A known cyber threat is no threat to those who know it

1 January 2017 by Steve Blum
, , ,

Caught.

Vermont municipal electric utility employees read the cyber security alert jointly published by the FBI and the federal homeland security department, and did what it suggested: check their computers for the specific type of malware detailed in the report. According to a press release from the City of Burlington’s Electric Department

U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.

There are three important take aways here. First, don’t trust the first thing you hear about such events from general news outlets. The Washington Post broke the story and made it sound like the nation’s electric grid was about to come crashing down around us. Not so. It was a single, properly isolated, if perhaps improperly used, laptop. Nothing to see here. Move along.

Second, when malware or bugs are reported running around loose, check to see if your system has been compromised. No one is going to do it for you.

Third, and most importantly, this kind of information has to be released quickly and fully by law enforcement and security agencies as soon as they discover it. They can’t wait until it turns into a international controversy, as Russia’s cracking of democratic party computers did. Or until they themselves have no more use for the exploit. And they certainly can’t continue to demand that technology companies deliberately weaken products in order to make their lives easier and, in doing so, our lives less secure.

The only way to fight clandestine cyber attacks – state sponsored or not, good guys or bad – is to expose the attackers and their weapons to the full light of day.