The Thursday discussion, which was moderated by John Carlin, chair of the Cybersecurity and Technology program at The Aspen Institute, aimed to answer three questions: How did the cybersecurity defenses fail so severely, the long-term risks and what to do now?
To answer these questions, The Aspen Institute turned to Sen. Mark Warner, D-Va.; Kevin Mandia, the CEO of cybersecurity firm FireEye; and Katie Moussouris, the founder and CEO of Luta Security.
The alleged Russian cyberattack, which initially took place in the spring of 2020, was first discovered by FireEye on Dec. 9. After extensive research into the specifics of the attack, Mandia and his team alerted government officials.
“In this particular case, we noticed that someone was accessing our network with a registered device associated with one of our employees,” he said. “We asked the employee if they recently registered the device, to which they replied no, and it was then that we realized that someone was bypassing our two-factor authentication process to appear as someone within our company.”
Through this process, hackers were able to open a backdoor that allowed them to access information from the company and countless others.
Since then, the government and companies like FireEye, Microsoft and other cybersecurity firms have been working together to determine how many companies and government organizations have been compromised and how these issues can be remedied.
The panelists agreed that implementing certain measures, such as setting cyberspace norms and best practices as well as working together with companies and organizations in both the public and private sectors, is key.
“We need to define this and make it clear as to how many other private entities and foreign nations have been attacked,” Sen. Warner said. “If there are international and domestic norms in place focused on organizations and companies reporting all suspicious cyberactivity, we can fight back against cyberattacks.”
There needs to be truth and a rule of law in place to identify the bad guys and come up with a counter-strategy, Sen. Warner offered.
Moussouris agreed, saying, “It’s about deciding what norms we want to exemplify in the world and balancing what our example should be in setting those behaviors and acts.”
As for Mandia’s response to this issue, he said, “the best way to crack down on bad actors is by taking a hard stand and having a hard policy in place that focuses on international cooperation.”
The conversation around furthering international and domestic policy was punctuated by the announcement that Department of Commerce Deputy Assistant Secretary for Intelligence and Security John Costello was resigning following the riot and storming of the U.S. Capitol by supporters of President Trump on Jan. 6.
Today, I resigned my position as Deputy Assistant Secretary of Commerce for Intelligence and Security. pic.twitter.com/x8d6qCczok
“Today [Jan. 7], I resigned my position as Deputy Assistant Secretary of Commerce For Intelligence and Security at the Department of Commerce,” Mr. Costello said. “Yesterday’s events were an unprecedented attack on the core of our democracy - incited by a sitting president.”
“During my time in office,” he said, “I strove to further cybersecurity and national security on behalf of the American people. I am sorry to leave that work unfinished, but yesterday’s events leave me no choice.”
However, the panelists remain hopeful that cybersecurity will be taken seriously by the incoming administration and that all current and potential risks will be addressed post-transition.
“Despite losing time due to the disorganization of the soon-to-be previous administration,” Moussouris said, “we hope that with this new administration we can get a better understanding of what we are up against and get it right this time.”
Looking forward, Sen. Warner said, “educating government officials, creating a system for companies and organizations to report any suspicious cyberactivity, and discussing these issues is critical in preventing future attacks.”
As for what companies and organizations can do now to monitor and prevent any potential cybersecurity risks, Moussouris said understanding how their supply chain works and whether or not they are prepared to work against these attacks is important.
“By knowing what’s in your supply chain and how prepared it is to work for you, companies can create a baseline-level response to address these issues,” she said. “By knowing this information, it could help prevent future attacks.”