2021: A Year with Two Gulps of Failure
February 11, 2021
I provide additional commentary on Microsoft’s late January 2021 about the SolarWinds’ misstep. The glitch seems to be like an ink stain. Over time, it spreads: China’s alleged involvement, one third of the security penetrations not involving SolarWinds’ software, and mounting suggestions about how long the bad actors were probing and possibly implanting backdoors in government agencies, big contractors, and commercial enterprises. You can view the video on this blog’s home page on January 9, 2021. For today (Monday, January 8, 2021) I want to call attention to two items.
The first is a useful list of situations in which malware, viruses, and other bad actor actions are not detected. You can find the list in “Why Antivirus Software Fails to Detect Latest Viruses and Malwares.” What’s interesting about the article is that none of the suggestions solves the problem of the Saturday Night Live / Donald Rumsfeld quip, “You don’t know what you don’t know.”
The second is the allegedly accurate information in the ABC News’s report “Former Capitol Police Chief Steven Sund Says Entire Intelligence Community Missed Signs of Riot.” Here’s a passage the Capitol Police’s former top dog to Ms. Pelosi included in the news story:
“Having previously handled two major post-election demonstrations successfully utilizing an action plan that was based on intelligence assessments that had proven to be credible, reliable, and accurate, we reasonably assumed the intelligence assessment for Jan. 6, 2021, was also correct.”
What this means to me is that the intel was off the mark.
Perhaps the SolarWinds’ misstep is the result of several factors. Let me raise these as possibilities:
First, the software designed to identify and flag breaches did not work. Furthermore, the infrastructure in wide use for Microsoft software was the carrier of the malware. No one noticed for possibly a year or more. FireEye investigated a mobile phone access issue and came across the multi-part, multi-stage attack. The breach was not one outfit. The penetration extended to as many as 18,000 organizations. It is not clear what the bad actor did once access to this gold mine of systems was achieved.
Second, the intelligence apparatus of multiple US entities did not characterize the scale, intent, and size of the “friendly” protest at the US Capitol in early January. If the information in the ABC News’s story is accurate, the intelligence reports, like the awareness of the SolarWinds’ misstep, were wide of the mark. Maybe in someplace like Cuba or Bali, just not in the Capitol Police’s tactical planning unit’s hands?
The conclusion is that I see two types of failure with a common root cause: A certain blindness.
Marketing, threat assessment webinars, and licensing existing cyber security software won’t address these, possibly inter related problems.
Not good. Marketing explanations are much better. The fix? Another BrightTALK cyber security briefing, more Microsoft security blog posts, and more security podcasts from former government security attorneys?
Stephen E Arnold, January 11, 2021