I’m surprised that this is news or that it takes a threat assessment to deduce this – this is common sense!
Why you
ask?
Well, its no surprise that the United States is one of the most
technologically advanced countries in the world, and as a consequence,
virtually all aspects of its economy and security are digitally powered i.e. underlying
most of its business and government organizations are mission-critical IT infrastructures
that play an elemental role in facilitating the digital operation and control
of large parts of these organizations.
These mission-critical IT infrastructures play a paramount role in protecting the digital assets of these organizations, and given their digital nature, they do not enjoy the privilege of being protected by physical boundaries such as discrete and defendable geographical borders.
On the contrary, they are exposed to a vast and myriad attack-surface, as they can be attacked both from outside and from the inside, and since most of them are connected to the Internet, technically anyone from anywhere could potentially try to launch an attack against these IT infrastructures, and because the attack surface is so vast, the likelihood of an attack succeeding is rather high.
These cyber attacks can
also vary in technical sophistication, and range from your vanilla kid-stuff throwing-stones-at-the-entrance
DDOS attacks (which are so easy to carry out, and often glorified by an ignorant
media) to advanced enterprise-targeted security privilege escalation attacks
which require sophisticated technical expertise to carry-out and can result in
a perpetrator gaining complete administrative control over an organization’s entire
IT infrastructure.
The kiddish
DDOS attacks so often publicized by the media aren’t even worthy of national
news anymore, but unfortunately, the media doesn’t understand this stuff to
well, so for them its news! What the media doesn’t understand well at all are
advanced cyber threats which have the potential to take out entire
organizations, (plausibly including many of these media organizations as well) within a day, by using the power of automation. Yes, these are
very possible, but I don’t expect the media to shed light on these because they
don’t have the faintest clue as to how such attacks might work, or just how
much harm they can inflict.
That's the kind of stuff we worry about at Paramount Defenses; these advanced cyber security attack vectors, which often require deep technical expertise but can be automated by a single entity, such as a hostile foreign government, and one that can then be launched in a variety of ways to compromise an organization. What I’m referring to here is a Stuxnet like payload, crafted meticulously to take one or more organizations down. Such payloads, once written, can be disseminated and deployed in numerous ways, the simplest of them involving an organization’s own administrators downloading free IT tools/utilities.
Such advanced cyber security threats to organizations worldwide, not just in the U.S. are very real, and in our experience, we have found that most organizations are unprepared to secure and defend themselves from such attacks.
To make a long story short, this isn’t and shouldn’t be news to anyone, and shouldn’t require a formal threat assessment to realize – this is common sense, but I suppose, as they say, common sense isn’t that common.
That’s
about all the time I have for blogging. Now if you’ll excuse me, I’ve got to
get back to helping our customers secure and defend themselves from powerful, advanced
cyber security threats, such as this.
Best
wishes,
Sanjay
Sanjay