Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

SolarWinds - An epic hack exposed our national cybersecurity vulnerabilities - By Scott Tilley

Tuesday, March 2, 2021

Categories: ASCF News Cyber Security

Comments: 0

By Scott Tilley - ASCF Senior Fellow

February 2021

In my January 2021 “Technical Power” column, I discussed three topics of interest that could affect our national security more than any other year so far: cybersecurity, supply chains, and biomedical engineering. At the start of the COVID-19 pandemic, we experienced severe supply chain issues for items such as personal protective equipment (PPE). Several countries are still struggling with vaccine supply chains. More recently, many industry sectors (e.g., automotive) have been negatively affected by supply chain shortages related to semiconductors.

Unfortunately, we’ve already experienced the deleterious consequences of cybersecurity shortcomings on a grand scale. Ironically, this breach also involved supply chains – but the “supplies” are software products. I’m talking about the epic hack of SolarWinds.

SolarWinds is an Austin, Texas-based company that makes software products to help large-scale enterprises manage their computer networks. One of their products is called Orion, which the SolarWinds website describes as “a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environments.” Orion is reportedly used by over 18,000 customers, including numerous U.S. federal government agencies such as the Department of Justice, the State Department, the Treasury, and Homeland Security.

The Orion platform was hacked in March 2020. The hack was discovered by a leading cybersecurity firm called FireEye, which was investigating a breach of their own systems. They used Orion too. FireEye notified SolarWinds and the authorities, which led experts from Carnegie Mellon University’s Software Engineering Institute to become involved through their Community Emergency Response Team (CERT) and other cybersecurity divisions.

The hack was only discovered in December, which means the culprits behind the hack had access to Orion’s internal data for nearly ten months. In fact, the damage caused by the hack continues to this day, almost a year later. But it’s the scale of the attack that’s breathtaking: SolarWinds was hacked, but all 18,000 of their customers were made vulnerable.

This hack was a combination of a malware attack and a remote access trojan (RAT) attack. A malware attack is where malicious code is inserted into a program. A trojan is like a software version of the old Trojan Horse, where hackers can enter a computer network from anywhere on the globe. SolarWinds is also an advanced persistent threat (APT) attack, in which intruders illicitly gain access to a network and maintain a long-term presence undetected. CBS called SolarWinds “the most sophisticated cybersecurity attack in American history.”

The attack falls under the broad category of supply chain attacks because the hackers targeted one company to gain access to other companies that use the compromised company’s products – companies that are farther down the supply chain. The attackers gained access to the SolarWinds update server and inserted their malicious code. When a customer installed an updated version of Orion, they became unknowingly infected. In a sense, this was an attack on trust.

It took incredible expertise, patience, and advanced software tools to implement this attack. Most experts believe the SolarWinds hack was the result of many cybersecurity professionals working for a nation-state. In particular, Russia’s Foreign Intelligence Service (SVR) has been named as the likely culprit, although the relevant authorities have provided no public evidence.

One might credibly ask why the federal government didn’t detect the SolarWinds hack since they have tools in place to detect cybersecurity intrusions. For example, the government’s Cybersecurity and Infrastructure Security Agency (CISA) relies on the EINSTEIN system to help other agencies manage their cyber risk. The problem is that most of these tools, including EINSTEIN, can only identify known threats. The SolarWinds hack was novel, so no automated program could detect it. (There are some intrusion detection systems that use artificial intelligence to detect unknown threats as they occur, but these are not yet widely deployed.)

Today’s software systems don’t operate independently; they are tightly integrated with other software components and use networks to provide and access services to other systems. They are incredibly complicated, making it virtually impossible for any person (or team) to fully understand how the system truly works. The Orion breach was actually in the build process, where automated programs “build” or put together the final system, which can be composed of tens of thousands of files. Think of the build process as somewhat like a robotic assembly line. Guarding against such attacks is particularly challenging.

Congress is currently holding hearings on the SolarWinds hack. There is no doubt there’s an urgent need for the entire country to devote more effort to securing our national infrastructure, and increasingly, that means securing our networked computer systems. If we don’t make progress on this, future hacks could be much worse. This time, the attackers seemed satisfied to gather intelligence and send themselves reports of network activity where Orion was installed. They could just as easily deleted files, corrupted systems, and caused a national catastrophe.

– END –

Photo credit

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search