Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us
No Result
View All Result
No Result
View All Result
Home Supply Chain Updates

Russian hack of U.S. agencies exposed supply chain weaknesses – The Denver Post

usscmc by usscmc
January 25, 2021
Russian hack of U.S. agencies exposed supply chain weaknesses – The Denver Post
Share on FacebookShare on Twitter

WASHINGTON — The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.

It wasn’t surprising that hackers were able to exploit vulnerabilities in what’s known as the supply chain to launch a massive intelligence gathering operation. U.S. officials and cybersecurity experts have sounded the alarm for years about a problem that has caused havoc, including billions of dollars in financial losses, but has defied easy solutions from the government and private sector.

“We’re going to have to wrap our arms around the supply-chain threat and find the solution, not only for us here in America as the leading economy in the world, but for the planet,” William Evanina, who resigned last week as the U.S. government’s chief counterintelligence official, said in an interview. “We’re going to have to find a way to make sure that we in the future can have a zero-risk posture, and trust our suppliers.”

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The sheer number of steps in that process, from design to manufacture to distribution, and the different entities involved give a hacker looking to infiltrate businesses, agencies and infrastructure numerous points of entry.

This can mean no single company or executive bears sole responsibility for protecting an entire industry supply chain. And even if most vendors in the chain are secure, a single point of vulnerability can be all that foreign government hackers need. In practical terms, homeowners who construct a fortress-like mansion can nonetheless find themselves victimized by an alarm system that was compromised before it was installed.

The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments. That product is made by a Texas-based company called SolarWinds that has thousands of customers in the federal government and private sector.

That malware gave hackers remote access to the networks of multiple agencies. Among those known to have been affected are the departments of Commerce, Treasury and Justice.

For hackers, the business model of directly targeting a supply chain is sensible.

“If you want to breach 30 companies on Wall Street, why breach 30 companies on Wall Street (individually) when you can go to the server — the warehouse, the cloud — where all those companies hold their data? It’s just smarter, more effective, more efficient to do that,” Evanina said.

Though President Donald Trump showed little personal interest in cybersecurity, even firing the head of the Department of Homeland Security’s cybersecurity agency just weeks before the Russian hack was revealed, President Joe Biden has said he will make it a priority and will impose costs on adversaries who carry out attacks.

Supply chain protection will presumably be a key part of those efforts, and there is clearly work to be done. A Government Accountability Office report from December said a review of 23 agencies’ protocols for assessing and managing supply chain risks found that only a few had implemented each of seven “foundational practices” and 14 had implemented none.

U.S. officials say the responsibility can’t fall to the government alone and must involve coordination with private industry.

But the government has tried to take steps, including through executive orders and rules. A provision of the National Defense Authorization Act barred federal agencies from contracting with companies that use goods or services from five Chinese companies, including Huawei. The government’s formal counterintelligence strategy made reducing threats to the supply chain one of five core pillars.

Perhaps the best-known supply chain intrusion before SolarWinds is the NotPetya attack in which malicious code found to have been planted by Russian military hackers was unleashed through an automatic update of Ukrainian tax-preparation software, called MeDoc. That malware infected its customers, and the attack overall caused more than $10 billion in damage globally.

The Justice Department in September charged five Chinese hackers who it said had compromised software providers and then modified source code to allow for further hacks of the providers’ customers. In 2018, the department announced a similar case against two Chinese hackers accused of breaking into cloud service providers and injecting malicious software.

“Anyone surprised by SolarWinds hasn’t been paying attention,” said Rep. Jim Langevin, a Rhode Island Democrat and member of the Cyberspace Solarium Commission, a bipartisan group that issued a white paper calling for the protection of the supply chain through better intelligence and information sharing.

Part of the appeal of a supply chain attack is that it’s “low-hanging fruit,” said Brandon Valeriano, a cybersecurity expert at the Marine Corps University. A senior adviser to the solarium commission, he says it’s not really known just how dispersed the networks are and that flaws in the supply chain are not uncommon.

“The problem is we basically don’t know what we’re eating.” Valeriano said. “And sometimes it comes up later that we choke on something — and often we choke on things.”

usscmc

usscmc

No Result
View All Result

Recent Posts

  • US Ports: Gateways to Global Trade
  • Ports of Prosperity: How US Ports Rule the Global Trade Game
  • Sustainable Supply Chain Practices in the US
  • Challenges Facing the American Trucking Industry
  • The American Warehouse Revolution: The Role of Automation in US Warehouses

Recent Comments

  • Top 5 Supply Chain Certifications that are in high demand | Top 5 Certifications on Top 5 Globally Recognized Supply Chain Certifications
  • 3 Best Procurement Certifications that are most valuable | Procurement Newz on Top 5 Globally Recognized Supply Chain Certifications

Archives

  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • September 2019

Categories

  • Global News
  • Supply Chain Updates

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor

Pages

  • Home
  • Terms of Use
  • Privacy Policy
  • Disclaimer
  • Antispam
  • Contact Us

Categories

  • Global News
  • Supply Chain Updates
slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor

Tags

APICS E-commerce Boom and Its Disruptive Impact on US Logistics ecommerce Globally Recognized Supply Chain Certifications IIPMR Certifications International Institute for Procurement and Market Research (IIPMR) ISM logistics Next Level Purchasing procurement Supply Chain Supply Chain Industry supply chain industry in usa The changing landscape of Supply Chain Industry and how companies need to ride the tide Top 5 Supply Chain Certifications top supply chain certifications USA US Ports and Their Role in Global Trade US Supply Chain Industry warehousing

Trending

US Ports: Gateways to Global Trade

  • Antispam
  • Contact Us
  • Disclaimer
  • Home
  • Privacy Policy
  • Terms of Use

© 2023 www.usscmc.com

No Result
View All Result
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us

© 2023 www.usscmc.com

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT