TechRepublic's Dan Patterson spoke with Jack Rice, a former CIA case-officer, now a journalist and attorney, regarding the recent alerts of Russian attacks which target IoT devices for information, control and theft.
Watch the video, or read the full transcript of their conversation below:
Patterson: US-CERT recently issued a warning that Russian state-sponsored cyber actors are targeting network infrastructure devices. This means IoT, all of those smart devices we put in our homes, in our offices. Jack, thanks a lot for your time today. When we hear of cyber actors targeting network devices and involved in other forms of cyber meddling, first, help us understand. This is not a partisan, political issue, but is a real issue that affects everyone from consumers to business to government. What type of meddling is US-CERT talking about?
Rice: This is real, Dan. I mean, that's the difference here. This isn't about politics. This is certainly not about left and right, and this is a world-wide phenomenon. In the past, the concerns were always about criminality. The idea that one company might try to take down another or there might be at least some small piece of a state-sponsored actor, playing a role to support that criminality. This is fundamentally different because it's the criminal element and a full-throated approach and effort by state-sponsored workers, and countries themselves, to actually step in and do this. When you try to stop something like that, you're literally trying to stop an entire nation. That's the kind of threat we're talking about.
Patterson: Jack, you were recently in Russia, as well as other states in Eastern Europe. When you observe cyber activity or other forms of non-kinetic, aggressive activity, who are the targets and who are the actors, especially when US-CERT says that foreign actors are behaving in such and such way. What type of actors are they referring to?
Rice: They're talking about the Russians. I mean, let's be clear about this. It's interesting that there's actually this debate about this and I understand, again, in the States, what we see is sometimes people will make this argument about global warming. This is not a global-warming argument. It simply is not. When we talk about a high-level of confidence from the intelligence community that it's the Russians, that is literally as high as you're going to get. In other words, it is the Russians. We have to look back historically and here's the bottom line. Is that what we know is that all state actors, and I will include the United States, have made efforts to try to manipulate elections around the world. That's simply a fact. We can go back literally decades, generations really, the idea that we're trying to place certain people in positions of power in various places around the world. That can be the U.S. That could be the Brits. That could be the Germans. That could be the Israelis. That could be the Chinese and, yes, that can be the Russians.
In this particular case, the Russians have made a very concerted effort to reach around the world and to have a very, very, even oversized, impact for who they are. This is one of the arrows in their quiver. This is a piece of their arsenal and they are flexing their muscles. They are using it, and let's be clear, they will be using it in the upcoming election and the ones to follow. This isn't a hypothetical. This is for real.
Patterson: When we say, or when you say, or when US-CERT says that these are Russian actors. Is this the Russian government? Is this the oligarchs? Is this organized crime? A combination of all of those? What particular actors would be involved and does that give the government any form of credible deniability?
Rice: The answer is yes. I mean, in the end, well actually, let me clarify. The answer is yes to all of the list of people and does that give them any real deniability? No it doesn't, because, and I can talk to you about this, when I was in Moscow, when I was in the south, when I was in parts of Russia that were actually closed cities during the Soviet times, and what I can tell you is, what's going on right now in Russia, happens because Vladimir Putin wants it to happen. We can talk about his oligarchs, but his oligarchs, right now, and everybody else in Russia, they're talking about one thing. Not just about the idea that Vladimir Putin is actually running the country, but what could potentially happen after Vladimir Putin. Because, remember, all of these oligarchs have the power that they have because they are close to Vladimir Putin. What we have found is, those who have run across Vladimir Putin and ignored him, or worse, attacked him, have actually lost their power. Have actually been jailed. Some have died under very unusual circumstances.
Realistically, if something is going on inside of Russia. If something is being done within Russia that is attacking somewhere outside of Russia, it's happening because Putin wants it to happen. You would not be in such a position to say, here's what I'm going to do. Unilaterally, I'm going to go out on my own, out on a proverbial limb, and start attacking computer systems in Britain, in France, in New York in Miami and Los Angeles, because I want to. If you're going to do it, you're going to do it because President Putin wants you to do it.
Patterson: This was a joint, technical alert that includes DHS, FBI, NCSC and other organizations, including UK organizations. What does a typical U.S. response to a cyber attack against critical infrastructure?
Rice: In this particular case, the idea that the Americans, again, the bureau, Department of Homeland Security, are working more closely with the Brits, is an incredibly positive response. This has to be done in this way because this is a worldwide threat. And in fact, the Americans and the Brits work very, very well together. They have historically. They hadn't worked as well on this issue because, relatively speaking, this is a new kind of threat. Their willingness to step in and work, sort of, backward ... they're working together, but they're working outward into the world, but even within their own countries, to try to convince people to do certain things.
Bottom line, the bottom line is, is that what we're seeing on a worldwide basis, is the ability to break into all sorts of systems, be they residential, be they large government, be they primary businesses. The way you do that frequently, is because you simply don't have good password protection. Sometimes, people don't have any password protection at all. As a result of that, you find your way in in the easiest way possible, and if you can break your way into any perimeter, you don't need to get in in 15 different ways, or 500 different ways, all you need is one. That's something that large corporations, small corporations, and even individuals, have to contemplate.
Patterson: Jack, this may seem like a very elementary question, but it's important. What are the goals of Russian actors and other foreign actors, when they engage in cyber war?
SEE: IT leader's guide to the threat of cyberwarfare (Tech Pro Research)
Rice: The goals, ultimately, are these. Is it about acquiring information? Yes. Is it about acquiring control? Is it about acquiring the ability to break in and to learn more about the systems themselves? Yes. So, in other words, in the short term, sometimes, it is essentially about theft. In the short term. But what this is also about is, and think of it like this, it's a recon operation. Part of what's always going on here, is to determine exactly what it is that's in front of them, because they may not want what's actually there right now, because if you break in and it's clear that something has happened, and there has been a cyber attack, what will happen is that you're going to see a response to it. Which means, it may not be as easy to break in the second, third, fourth or fifth time. What you might just have is the tip of the spear, so to speak, where you simply go in and say, boom, I just found my spot, and then you pull back.
The intention is that some point in the future, when you really want what you want, you're going to move into this. This is one of the reasons we have seen state actors, specifically like the Russians, working their way into election systems dealing with individual states. The purpose was to understand what their systems were doing, how they were doing it and how they were responding. Then they could actually go two or three steps ahead of those systems so when, dare I say this, November comes, or October comes, or 2020 comes, they're going to be two, three, four, five, six steps above those various state actors, other state actors, but also against those states themselves that are trying to protect themselves from the Russians. You got to think about what that means.
Patterson: Jack, what's the takeaway, the bottom line, especially for business, whether they're SMBs, startups, enterprise companies, consumers and government as well, but we know that the government is responding through this joint technical alert from DHS, FBI and NCSC, but how should businesses defend themselves and what's the primary takeaway for business and for consumers?
Rice:I think the biggest concern, Dan, is this. Is that, I can imagine if you're an individual or you're the director of security for your company and you just assume, oh, we're just a small bit player. We're just small. We're just inconsequential. I mean, the Russians don't care about us. They don't even know who we are. They don't really know what's going on or nobody else particularly cares either. That's the problem. What you really need to do is understand that you don't have to be too small.
- When hackers attack a country, they use the same flaws impacting your business (TechRepublic)
- Why cybersecurity pros should pay attention to recent warnings about Russian attacks (TechRepublic)
- US-CERT recently issued a major cybersecurity warning for the Olympic Games (TechRepublic)
- UK hit by 49 cyberattacks from Russian groups in six months says Amber Rudd (ZDNet)
- US slaps new sanctions on Russia over NotPetya cyberattack, election meddling (ZDNet)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.