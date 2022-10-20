Comment on this story Comment Gift Article Share

Welcome to The Cybersecurity 202! As a fan of slow burns, “Star Wars” and Tony Gilroy, my complete lack of interest in “Andor” has been baffling. The last two episodes, though, have finally hooked me. Below: The White House hosts a meeting on cybersecurity labeling, and Brazil arrests a suspect allegedly connected to a notorious hacking gang. But first:

The U.S. is entering a high-risk period with China and Russia in the cyber domain

The United States and its allies are in a period of rising conflict with China and Russia that raises the risks in cyberspace, a top cyber expert told me at a Washington Post Live event Wednesday.

“I do think we're about to enter probably one of the most dangerous times that we've had in the history of the cyber domain when it comes to our infrastructure here in the West, both because of what Russia may be doing against us as well as China, where we are both simultaneously entering a time of confrontation with both countries,” said Dmitri Alperovitch, founder of the Silverado Policy Accelerator.

.@DAlperovitch says, “What I do think we're about to enter is probably one of the most dangerous times that we've had in the history of the cyber domain when it comes to our infrastructure here in the West. Both because what Russia may be doing against us, as well as China." pic.twitter.com/HJqrs2ZILq — Washington Post Live (@PostLive) October 19, 2022

As a longtime cyber observer, Alperovitch isn’t prone to exaggerate risks, and at times during our conversation he spoke about the ways in which cyberthreats aren’t as severe as some others might think.

Advertisement

Another sober voice on cybersecurity is Rep. Jim Langevin (D-R.I.), who told me during the same Washington Post Live event that China is perhaps the most worrisome U.S. cyberspace foe when it comes to damage to the economy.

China and Russia

Ukraine and Poland have both blamed Russia for explosions three weeks ago that caused ruptures of the Nord Stream 1 and 2 pipelines, which transport fuel from Russia to Germany. Moscow has replied by blaming the United States, which likewise has denied involvement.

If proof emerges that Russian President Vladimir Putin is behind any sabotage as he escalates the war in Ukraine in desperation over losing territory, “that is a very ominous sign that they're willing to directly attack infrastructure that could have potentially been of use down the road to the West,” Alperovitch said. “It shows that as he's escalating his rhetoric, including the use of nuclear threats, as he's mobilizing the Russian public, he may be willing to target the West, and cyber probably is going to be his first weapon of choice.”

Advertisement

Russia has shown an inclination toward messing with the energy sector via both physical and cyber attacks, Alperovitch said, noting Russian medial’s preoccupation with rising U.S. gas prices after last year’s Colonial Pipeline ransomware attack.

China, meanwhile, is likely to retaliate against the United States over the Biden administration's export controls restricting U.S. companies from selling semiconductors and chip-making tools to China, Alperovitch predicted.

Alperovitch is among the experts who consider the restrictions some of the most dramatic the United States has enacted . It’s a big deal because it targets an entire sector and also cuts off access to U.S. talent, he said.

“This is, I believe, a declaration of economic war,” he said. “It is absolutely going to basically crush [Chinese President] Xi Jinping 's plans to achieve chip independence by 2025, a key goal that he has had for more than a decade now, and is going to absolutely destroy their efforts at advancing their advanced technology industry over the coming decade.”

And China isn’t likely to “take it sitting down,” Alperovitch said. It’s preoccupied this week with the Communist Party Congress , but afterward Xi will likely take action “both against American companies in China as well as potentially through cyber operations to try to compensate for the loss of access to technology with IP theft. I don't think it's going to be enough, but they're going to keep trying.”

.@DAlperovitch tells @timstarks, "This is, I believe a declaration of economic war. It is absolutely going to crush Xi Jinping's plans to achieve chip independence by 2025... I doubt that they'll take it sitting down." pic.twitter.com/G7VXq7AQ5q — Washington Post Live (@PostLive) October 19, 2022

Langevin is likewise worried about Chinese pilfering.

“China uses cyber not only for espionage but also for theft of intellectual property,” Langevin said. According to FBI Director Christopher A. Wray, he said, “they're stealing to the tune of probably trillions of dollars, and that leads to loss of productivity. It costs American jobs, and China has been, unfortunately, relatively unrestrained, and I think that's an area we need to work harder to push back on China and their malicious cyber activity.”

.@JimLangevin tells @timstarks, "Clearly, Russia, China, Iran, North Korea are among the top four of the bad actors out there that we have to worry about." pic.twitter.com/s9HJJnB5K4 — Washington Post Live (@PostLive) October 19, 2022

How to impose order, consequences

Advertisement

It’s important for the international community to come together on cyber “norms” that everyone adheres to — lines that no one will cross, Langevin said. “Think about the idea of not attacking another nation's critical infrastructure in peacetime or a financial system and those types of things,” he said.

But just as importantly, allies need to take action to punish those who violate norms, both Langevin and Alperovitch said.

That said, the United States shouldn’t get into a “tit-for-tat” with Russia, which doesn’t constrain itself with the rules of war, Alperovitch said. It should instead confine itself to retaliation for attacks that are truly disruptive to the U.S. economy or national security. In response, it should demonstrate U.S. capabilities to take adversaries offline, even if only for an hour, he said.

.@DAlperovitch tells @timstarks, “Instead of getting into a tit-for-tat in cyber with Russia... The best way to do that is to demonstrate our ability to actually take them offline... To show them what we are capable of if they don't stop this activity." pic.twitter.com/RpyVTQMZEZ — Washington Post Live (@PostLive) October 19, 2022

“Any type of disruptive attack that targets our financial sector or targets our energy sector, of course, is going to be impactful,” Alperovitch said, before sounding a note of calm about major cyberattacks. “But the one thing to remember and the one thing that the Ukraine conflict shows uniquely well is that no cyberattack is likely to have long-lasting impact. … We're going to get through this. It may be painful for a few days, but ultimately, the good thing about cyber is that it rarely causes physical destruction.”

The keys

White House hosts meeting on labeling internet-connected devices

Industry and government leaders met at the White House to talk about the connected-device labeling initiative, which Biden administration officials want to launch in the spring, CyberScoop’s Suzanne Smalley and Tonya Riley report. Government officials like FCC Chairwoman Jessica Rosenworcel, as well as tech associations and executives from eight major tech companies, attended the meeting.

Advertisement

“The meeting focused on the implementation of the program with a focus on issues such as how to ensure labels match international standards, how to design a barcode to ensure consumers can find timely information about a product online and how to raise overall consumer awareness of IoT vulnerabilities,” Smalley and Riley write. Initially, government officials aim to implement voluntary standards for very vulnerable internet-connected devices like routers.

The program will probably rate devices on standards like fixing vulnerabilities, data collection, encryption and interoperability, a White House official told reports.

Brazilian authorities arrest Lapsus$-linked suspect

The arrest in the northeastern city of Feira de Santana came after Brazilian authorities investigated the hacking group’s December 2021 breach of Brazil’s Health Ministry, Bleeping Computer’s Sergiu Gatlan reports. It comes months after law enforcement in the United Kingdom charged two teenagers after an investigation into the hacking group.

Advertisement

“Besides the Ministry of Health, the group also targeted dozens of other Brazilian Federal Government bodies and entities, including the Ministry of Economy, the Comptroller General of the Union, and the Federal Highway Police,” Gatlan writes. Lapsus$ has also claimed responsibility for a string of high-profile hacks of major technology companies like Microsoft and Samsung.

“In many cases, the extortion group also leaked closed source code and proprietary data stolen from their victims, leading to massive data leaks,” Gatlan writes. “Most Lapsus$ members are believed to be teenagers driven not by financial motivation but mainly by their goal of making a name on the hacking scene.”

Government scan

Securing the ballot

National security watch

Industry report

Daybook

Jen Easterly at Mandiant’s mWISE conference today. CISA Director speaks at Mandiant’s mWISE conference today.

Secure log off

Thanks for reading. See you tomorrow.

GiftOutline Gift Article