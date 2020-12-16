Meh. If you are aware of the film that I ripped this column’s title from—substitute “coming” for “hacking” and search your favorite streaming or on demand system—you understand that we’ve had a long, ah-hem, relationship with Russia. They’re ensconced in every major political maneuver. We’ve arguably never subsided our mutually cold war with each other. In the 1960s, the great Carl Reiner (R.I.P., as lost from our entertainment this past June) joined Eva Marie Saint, Alan Arkin, and a cavalcade of comics under Norman Jewison’s hilarious, if not too on-point, satirization of the Cold War from its era.
Fast forward 50 years and we all watched and were abhorred by the continuing Russian meddling in our affairs. We’ve tried, and failed, oh so many times to warm up to the European standout amongst mostly amicable relationships with the rest of the continent. Not all, but most. And, none like Russia, which I realize spans into Asia, too, where Americans aren’t quite held in the same light as in Europe. I’m traipsing around the sad fact that over the weekend it was confirmed that, go figure, those Slavic Putinites invaded not the bucolic coastlines of Cape Cod, as their errant sub found landing in the movie. Nope, the sixties have long passed, and the invasion this time was digital in nature. No less alarming or concerning, but certainly modernized.
Russia’s digital savvy has been proven many times over. From meddling in our elections, alongside Poland’s, South Korea’s France’s, and Ukraine’s, to taking down policing agencies and private industry websites. They have street cred, in the digital domain. The most recent attack was meaningful as any.
The U.S. Department of Treasury, the Commerce Department, and other critical government systems were breached over the weekend. Actually, it was a weekend that wound up a five-year campaign by the Kremlin to infiltrate our data, security, and information systems. Note that the little bit of information shared about the campaign and its targets must be incomplete. There’s no way that some cybersecurity columnist in the “flyover territory” of the U.S. has privy to the whole story; few do, hopefully. Who knows what other security systems, military databases, or similarly key break-ins also occurred? If I may call on my own commentary from recent writings, now’s a fine time to have axed the cybersecurity czar, Chris Krebs. Under the bridge though, so we must move on.
Those in the cybersecurity community have deduced that in Commerce, at the least, its National Telecommunications and Information Administration was compromised as part of the attack. The highest levels of the Executive Branch look to the NTIA as the principal advisor on telecommunications policies, including security. Its Office of International Affairs connects the American telecommunications industry to the world’s network. Policies, marketability, and security are all implicated. The billions of dollars Congress is sending to build up our broadband network (Anyone reading this need some help there?) are administered by the NTIA. Tech imports and exports? Yep, NTIA is involved. Because of just that one piece of the fraudulent puzzle, Homeland Security is mandating that all government agencies, and even private firms that use the same program, disable their network management software that was compromised.
On the Treasury side of the District, Russians upset the cart no less. Now, let’s see. What might the Treasury be doing these days of any importance? It’s rhetorical since our economy’s been reacting to the novel coronavirus pandemic and its countless effects. It’s also a loose question that’s meant to evade any real digging into what these years of hacking means to the Treasury Department. Government officials, the security community, and other stakeholders are either keeping mum, are out of the loop, or both. Said more plainly, the few details about Commerce’s woes tell a rich narrative compared to what we know about the impact on Treasury.
What is known is that the hackers have, for an unknown but too long time, been able to read the Department’s emails. At Saturday’s National Security Council meeting on the attacks, experts deduced the fact that email traffic had been being monitored by the foreign state’s actors. The word “sophisticated” has been used throughout the government’s reporting on the incident. That level of sophistication does not point to “hacktivists” who want to mete out their version of justice through electronic attacks. This is Russia. They’re not fooling around. It will be a while, if ever, before we know what the Treasury piece of the crimes means to our security. Suffice it to say that foreign infiltration into these two American agencies did will satisfy their hunger for intelligence. These attacks provide more doorways into other branches (Congress?) and agencies (Defense, State?).
The FBI, Homeland Security’s Cybersecurity and Infrastructure Security Agency, and other national security contingencies are on it. Yet, again. It really is a theme in this business that carries over from film and TV tropes solidly set long before the Cold War era satires of Jewison, or to one-up his “The Russians are Coming! The Russians are Coming!,” Kubrick’s genius “Dr. Strangelove.” The cops always are chasing the robbers. Russia keeps a’comin’, taking down systems, hacking into emails, subtly or not interfering with the American way. We catch them—à la the weekend’s reports—and more or less wait until another incident happens.
All told, there could be some logic in concluding, as I started this palaver, “meh.” So be it. They’ve been a nuisance for half a century on top of however many decades preceded the digital age. It’s part of our way at this point. Note that that sentiment of blasé could, in and if itself, be the end game for this round of Russian robberies. Plug “complacency breeds” into a web search and you’ll see the auto-complete: mediocrity, failure, or death.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
Commented
Sorry, there are no recent results for popular commented articles.