In testimony before the House Select Committee on the Chinese Communist Party yesterday, FBI Director Christopher Wray delivered an ominous message:
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
That statement strongly implies that the assets (including IT, IT, OT, and cyber physical systems) on which American power grid, water treatment, healthcare, pipeline, transportation and logistics, telecommunications, and other critical infrastructure operations depend have already been compromised by state sponsored or sanctioned threat actors.
A likely Chinese cyberattack will “wreak havoc and cause real-world harm to American citizens and communities.”
The risk, Wray emphasized, was not hypothetical, but real; not a matter of if, but when. And when the attack comes, he said it would be at a moment of China’s choosing.
Wake Up Call
Wray also expressed frustration that these threats to U.S. critical infrastructure have not gotten the attention they require, and he made it clear to the Committee that they and the nation need to do more. “China’s multi-pronged assault on our national and economic security make it the defining threat of our generation,” he warned.
Offering some reassurance, Wray said that the U.S. was not incapable of defending against the Chinese cyberthreat, but that the public and private organizations responsible for managing our economic and critical infrastructure “cannot afford to sleep on this danger.”
In other words, his testimony was a wake-up call.
How You Can Respond
Ordr’s customers can take immediate action to check for, respond to, and mitigate security gaps and indicators of compromise that might otherwise be exploited by threat actors. You have a powerful tool available and can use our See, Know, Secure framework to guide your cybersecurity strategy and execution.
- See every asset and manage exposure: The good news is that our platform has already discovered, profiled, and is monitoring your entire cyber asset attack surface. That includes every asset–IT, OT, IoT, and cyber physical systems–operating on your network, along with their installed software and applications, and their communication flows. Using Ordr you can ensure that you’re identifying and mitigating risks such as devices with vulnerabilities, running outdated operating systems, or using weak/default/no passwords.
- Know your threats and anomalies: We view active threats in three ways. First, known threats will be detected by our integrated intrusion detection system and threat intelligence feeds. (Note: our IDS signatures today can detect the KV botnet malware referenced by Director Wray). Second, we detect risky communications, such as internal east-west traffic, and external traffic to unknown or hostile domains. Finally, we also alert on any activity by any device that strays outside of its expected baseline parameters. Security teams should use Ordr risk scores to prioritize remediation of the top threats in their networks. Risk scores can be customized based on asset and business attributes important to the organization.
- Secure and segment: You should review your network segmentation policies to make sure you can isolate mission-critical assets and make it harder for threat actors to get to them in the event of an attack. Zero Trust segmentation, where you are limiting vulnerable devices (such as those with outdated operating systems) to baseline communications, can enable appropriate access while limiting risky exposure. You can also automate responses when a threat is present, double-check the asset context to determine the best possible enforcement point (firewalls, NACs, or switches), and make sure responses and policies are requisite to the threat.
Keep in mind that, while the FBI director named several examples of critical infrastructure under threat, the list was not exhaustive. Healthcare, financial services, manufacturing, and other industries can all be defined as critical infrastructure. And any organization that is part of the digital supply chain to those targets also poses a threat.
How Ordr is Responding
It is important to know that we are not sitting still. Our policy is one of continuous improvement, and we are monitoring this and other threats to ensure our customers are prepared, developing and updating features that help our customers simplify risk prioritization, and rapidly respond to and contain threats. Our threat intelligence integrations, in concert with the Ordr Data Lake, ensure the most precise, real-time analysis possible are at work on your behalf.
For example, the rogue devices, malicious communications, and malware our customers have detected and remediated mean their environments are already better protected against potential cyberattacks. One customer–a critical infrastructure operator–was able to reduce dwell time from the industry average of 16 days to just a few minutes.
We also continue to monitor our systems and processes, ensuring they comply with SOC2 standards. As outlined in a previous blog, Ordr’s achievement of SOC 2 compliance in Organizational Governance and Structure underscores our enduring commitment to security.
We are all in this together
The FBI’s warning should not come as a surprise to cybersecurity professionals who have been paying attention. Threat actors have been actively targeting economic and infrastructure targets for years. And whether or not the scenario Director Wray described in his testimony comes to pass, we can expect attacks from other hostile players to persist. Cybercriminals have shown a propensity for carrying out their business with callous unconcern for the consequences of their actions.
As such, we should use this moment to remind those around us that security is everybody’s job. Be wary of every email, every online interaction, every unexpected behavior in your network. Our commitment to you is that we will continue to work diligently to ensure the Ordr platform is always vigilant, ready, and able to keep your enterprise as secure as it can be. Do not hesitate to reach out to us if you have any questions about this or other cyberthreats to your organization.
Srinivas Loke is Vice President of Product Management at Ordr. Srinivas has a passion for cybersecurity with a deep understanding of network, end point, cloud and IoT security. Prior to Ordr, he led product teams at Aruba, Pulse Secure, FireEye and McAfee. He loves taking 1.0 products to the market and furthering cutting edge technologies that are solving customer problems.
Follow by Author