A FireEye information analyst works in front of a screen showing a near real-time map tracking cyber threats at the FireEye office in Milpitas, California.
Beck Diefenbach | Reuters
Following this week’s breach of several federal agencies, a new CNBC survey of technology executives found that most believe state-sponsored cyber warfare is the most dangerous threat to their company or organization. And while half (50%) of technology executives believe that state attacks pose the biggest threat, 32% of those surveyed also said that defining a national cybersecurity protocol should be the top priority for the incoming Biden administration and new Congress.
“Action by the incoming administration — national leadership across policy, strategy, diplomacy, and operations — in consultation with the private sector, must complement private sector actions, to protect the nation’s infrastructures, hard-earned economic advantages and personal privacy,” says Phil Quade, chief information security officer for Fortinet. Quade is a member of CNBC’s Technology Executive Council.
Quade has been outspoken about the need for a national cybersecurity coordinator within the incoming Biden administration. In a recent Op-ed, he wrote: “Our nation had a cybersecurity coordinator on the National Security Council during the Bush and Obama administrations — a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons. In 2018 that position was eliminated. At the time, national security adviser John R. Bolton said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a ‘core function’ of the president’s national security team. Now it’s time for President-elect Biden to fill that position again.”
This past weekend, Reuters reported on a hack by “persons unknown” at the U.S. Treasury and Commerce Departments, in which attackers were monitoring email traffic inside the agencies’ organization focused on Internet and policy. Those breaches later led to a National Security Council (NSC) meeting at the White House on Saturday. At the time, the FBI investigation into those breaches was still in its early stages.
On Sunday night, computer security company FireEye released additional details on this attack in several blog posts, stating that it began earlier this Spring and was “global in scope,” hitting both public and private institutions around the world. Additionally, FireEye said that the attack uses IT infrastructure software that’s widely used by companies and government entities to get in and stealthily gather information once the malware has been installed.
Rooting out malware and bad actors
Last week, shares of FireEye fell as much as 8% in extended trading on Tuesday after the company disclosed details of its own cyberattack that the company believes was also carried out by a state-sponsored actor.
According to the FireEye, the malware used in recent federal breaches lies dormant for two weeks before beginning to gather information and report back to who’s presumed to be nation-state hackers. And while the Russians have denied responsibility, FireEye says there have been a lot of organizations that have been affected and they’re in the process of notifying them. According to reporting from CNBC’s Eamon Javers, the federal government said Sunday that they are trying to root this malware out as quickly as possible and have ordered all federal agencies to stop using the software in question.
“If this is, in fact, a nation state actor, if it is Russia, these people invest a lot of resources to affect this kind of hack,” said former national intelligence principal deputy director Sue Gordon Monday on CNBC’s “Squawk Box“. “So it may not be that everyone who has this software is going to be affected, but if you have this software you should know and start taking precautions.”
Last week, documents related to the development of the Pfizer-BioNTech Covid-19 vaccine were “unlawfully accessed” in a cyberattack on the European Medicines Agency, which followed previous reporting that hackers have also been trying to attack the cold storage supply chain used to transport Covid-19 vaccines at low temperatures. IBM researchers warned that a nation state was likely to be behind the effort.
Security officials said in July that hackers linked to Russian intelligence services were trying to steal information about coronavirus vaccine research in the U.S., Canada and the U.K. Kremlin spokesman Dmitry Peskov rejected the allegations, according to the state-owned Tass news agency.
In addition to cybersecurity being a top priority for the incoming administration, the survey also found that most technology executives (41%) believe that the Biden presidency will have a positive impact on their company or organization over the next four years.
“There is burgeoning cyberinsurgency in American cyberspace with four rogue nations (Russia, Iran, China and North Korea) behind the majority of attacks,” says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. “Corporate digital transformation will be commandeered in the absence of vigilance.” Like Quade, Kellermann is also a member of CNBC’s Technology Executive Council.
Thirty-five of the 78 members of the CNBC Technology Executive Council responded to this survey, which was conducted from Dec. 2–14, 2020.