3 Comments
author

The National Institute of Standards and Technology is doing the yeoman's work here:

https://www.nist.gov/cybersecurity

In addition to NIST taking a role in pushing best practices and standards, there's also a role for the FBI and intelligence community to play in helping secure American businesses and infrastructure by being more transparent about known vulnerabilities that the covert world is aware of and actively exploiting, and switching from a default offensive posture (where discovered flaws are kept secret to be used against adversaries) to a defensive posture (where flaws are disclosed to the relevant parties to secure infrastructure).

"On Monday, Symantec revealed that it had traced how a hacker group it calls Buckeye—also known as APT3 or Gothic Panda and widely believed to be a contractor of the Chinese Ministry of Security Services—used NSA hacking tools apparently intercepted from the networks of NSA targets and repurposed those tools to use against other victims, including US allies. Most notably, Symantec says, the Chinese group's hacking had planted an NSA backdoor on the network of its victims using a zero-day vulnerability in Microsoft's Server Message Block (SMB) software, also seemingly learned by studying the NSA's hacking tools."

"That newly revealed hijacking of the NSA's intrusion techniques doesn't just dredge up longstanding questions about how and when the NSA should secretly exploit software vulnerabilities to use for spying rather than help software companies to fix them. It also adds another chapter to the strange story of this particular zero-day's journey: Created by the NSA, intercepted by China, later stolen and leaked by another mysterious hacker group known as the Shadow Brokers, and ultimately used by North Korea and Russia in two of the most damaging and costly cyberattacks in history."

https://www.wired.com/story/nsa-zero-day-symantec-buckeye-china/

Expand full comment

This is perhaps where an entirely separate network and connected devices, not touching the internet at all, is required for vital infrastructure. Good practices will still be needed, but physical separation is still a useful (if expensive) strategy.

Expand full comment