Imagining a Reverse Soviet Collapse for the West

With the indictments by Special Counsel Mueller against 13 Russians and 3 companies for criminal interference in the United States, it is timely to point to something I wrote in 2012:

Is a Communist or Totalitarian System Preferable in the Internet Age?

Back then, I was questioning whether anyone in government – and society writ large – was seeing how the openness and connectivity of the Internet was becoming a strategic vulnerability to democracy. That hackers, with ties to Russia and the former Eastern Bloc, were destabilizing the international equilibrium.  Seeing the assertive action of the US Department of Justice in bringing these indictments on Friday, I am happy to answer my own question back then with this answer today:

The Democratic institutions of America have joined the fight!

Yet, it is not enough to applaud the awakening of government institutions to the asymmetric and pernicious threats coming from the forces engaged in hijacking the goodness of the Internet.  These bad actors can continue to leverage asymmetric tactics, and by being nimble our adversaries can maintain their strategic advantage.  This was my very point in 2012: Our adversaries have learned that the Internet naturally favors those who crowdsource! 

A Straight Line: A. Avoiding a Reverse Soviet Collapse —> B. Community Cyber

What was observed back in 2012 bears repeating: “We all need exquisite security in the modern Internet Era, but few can afford it.” Another 2012 piece offered: “The approach the Nation takes in response to this critical threat landscape must start with internal resilience. Situational awareness must be improved at local levels so that the cyber-hygiene level rises …”

Enter Community Cyber!

The counter-strategy to fight our adversaries must center on combating what they are weaponizing:   Internet asymmetry and openness.  The method for achieving a new strategy must include crowdsourcing. The fight against cyber threats, in the Internet Age, is no longer government’s alone. We’re all in this together. Therefore, the role of government in this is to help mobilize society into the formation of cyber resilience centers.

Improving cyber resilience also cannot be solely government funded centers. That was the other point in the 2012 article: that the Soviets couldn’t compete with market forces. Today, criminal elements are aggressively monetizing their illegal efforts through black markets, money laundering, and other fraudulent – though profitable! – enterprises. Fighting a profit center with a cost center is destined to fail. Hence, a new strategy must also bring market forces into the fight.

To achieve this strategy, the citizenry must first come to understand their presence on the front lines. Second, the citizenry must further understand that they have a role in the fight. To develop appreciation of this paradigm shift, a movement is needed. Public service announcements must take up the message, and the media – including modern media like social media platforms – must also help change the national consciousness. And the soundbite for this effort, one which captures the notion that localities must take responsibility for improving their community’s resilience is “Community Cyber”.

The Awakening that’s Afoot

There is more good news beyond just the indictments. All “Five Eyes” countries, in the last few days, have now attributed to Russia the aggressive NotPetya malware attack of last year. This joint effort appears to signal resolve to confront Russia for its destabilizing attacks through cyberspace.

These are government efforts. At state levels in the US, information sharing mechanisms and institutions are also being established. And, information sharing is occurring at private levels, including formation of information sharing communities –  being formed as information sharing and analysis organizations (ISAO). The ISAO effort follows on the well-established, and government-promoted sector model – information sharing and analysis centers (ISAC). Thus, efforts and organizations exist, whereby government efforts to aid the further institutionalizing of these efforts into crowdsourcing components of national strategy looks like an attainable and necessary objective.

Good Start, But What’s Next?

For the national security establishment, The What and The Why about the risks posed by Internet-based threats has been acknowledged. A new approach by government appears to be underway. However, it is not yet evident that government appreciates the need to incorporate crowdsourcing in the fight, so The How in this new approach is not yet apparent. And, The When is pivotal for all of us: when does the national security establishment recognize that funding a resilience build in every community is not affordable, and that a market-based, locality-centric model is the only way we can win this fight?

Most importantly, The Who must be solved. It is We! It is both that the government must involve the private sector in this counter-threat strategy; and, the citizenry must be active in Community Cyber.

Top-down, and bottom-up must come together in a public-private mash-up.

By: Doug DePeppe, Founder
Cyber Resilience Institute
On:  February 17, 2018

Russian Cyber Threats Through Time

Today, criminal elements are aggressively monetizing their illegal efforts through black markets, money laundering, and other fraudulent – though profitable! – enterprises.

A useful exercise in evaluating the long-term effects of Russian interference in the culture of other sovereign nations is the visualization of the long-term ‘hacking’ of government and industry websites. This serves as a surrogate for visualizing the information warfare that has been occurring since, at least, 2008. By analogy, and with reference to the doping scandals that led to the expulsion of the Russians from the 2018 Winter Olympics, we are able to deduce much from this long-term involvement.

To ‘see’ this, only look.

By: Kyle Kweder, CRI Threat Analyst
Cyber Resilience Institute
February 9, 2018

IOC Lowers the Hammer on Russian Athletes

The International Olympic Commission has sanctioned the systemic manipulation of the anti-doping rules and system in Russia.

Once again Russian doping is a key topic at the International Olympic Committee (IOC). And once again the IOC bans Russian athletes from competing. This time it is the 2018 Winter Games scheduled for February. The IOC’s actions follow a 17-month investigation of Russian manipulation of testing during the 2014 Sochi Games, during which The Schmid Commission found systemic manipulation of the anti-doping rules and system in Russia.

Further, the commission recommended the IOC Executive Board to effectively sanction the existence of a systemic manipulation of the anti-doping rules and system in Russia, as well as the legal responsibility of the various entities involved; language indicating Russia’s doping program likely continues.

Cathedral in St. Petersburg, Russia

The ban follows numerous earlier instances where Russia was banned for operating a state-sponsored doping program for athletes; including both during the 2016 Rio Games and 2016 Paralympic Games, as well as the 2017 International Association of Athletics Federations (IAAF) London World Championships.

The IOC Executive Board moved to immediately suspend the Russian Olympic Committee (ROC) and block all Russian Ministry of Sport officials from the 2018 games. Additional sanctions are likely to have long term effects on Russia’s participation in international sport. These include exclusion of the Minister and Deputy Minister of Sport from all future Olympic Games, removal of the Sochi 2014 CEO from the Beijing 2022 Commission and suspension of the ROC President’s membership in the IOC. Lastly, the ROC must reimburse the IOC for the costs of the investigation and pay $15m to be used to increase capacity and integrity of the global anti-doping program.

The only good news to come out of the IOC meeting was a path for clean Russian athletes to participate. Individual Russian athletes may be invited to participate in the 2018 Winter Games. A special panel will be convened to determine which athletes are considered clean and eligible to participate. Athletes who participate will compete under the title Olympic Athlete from Russia (OAR). They will also wear a non-national uniform and have the Olympic Anthem played at any ceremony. A move clearly designed to keep Russian out of the Games.


Briefing for the Athletic Industry on the Fancy Bears Threat

The Fancy Bears hacks and dox releases this summer highlight the need for advanced planning briefing in the athletic industry.  The International Association of Athletics Federations (IAAF) World Championships, the Football Association and FIFA were impacted by Fancy Bear actions.  In July prior to the IAAF World Championship in London, Fancy Bears released the Athlete Biological Passport data of numerous prominent track and field stars.  The data breach released personal and medical information in addition to notes of “likely doping” or “passport suspicious” for some individuals.

Aries Merritt and Mo Farah were among the victims. While the Football Association and FIFA breach three weeks ago released details of failed drug tests and therapeutic use exemptions (TUEs) for athletes, the disclosure claimed 25 participants that were allowed to use TUEs during the 2010 World Cup.  It also indicated 150 players had failed drug tests in 2015 including four UK athletes where one tested positive for ecstasy and three tested positive for cocaine.

The Legacy of the Fancy Bear WADA Hack

Fancy Bears has actively exposed doping in sports through hacks against the World Anti-Doping Agency (WADA) and international organizations like the IAAF and FIFA.  They identified themselves a year ago as an international hack team that stands for fair play and clean sport.  At that time they were working under of guise of #OpOlympics to “enlighten” the public on how Olympic medal are won.  However, they have also participated in hacking Georgia’s government ministries prior to Russia’s 2008 army occupation, hacking the Democratic National Committee, targeting the CIA and the White House.  Enlighting, right.

The Fancy Bear hacking collective also leveraged the NSA tool “EternalBlue” to intensify attacks on hotel networks and target French Presidential candidate Macron in April.  Fancy Bears doping exposure endeavors intensified after WADA exposed systematic doping throughout the Russian Athletics Federation (RusAF) resulting in the suspension of RusAF athletes in IAAF events and the reallocation of Olympic medals to other teams and athletes. Fancy Bears has increased their activities and they are now threatening to uncover illicit behavior in athletics ahead of the 2018 Tokyo Games.

Preparing for the World Stage

Seasoned athletes maybe prepared for the press onslaught and actions required from a cyber breach or misinformation campaign however new athletes maybe ill prepared.  In addition to the laborious physical training, athletes would benefit from geopolitical and cyber awareness training.  Even if an athlete is mindful of political statements or opinions they perform on an international stage, as such, they or their loved ones, can be targeted for social engineering campaigns.  While organizations may fall victim to breaches, general awareness of threats and best practices for safe measure is a beneficial exercise.  The SportsISAO is uniquely positioned to assist the sports industry on cyber security issues from hardening, business continuity to advising on industry standards.

Benjamin Franklin said it best, “by failing to prepare, you are preparing to fail.”

By:  Yomphana Adams, CRI Threat Analyst
Cyber Resilience Institute
Date: September 13, 2017