Nicole Perlroth and Glenn Chisholm | Security and the Cyber Arms Race | Summary and Q&A

TL;DR

Nation-state cyber attacks, such as the recent SolarWinds breach, highlight the urgent need for improved cybersecurity measures and a shift towards prioritizing defense.

Key Insights

• 🌍 Nation-state cyber attacks have evolved from individual-focused to state-sponsored campaigns, posing significant risks to national security.
• 👊 The SolarWinds breach highlights the vulnerabilities in supply chain attacks and the need for organizations to prioritize secure coding and vendor security practices.
• 😣 Cyber attacks on critical infrastructure can have severe consequences for public safety, emphasizing the urgency for improved security in vital systems.

Transcript

Read and summarize the transcript of this video on Glasp Reader (beta).

Questions & Answers

Q: How has the landscape of cyber attacks evolved over the past decade?

The increase in nation-state attacks, as highlighted by the SolarWinds breach, has shifted the focus from individual actors like Anonymous to state-sponsored cyber espionage. The market for cyber weapons has also grown, with governments stockpiling vulnerabilities and hackers selling zero-day exploits.

Q: What are the key vulnerabilities in supply chains and how can they be addressed?

Supply chains provide a gateway for attackers to infiltrate systems, as seen in the SolarWinds attack. Organizations need to prioritize secure coding, authentication, and regular vulnerability testing. They should also address the potential risks posed by globalized software development and ensure the security practices of their vendors and partners.

Q: What are the potential consequences of cyber attacks on critical infrastructure?

Cyber attacks on critical infrastructure, such as water treatment facilities, pose significant risks to public safety. Attackers can manipulate systems, cause widespread damage, and potentially harm human lives. It is crucial for organizations to implement robust security measures and proactively monitor their networks to detect and respond to threats.

Q: How can individuals and organizations improve their cybersecurity defenses?

Individuals should practice secure online behavior by using strong, unique passwords, enabling two-factor authentication, and being cautious of phishing attempts. Organizations should focus on secure coding practices, regular vulnerability assessments, and implementing proactive defense strategies, such as continuous monitoring and threat hunting.

Summary

In this video, Sarah Guo interviews Nicole Perlroth, a reporter from The New York Times, and Glenn Chisholm, the co-founder and chief product officer at Obsidian Security. They discuss the recent SolarWinds attack and the importance of cybersecurity in today's interconnected world. They also delve into the challenges of addressing cybersecurity issues and the need for a stronger focus on defense.

Questions & Answers

Q: Can you tell us about your role at The New York Times and the book you just released?

Nicole Perlroth started working at The New York Times in 2011, where she initially wrote about Anonymous and their DDOS attacks. She later investigated nation-state attacks and uncovered the Chinese hack on The New York Times itself. She also had access to the Snowden documents, which revealed the NSA's backdoor access to commercial technology. Her book focuses on the market for hacking tools and the implications for security and vulnerabilities in the United States.

Q: What does Obsidian Security focus on and why did you start the company?

Obsidian Security is focused on securing SAS (software-as-a-service) applications. The team at Obsidian has experience in defending against nation-state attacks and wanted to provide solutions to protect organizations from the increasing threats they face. The company aims to ensure that only authorized users can access SAS applications, prevent breaches, and enable appropriate detection and response capabilities.

Q: How did the SolarWinds attack occur and what were the implications?

The SolarWinds attack involved a Russian nation-state attacker infiltrating SolarWinds' systems and modifying their software. This allowed the attacker to gain access to potentially 18,000 victims. The attacker targeted organizations such as the Treasury and the Department of Homeland Security (DHS) and focused on monitoring email communication and accessing valuable data. The attack also targeted other organizations, including FireEye and Microsoft. The attack highlighted the vulnerability of supply chains and the need for improved security measures.

Q: Why is the SolarWinds attack significant?

The SolarWinds attack is significant because it exposed the widespread impact of nation-state attacks and the vulnerabilities in software supply chains. It demonstrated that even major technology companies and government organizations are susceptible to such attacks. The attack also raised concerns about the broader implications of cyber espionage, as it involved the monitoring of sensitive communications and potential access to critical infrastructure systems.

Q: How did major organizations and government agencies with significant resources get compromised for such a long period of time?

The compromise of major organizations and government agencies can be attributed to a combination of factors. One factor is complacency, as there was a perception that nation-state attacks were diminishing and the focus shifted elsewhere. Additionally, the attackers had sufficient resources to carry out a prolonged attack, and organizations may have overlooked critical security measures. The challenge lies in the constant need for proactive defense and the ability to detect and respond to sophisticated attacks.

Q: How can organizations improve their security and defense without slowing down technological advancements?

Organizations can improve their security and defense without sacrificing technological advancements by adopting a secure-by-design approach. This involves building secure code, properly deploying and monitoring systems, protecting configurations, and implementing strong authentication measures. Additionally, organizations should invite ethical hackers to test their systems and ensure the continuous improvement of security capabilities. It is crucial to strike a balance between agility and security, constantly adapting to evolving threats while maintaining robust defense measures.

Q: What changes do you hope to see in terms of cybersecurity policy and practices?

From a policy perspective, there is a need to incentivize organizations to prioritize security by design. This could include tax credits for those practicing secure software design. It is critical to take stock of the software and systems in use, understand their vulnerabilities, and ensure that vendors prioritize security. At an individual level, practicing good cybersecurity hygiene, such as using strong passwords and enabling two-factor authentication, is essential. There should also be a focus on minimizing vulnerabilities and enhancing defense capabilities to prevent attacks on critical infrastructure.

Q: How are organizations handling the aftermath of attacks like the SolarWinds incident?

Organizations' responses to incidents like the SolarWinds attack vary. The best organizations proactively investigate breaches, quantify the impact, and share information to help others understand and mitigate the attack. Organizations that respond effectively have well-developed detection capabilities, which enable them to identify breaches early and respond promptly. On the other hand, organizations that deny or downplay the problem are the most dangerous, as they fail to address vulnerabilities and continue to expose themselves to further attacks.

Q: How do you address the structural issue of nation-states outsourcing cyber attacks to contractors?

Addressing the issue of nation-states outsourcing cyber attacks is challenging but necessary. While offensive capabilities remain important, a greater focus on defense is needed. It is crucial to secure software code, implement strong authentication measures, and incentivize organizations to prioritize security by design. The reality is that adversaries can cause significant damage with relatively limited resources, and it is essential to recognize the vulnerabilities inherent in interconnected systems. Strengthening defense measures is necessary to protect critical infrastructure and sensitive data.

Q: Why should individuals and organizations care about cybersecurity if they are not directly involved in critical infrastructure?

Cybersecurity matters to individuals and organizations even if they are not directly involved in critical infrastructure. Data breaches can result in the exposure of personal and sensitive information, leading to identity theft and financial loss. Furthermore, compromised systems can be used to launch attacks on other organizations or individuals, contributing to the overall instability of the digital ecosystem. It is important to recognize that cybersecurity is not just a concern for specific sectors but affects everyone who relies on technology in their daily lives.

Q: What are the challenges in achieving long-term victories in cybersecurity?

Achieving long-term victories in cybersecurity is challenging because attackers are persistent and continue to evolve their tactics. Organizations need to adopt a proactive approach to security, continuously updating and improving their defenses. It is crucial to anticipate breaches and focus on detection and response capabilities. The psychology of never assuming victory and constantly evolving security measures is a fundamental mindset to address the evolving threat landscape and minimize the impact of cyber attacks.

Summary & Key Takeaways

• Nicole Perlroth, a reporter at The New York Times, discusses her role in investigating cyber attacks and the release of her book on the cyber weapons market.

• Glenn Chisholm, co-founder of Obsidian Security, discusses the importance of securing SaaS applications and the need for organizations to focus on defense.

• The SolarWinds breach, carried out by Russian hackers, exemplifies the vulnerabilities in supply chain attacks and the potential for widespread damage to critical infrastructure.