US Agencies Hit by Cyberattack
Facts
- On Thursday, a global cyberattack hit multiple unnamed US federal agencies, the latest in a series of attacks targeting a vulnerability in a widely used file-transfer software. The US Cybersecurity and Infrastructure Security Agency (CISA) said it was "working urgently to understand impacts and ensure timely remediation."1
- CISA Director Jen Easterly said that the software, known as MOVEit, is used by federal agencies and companies around the world and that software vulnerabilities are “pretty common.”2
- Charles Carmakal, chief technology officer of Google-owned cybersecurity company Mandiant, which does work for the government, was aware of some data theft from federal agencies through the hacks.3
- This incident follows a string of cyberattacks in recent weeks against businesses, including British Airways and the British Broadcasting Corporation. The same computer software was targeted in those attacks as well.4
- US universities and state governments have also been hit in recent weeks, including Johns Hopkins University's health system, which said "sensitive personal and financial information," including health billing records, were stolen.5
- While the perpetrators of this attack are unknown, a Russian-speaking hacker group known as Cl0p, which threatens to publish data if victims don't pay a ransom, claimed responsibility for some of the other recent attacks.4
Sources: 1Forbes, 2FOX News, 3NBC, 4Wall Street Journal, and 5CNN.
Narratives
- Narrative A, as provided by National Defense Magazine. The US needs to accept that the future of combat will be in the digital sphere the same way it foresaw the future of combat-by-air in 1947 and created the Air Force. The US needs a separate cyber force that’s able to rapidly adjust to the ever-changing capabilities of cyber attackers to protect the safety of government and private infrastructure. This is a now-or-never moment.
- Narrative B, as provided by The National Interest. The US has a history of using crises to gin up public support for new national security agencies. Once implemented, however, they often lead to failures like the Dept. of Homeland Security's highly-despised TSA airport security. Instead of repeating its past of throwing money at contractors, the government should reconfigure its current defense bodies to combat cyber threats.