A former Marine who conducted cyber missions for the U.S. military and the National Security Agency told CNBC on Monday the threat of a cyberattack on the U.S. chain supply keeps him awake at night.
David Kennedy, also the founder of cybersecurity companies TrustedSec and Binary Defense, told “Power Lunch” that an attack on the U.S. supply chain would disrupt the entire world.
“The thing that personally keeps me up at night as a cybersecurity professional are these supply chain attacks … you’re talking about impacting tens of thousands and hundreds of thousands of companies and organizations around the world from a single hack,” Kennedy said.
The Russian-linked hacker group Nobelium has been attempting to attack parts of the global technology supply chain, according to cybersecurity experts at Microsoft. Nobelium, as the hacking group is known, is infamous for the SolarWinds hack in 2020, which compromised the IT firm and its customers including big U.S. companies and the federal government.
“They’ve had a lot of success,” Kennedy said of Nobelium. “They targeted Ukrainian tax software, they then continued with Solarwinds and now we’re seeing them target man-to-man service providers.”
Successful attacks may lead other adversarial nations to wage a cyberattack against the United States, with aim taken at increasingly vulnerable cloud computing, Kennedy said. “Every other adversary that we have in the U.S. is looking at this and saying this is an area of opportunity, and cloud is definitely the next evolution of attack for us.”
Security systems in place by many technology companies weren’t designed to handle these levels of threats, according to Kennedy. “It’s not just these high sophisticated level of adversaries like Russia or China, it’s also ransomware now which is particularly alarming for us,” he added.
Another thing that keeps Kennedy up at night is the United States’ lack of offensive cybersecurity capabilities. “We have to do more going after these countries and holding them accountable, especially on ransomware.”
Offensive actions should especially be considered when adversarial nations attack U.S. intellectual property and the private sector, according to Kennedy.
With other powerful countries using cyberattacks as a sign of force, the U.S. is at risk of appearing vulnerable and at risk for further attacks, he added. “It’s time to go on the offensive.”