23 June 2015

Corporate America Enters the Cyber War Room

By ADAM KLASFELD 

Wrapping up a three-part series, the lawyer behind the biggest cybersecurity investigation in U.S. Army history sheds light on corporate operations centers where CEOs brace for breaches.

MANHATTAN (CN) - In corporate operations centers cropping up across America, CEOs and other executives have huddled to contemplate the possibility that the latest headline-grabbing cyberattacks might strike their enterprises.

Simulating an exercise, former Maj. Ashden Fein sounded off: "OK, your servers have been compromised by an organized crime syndicate from the old Eastern Bloc, and they have installed Cryptolocker on your servers."

Having capped off his 13-year military career last year with the biggest cybersecurity prosecution in Army history, Fein transitioned to the Reserves and now helps a confidential list of clients respond to crisis scenarios for the Washington-based law firm Covington & Burling.

The hypothetical he gave was not a fanciful one.

It's been nearly two years since Cryptolocker infected roughly 500,000 computers whose owners found their data frozen under encryption unless they paid a ransom by a deadline.

U.S. authorities charged Evgeniy Bogachev as the ringleader of a Russian and Ukrainian gang behind this malware last year. In addition to Cryptolocker, the gang deployed Gameover Zeus software that captured the banking credentials of infected computers. Prosecutors estimate that both caused more than $100 million in losses around the world.

Fein said some executives begin preparing for this kind of threat by gathering in a "war room."

"You start envisioning how Gen. Petreaus' or Gen. McChrystal's operations centers looked," he said. "It would probably be something like that."

"Probably scaled down a little," Fein added with a laugh.

Tabletop exercises center around incident-response plans, which Fein described as a blueprint for handling such events as a major data breach or network sabotage of an industrial control mechanism.

The C-Suite staff, including the CEO and the president, might be in there "for a few hours," but simulations could be a "full-day event" for the workers, he added.

Hashing out the appropriate Secret Service contacts and protocols might even bring early meetings between staffers and law-enforcement officials, Fein said.

"Well-prepared organizations can better handle the fog of war, if they've rehearsed their plans, and they've developed one to rehearse," he noted.

The former prosecutor's advice echoes the Department of Justice's cybersecurity "best practices" released this April.

Two days after assuming office, Attorney General Loretta Lynch spoke about the release of this guidance at a cybersecurity industry roundtable in Washington.

"We have a mutual and compelling interest in developing comprehensive strategies for confronting this threat, and it is imperative that our strategies evolve along with those of the hackers searching for new areas of weakness," Lynch told private-sector leaders in the audience.

Bloomberg Business picked up on the theme too in an article "JPMorgan Goes to War," which reported on the megabank's opening of a center near the National Security Agency's headquarters in Ft. Meade, Md., to recruit cyberwarriors.

It was at Ft. Meade where Fein in just his early 30s prosecuted the most-visible case of his Army career: the court-martial of WikiLeaks source Chelsea Manning. 

But it's not just JPMorgan Chase militarizing their cybersecurity responses.

While the largest corporations have performed these exercises for years, the phenomenon caught on about 18 months ago in the wake of the Target attacks. After Sony's servers wound up in the grip of the so-called "Guardians of Peace," who exposed more than 173,000 of the company's internal emails on Dec. 16, 2014, the trend exploded.

WikiLeaks founder Julian Assange later defended his publication of the Sony emails as being in the public interest.

"This archive shows the inner workings of an influential multinational corporation," Assange said in an April 6 statement. "It is newsworthy and at the center of a geopolitical conflict."

Assange's argument parallels what he said five years ago about why WikiLeaks disseminated Manning's trove of hundreds of thousands of U.S. military and diplomatic files.

Sony meanwhile echoed the government in accusing the publisher of complicity in criminal acts. Such condemnation failed, however, to cow WikiLeaks from releasing a second tranche of more than 276,000 emails on Thursday.

While Manning is serving a 35-year prison sentence for the leaks, today marks Assange's third year holed up inside London's Ecuadorean embassy. The website leader has sought refuge from a Swedish probe into sexual-misconduct allegations that he believes U.S. prosecutors will exploit for their own aims. A federal court order suggests that the criminal investigation of WikiLeaks remains ongoing.

Lobbying for the passage of the Cybersecurity Information Sharing Act (CISA) meanwhile shows how corporate America is marking a route through Capitol Hill to the U.S. military on cybersecurity issues.

Rejected in the Senate on June 11, CISA would have given the Office of the Director of National Intelligence, the Department of Homeland Security, the Department of Defense and the Department of Justice latitude to share classified information about cyberthreat "indicators" with "private entities."

Although the bill's supporters deemed this necessary to prevent the next large-scale attack, the public has grown wary of the government and corporate America joining forces on data sharing. Former NSA contractor Edward Snowden's revelations that Verizon shared the data of millions of customers with the NSA led to a federal appeals court to declare the program illegal.

Congress recently passed the U.S.A. Freedom Act to restrain the NSA's surveillance, and some critics describe CISA as a back door for the agency to regain its lost power.

Civil-liberty concerns notwithstanding, partisanship had a big role in the bill's failure.

Sen. Majority Leader Mitch McConnell, R-Ky., had tried to attach it to an annual military appropriations bill that President Barack Obama promised to veto. The White House accused some of "playing politics" with security.

The vote fell less than a week after a hack of government servers extracted the personal information of at least 4 million federal workers.

Click the hyperlinked text to return to Part I of this series, "WikiLeaks Prosecutor Charts Rise of Insider-Threat Boom," or to Part II, "Manning Prosecutor Breaks Silence on WikiLeaks Case."

No comments: