A week ago we were made aware of the FireEye cyber attack. Days later we were witnessing an impressive global incident response.
FireEye had suffered an attack by a highly sophisticated – suspected state-sponsored – threat actor. Hackers targeted and accessed its Red Team assessment tools, used to test customer security and replicate behaviour of attacks. The team at FireEye were swift to begin the process of issuing a number of countermeasures and communicating the breach.
Just five days later FireEye released further information on a global campaign that introduces compromise into the networks of public and private organisations through the software supply chain. It was delivered through updates to the Orion network monitoring product from SolarWinds.
The response that then followed not only included the impacted vendors and their clients, but governments around the world. Both the NCSC and CISA offered advice and begun action to mitigate the impact.
The battle lines of cyber warfare have never been clearer than they have been in this last week. A suspected state-sponsored actor coming up against the collaborative intelligence and incident response of a cross-country defence force.
That is a defence force which the UK is actively investing in, following the increased military investment announced in November and the creation of a new UK national cyber defence force.
It would be an understatement to say that there has been a growing undercurrent of geopolitical cyber tensions. From Russia’s false information campaign in the 2016 elections, the recent Russia Report issued by the UK Government and other documented attacks linked to China against other governments.
But what is especially interesting is how governments, vendors and the wider industry pulled together. By truly working in concert, the swiftness of the response matched the audacity of the attack.
From a Nominet perspective, it goes to show the critical part we all play in defending our nation and the critical national infrastructure it relies upon. Protecting .UK and delivering the Protective Domain Name Service (PDNS) on behalf of the National Cyber Security Centre (NCSC) for our part. Also, with critical national infrastructure, increasingly more IoT technology is being integrated and consequently the number of vulnerabilities and the scale of potential attack is widening. This too must be incorporated in our protective landscape. Encouragingly, these latest incidents show that while both attacks themselves are multi-layered, so is our response. That’s the future of resilience.
Above all cyber defence is no longer in the technical ‘weeds’. It is part of our everyday lives and can have a huge impact. When we’re defending public services, it’s not only the government that’s being protected or individual hospitals, but also individuals – the doctors, the nurses and the patients. It is me and you. And that’s why collaboration is paramount.