FEDTECH: How do you think cybersecurity threats against federal agencies and other high-profile targets are evolving?
Kellermann: First and foremost, there are more zero-day exploits being unleashed against us that are being purpose-built by the Chinese intelligence services and the Russian intelligence services. In addition, because of telework due to the pandemic, more and more government employees are being targeted at home. The implicit trust that the government places on VPNs to access sensitive government systems allows for someone to basically hack that executive at home and ride that VPN tunnel into the agency’s environment.
It’s fairly easy for them to move laterally, because the U.S. security posture was very much focused on network security, network defense and prevention. Network defense is not as effective when most of your workforce is remote, because you have to put implicit trust in those tunnels. More and more of those endpoints are being successfully compromised, and not just through spearfishing. More and more of these attacks are specific to attacks on applications, but allow for the initial intrusion, a watering hole where trusted websites or mobile apps are compromised and used to attack those customers and or those employees.
Then, we have this “island-hopping” phenomenon, which has a compounding effect, because geopolitical attention is manifesting in cyberspace. Our Cold War adversaries are well aware that it is in their best interests to use the environments that they have compromised to leverage attacks against those constituencies. You hack one government agency and then use the footprint that you have in that agency and the network of that agency and the website of that agency to attack other agencies and other facets of the U.S. government. SolarWinds didn’t occur in a vacuum. This type of island hopping occurs in 49 percent of all incidents. How do I know that? Here at VMware, we’re partnered with 142 different incident readiness and response firms and managed security service providers who use the Carbon Black threat hunting capabilities in their investigations.
From that telemetry, it’s noted that when they go into conducting an investigation, they’re realizing that yes, that organization or that agency was breached, but more important, the infrastructure of the agency was now being used to attack other entities. We need to pay attention to that phenomenon.
There is more and more of a nexus between the cybercrime cartels and the intelligence services of at least five rogue nation-states that exists for a couple of reasons. One is that the cybercriminals are perceived as national assets. The other point is they have to share access to systems that they’ve compromised with those intelligence services, providing almost brokerage access to those compromised environments. Then, they’re used in order to offset economic sanctions imposed upon them by the West. So, for all those reasons, we have really had a tipping point in my 23 years of practicing cybersecurity.
FEDTECH: How do you think President Biden’s recent cybersecurity executive order is going to help improve the government’s posture, especially with its mandate that agencies adopt zero trust?
Kellermann: It is historic. I’ve never seen such a great leadership team in the positions of cybersecurity across the government, from the NSA to the new CISA director, all the way through the government. The folks in charge of cybersecurity now are very savvy. They’re very experienced, and they know what needs to be done.
In addition, the zero-trust mandate is imperative, because it makes the assumption that you’ll be breached at some point — period. That inevitability is such that it’s a reckoning that 100 percent prevention is impossible. We need to do a better job of having the environment protect itself from the inside out, to the point where President Biden met with Vladimir Putting and he stated, “Verify first and then trust.” I think that that is the direction that we’re going with cybersecurity across government agencies and the major systems integrators.