Does the SolarWinds Hiring of Christopher Krebs Make Sense?
The most publicized cybersecurity issue in the world currently is the recently discovered SolarWinds hacking attack that has affected upwards of 2000 computer systems belonging to around 100 governmental and non-governmental entities globally.
News of the hack broke within a few weeks after the firing of Christopher Krebs from his role as Director of the Cybersecurity and Infrastructure Security Agency (CISA).
Krebs was the first ever director of CISA, which is a sub-division within the Department of Homeland Security (DHS). Many observers feel that he was ousted by President Trump in a vindictive firing by the outgoing President due to the fact that CISA under Krebs had claimed that the 2020 election “was the most secure in American history.”
This claim was made despite the fact that a hacking attack against Hall County, GA had exposed the voter data of more than 180,000 county residents.
Politics aside, the argument can be made that Krebs, while still serving at CISA, had been less than successful in his duty to protect America from the kind of foreign Advanced Persistent Threats or APTs which for years have been attacking the United States from countries including Russia, China, North Korea and Iran, and are said to be responsible for the SolarWinds attack.
In fact, according to reports, the SolarWinds attack was carried out by a Russian hacking syndicate known as APT29 (Advanced Persistent Threat). The group is also known by the aliases the Dukes, Cozy Bear, Cozy Duke and Office Monkeys. The outfit used a new malware strain known as SUNBURST in the attack.
Ironically, Krebs has just been hired to consult SolarWinds. According to a statement released by the company, "We have brought in the expertise of Chris Krebs and Alex Stamos (from Facebook) to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company,"
In a recently released joint statement, the FBI and CISA called the attack "significant and ongoing." Although we are still learning much regarding the exact number of agencies that were affected and what kinds of information that the hack may have netted cybercriminals, thus far, by all accounts from those in the know, the malware delivered in the attack is extremely powerful.
Hackers penetrated the system that SolarWinds uses to provide updates to its Orion product. Subsequently, they inserted the malware into an otherwise legitimate software update. This kind of breach is known as a supply-chain attack as it infects new software as it is still under assembly.
This is certainly a major coup for hackers as it packages their malware inside a trusted program. It eliminates the need to trick individuals into downloading malicious software via a phishing campaign. Instead, hackers just rely on victims to install the Orion software update at SolarWinds' prompting.
During the first few months of 2021, we should learn much more regarding the SolarWinds attack. The company is betting that the insider knowledge possessed by Christopher Krebs will help them secure their systems from any similar attacks in the future, while learning which of their vulnerabilities led to their being compromised in the first place.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including The Hill, Newsmax, The Washington Times, Real Clear Politics, Townhall, American Thinker and many others.