Having long been allies on the physical battlefield, the U.S. and U.K. are now joining together to increase the data security of both countries as state-sponsored attacks extend into the digital frontier. One Pentagon official told Killer Apps, a column for Foreign Policy magazine, that this is a growing area of allegiance between the two with more information and threat analysis being shared.
"Both nations firmly agree we need improved multilateral cyber coordination and we're working to do just that," the official said, according to the news source. "Cyber will also be on the agenda for discussions at the upcoming NATO conference in June."
British Defence Secretary Phil Hammond was recently in Washington, D.C., to meet with U.S. Defense Secretary Chuck Hagel to discuss cyber issues and other military concerns, according to Killer Apps. Hagel said much of the conversation focused on the physical aspect of defense but said there will be more cooperation than ever in the digital realm, calling it a "priority area." Hammond added that the U.K. and U.S. remain in lockstep on these projects as they look to take them even further into the future.
The impetus for improved cyber and data protection makes more sense when recent attacks from foreign countries are put into focus. It has been reported that defense contractor QinetiQ was compromised by an advanced persistent threat by an attack group operating in another country. Dark Reading said this group accessed information about U.S. drone and robot weaponry and was able to bring competing products to the market.
A wide area of concert
A larger report compiled by Bloomberg, which cited investigators who were hired by QinetiQ, as well as stolen and leaked emails by Anonymous, found that ongoing attacks against the contractor were launched by a group called Comment Crew. Earlier reports from this year found that the group had attacked and compromised 141 businesses across 20 different industries. The company that found these attacks, Mandiant, said the attackers were actually from the People's Liberation Army Unit 61398, an elite military hacking unit, and may spread out further than China.
"In four days of furious activity, the hackers rifled at least 14 servers, taking particular interest in the company's Pittsburgh location, which specialized in advanced robotics design," according to the Bloomberg report. "The Comment Group also used [a network administrator's stolen] password to raid the computer of QinetiQ's Huntsville, Alabama-based technology control officer, which contained an inventory of highly sensitive weapons-systems technology and source code throughout the company. The spies had got their hands on a map to all of QinetiQ's digital secrets."
Investigators who were hired by QinetiQ said despite multiple warnings from many organizations, the contractor's network had been compromised and officials failed to realize that the attacks were persistent. They did not react accordingly and IT professional Christopher Day told Bloomberg that they found intruders in many divisions and across product lines. There was almost no place within the company's servers without a persistent threat going at it. As a result of this, terabytes of sensitive data were stolen.
Defending against APTs
Warwick Ashford wrote on Computer Weekly that what usually makes these threats advanced is the combination of infiltration techniques that most businesses and government agencies cannot stop in concert. However, he said taken individually, these techniques are easy to defend against and are not unstoppable. The effectiveness of guarding against advanced persistent threats has to mean businesses have a depth of security, detection capabilities, a response and recovery plan, as well as security and awareness training across the entire organization.
"By bringing together in-house capabilities with third-party expertise in the form of a network forensics capture and analysis service, an organization can reach an acceptable level of risk with regards to APTs and blended threats," Mike Westmacott, security consultant at Information Risk Management, told the news source. "Such an approach will also prove invaluable if an attack takes place, as it will help the company to continuously improve its security posture."
If a company has been affected by an APT incident or attack, they need to have a stated approach for how the IT department can shut down the attack and preserve evidence of the attack to make sure what happened is known exactly. This means there must be a plan for event analysis to learn lessons from the event and develop even strong technological and procedural controls.
The last line of defense must be the people in the organization being able to recognize when something isn't quite right on a network. John Walker, member of the security advisory group of the London chapter of ISACA, told Ashford that there should be security awareness training and educational programs to help improve employee understanding of these attacks.
"Whatever an individual's role is within the business, from chief executives to secretaries, businesses must ensure that everyone is provided with an adequate level of security awareness training so they will be able to identify anything suspicious," Walker said.
Data Security News from SimplySecurity.com by Trend Micro.