• ORNA

Can the US Withstand a Cyberwar?

A hot topic among all circles within various cybersecurity communities, especially among hackers is the question, "Is the United States strong enough to sustain itself against a large-scale cyberattack?"


For those of us who live in the US, the fact that we are discussing this topic at all could indicate that some harbor doubts.


After all, cyberattacks continue to be rolled out against one of the world’s superpowers by Russia, and other state-backed hackers. But ask yourselves this: "What would happen if the tables were turned? What if there was a rallying cry across social media, decrying grievances against the US? What if all the hackers of the world united in solidarity and turned their attention to attacking US infrastructure?"


I’m certainly not talking about defacing some government websites. That has nothing to do with hacking the government. Those sites are for the public, not the government. I’m talking about targets that affect real life.


While attacking government websites may look fascinating and worth the street cred, when the same activities are launched against private businesses, there is an economic impact when products can’t be sold, or when customers' personal information is compromised and they take their business elsewhere. Also, when customers can’t access information to help them find local establishments or locate products to buy. Money is lost. This doesn’t even factor in the out-of-pocket costs for remediation of damages.


This could be considered the equivalent of the individuals who aren’t engaged in activist activities at protest rallies, but rather, are found vandalizing store property, creating victims out of individuals who ostensibly have no stake in the protest, but are merely trying to run a business.



Adversarial Cyberpower


Let's talk about critical network infrastructure. This is something I am familiar with. I was the first person in recent US history to ever be convicted for corrupting industrial control systems. The target was healthcare systems. But what would happen if an intruder intended to crash healthcare systems?


Another target I attempted to break into was a remote desktop which consisted of multiple domains belonging to the city of Dallas. These systems controlled waste management, aviation, the fire department, water utilities, and so on.


While the attack was not successful, which is a matter of public record, most of these domains were connected to industrial control systems, which cities and people depend upon. Damaging these systems would be like throwing sand in the gears or pouring sugar into the gas tank that fuels critical functions of the city. I was young and wanted to see if I could do it. But the next person to attempt the intrusion most likely won’t be driven by blind curiosity.


According to Glenn S. Gerstell, a senior adviser at the Center for Strategic and International Studies (CSIS), who also served as general counsel of the National Security Agency (NSA), the US is not ready for a cyber war. Gerstell said:



“If we had approached this correctly 20 years ago, we would be largely invulnerable to cyber attacks. But unfortunately, that is not the case.”


The real risk isn’t the army of botnets or defacements or data dumps that pose the greatest threat to the sustainability of the country. It's the highly sophisticated APT groups that know exactly how to carry out effective attacks that negatively impact businesses and the country as a whole.


For example, Russia has weaponized very effective cyberattacks in past times, targeting the US and other countries. One does not need to look far to know what Russia alone is capable of doing when we look at SolarWinds, the Colonial Pipeline attack, or the plethora of ransomware attacks that have hit every industry in the US.



Better Late Than Never


Ever since the Obama Administration, there have been incremental steps toward US government agencies taking a more proactive approach to cybersecurity. But it’s been a relatively slow evolution when involving the alphabet soup of different agencies.


This could largely be due to the fact there was no central cybersecurity authority in place with a standard to help guide various agencies with a cybersecurity blueprint to help defend them against the latest vulnerabilities and attack trends. Navigating the security landscape can be daunting, due to the variety of persistent threats at play.


Thanks to the Cybersecurity and Infrastructure Security Agency (CISA), which is a component of the Department of Homeland Security (DHS), US cybersecurity now has an infrastructure equipped to help get federal agencies and companies moving.


Until now, the US has taken a rather passive approach as it relates to securing potential internet access points from threat actors. Not until the CISA began issuing a series of mandates and emergency directives, to expedite the fixing of common vulnerabilities such as the Apache Log4j bug, everything ostensibly remained as it always was.


But while the US may be a superpower in other arenas, it is certainly not a superpower as it relates to cybersecurity, nor is it ready to dominate cyberspace just yet.


The scary part is, hackers are privy to this. But the good news is, I’m certain the CISA knows this too. As the old adage goes, “better late than never.”


If the CISA, government agencies, and cooperating private companies continue on this trajectory, in the unfortunate event we ever find ourselves as a country in the crosshairs of cyber warfare from an army of hackers or nation-state actors, we will be better prepared to handle the brunt of the blow with fewer damages than if we had faced such an attack a decade ago.


There’s still much work to do.



An article by

Jesse McGraw


Edited by

Anne Caminer

9 views
Screen Shot 2022-06-13 at 4.57.16 PM.png

Detect, respond, prevent and SOAR with ORNA

Subscribe

Weekly cyber insights

Thanks for submitting!