more proactive and aggressive in protecting their biggest assets – their data.

About the Author: Wallace Sann is federal chief technology officer (CTO) with ForeScout Technologies. In this role he provides technical leadership for ForeScout’s federal programs and product & certification roadmap, while also overseeing the federal systems engineering team.  More than 1,800 of the largest enterprises and government organizations in 62 countries use ForeScout’s next-gen network access control for continuous monitoring and mitigation of network threats. The company, located in Campbell, Calif., is a leader in Gartner (News - Alert)'s network access control Magic Quadrant.  




Edited by Maurice Nagle
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers