NotPetya
Q. What lessons can be learned from this article
regarding the need for adaptability and flexibility to new and emerging
threats? How can those lessons be applied at the unit level?
Leading Like a Gardener
Q. Do you agree/disagree with the concept of "leading like a gardener?" Explain your answer.
This was an extremely fascinating case study of cyber warfare. It is jaw-dropping to see the global devastation unleashed with just one attack. This article show-cases the need to be prepared for this kind of warfare throughout government and business.
ReplyDeleteA few lessons regarding the need for adaptability and flexibility to new and emerging threats:
1. Due to the nature of cyber warfare, devastating attacks can happen from across the globe, with no warning....and may be impossible to trace back to the attacker.
2. Everyone is a potential target-- this attack was not targeted at military, but rather civilian business and government infrastructure.
3. Effects felt by all-- in our world's global economy, a disruption to a European shipping company can bring US manufacturing to a halt in some cases and prevent critical logistics at all levels.
At the unit level, it is imperative that we train to operate with degraded comms and that we practice analog methods of exercising our METL. Always us a PACE plan (Primary, Alternate, Contingency, Emergency) in all things.
MAJ Roger Mulholland
XO, 142
I echo the comments by Roger above. However, I would say everyone is definitely a target, not just a potential target. A potential target would imply that the malicious code, once deployed, would have logic executing to determine whether or not to infect a machine with the malicious code. That logic would need CPU usage to execute and would slow down the attack. Also it would be a huge vulnerability to the attacker as any machines that the virus determined to not execute against would provide a bread crumb trail back to the patient zero machine, and would mean the attacker could get caught and the determining logic could possibly be the causation of not achieving the intended objective because the attack was recognized for what it was before it infected as many machines as it otherwise would/could.
ReplyDeleteThe proverbial we in the Army need to come up with analog and manual methods of operating. We cannot afford to go down as this company did for even 1 minute. The only way we can stay flexible and adaptable is to develop and practice pre-determined analog and manual operations against such attacks.
I would suggest that along with training under degraded conditions, we also need to practice the transition from Primary down to Emergency and then as we begin to see the enablement of secure communications come back online, we practice the transition from Emergency back to Primary. Along with that, we should be practicing redundancy recovery operations where when we're operating in known hazardous cyber environments, we practice replicating data in the different P.A.C.E mediums. I.e., a report lives on a network or web hosted location. We should save a local copy, meaning save a copy to our machine that would be accessible if a network outage or a targeted cyber attack destroyed our networking capabilities. Additionally, maybe printing a copy of critical documents may be of value, just incase an attack like NotStoya in the article occurred and your entire machine is rendered unusable.
The loss of revenue from being unable to ship the items in transit at the time of the attack was definitely astronomical, but the data loss alone was in reality probably just as costly. Okay, maybe not in this situation, but when it comes to us being flexible and adaptable, data will be our biggest losses when a cyber attack occurs. We must learn how to handle data in all formats and learn how to securely reproduce data in our different P.A.C.E.'s. If we can't, it may be a matter of life and death for us, vs a corporation just losing money. In this Article in some resulting ramifications were matters of life and death as the company couldn't deliver life saving medicines and food and water. Additionally, many of the crew's on the cargo ships were basically lost at sea adrift, etc.
Everyone in the world today needs to be thinking about these types of scenarios for their own personal well being, but also, for their companies/organizations well being. We need to become a much more educated population to combat against cyber attacks especially as they become more sophisticated as technologies emerge. Additionally, our forces absolutely need more training in cyber as a general knowledge base in order to continue operating in the world of cyber moving forward.
CPT Aaron Poulton
142 BN-S6
I think the responses above are awesome. Anyone or anything could be taken down from anywhere at any time. That highlights the need for us to always be ready to “go analog" as well as work to bring things back up to full capability as quickly as possible. This requires everyone to have at least basic understanding of cyber functions. Another note I took from this is the fact that one of the people described in the article weren’t told exactly what to do to fix the situation. There was no SOP on what to do in this case (which I’ll get to shortly). They were told “Do your job,” and they were empowered to do so through basically unlimited funding and manpower. They were flexible enough to be able to operate in a non-standard fashion in addition to being lucky due to a power outage in Ghana. Their version of flexibility included purchasing new equipment and beginning from scratch in many cases. While that presents an issue for us in our field, I think we can still plan contingencies and continue to do our jobs legally and effectively.
ReplyDeleteThe need for comprehensive SOPs cannot be overstated. I believe every team should have an SOP that covers day-to-day operations in addition to suggestions or even instructions on how to operate when everything breaks down. A PACE Plan is an essential part of any operation, and I agree that we need to know it and rehearse it forward and backward from the Commander all the way down to the newest Soldier in the company.
One point made that really stood out was how the organization identified multiple vulnerabilities after the fact. At the unit level, we should constantly be evaluating ourselves and identifying weaknesses and gaps both in training and in our systems. But none of that will be worthwhile without follow-through and support from higher. These people knew that their operating systems were old and vulnerable but there was no follow-through because implementing it wouldn’t have contributed to their bonuses. Ultimately, they paid several times over for that attitude.
In order for an organization to be adaptable and flexible, the leaders of that organization should be that way themselves. We need to develop the skill of delegating and being as hands-off as possible regarding how our Soldiers get the job done. I have been surprised at the level of adaptability my Soldiers show when I simply give them their legal limits and tell them what I, or more importantly our Commander, believe to be mission accomplishment. It can be a humbling experience at times, and it can help strengthen trust within a unit.
CW2 D Loftus
B Co 142
This was a very interesting read and it’s hard to stomach how much money was lost, over such a short period of time. This article highlights the needs for every soldier to become more diligent in what’s happing in the cyber world. In regards to the question; I think at the unit level we’re in a great situation because of the flexibility of our soldiers, the diverse backgrounds we bring to the fight and are ability to rapidly mobilize our forces to quickly combat any threat/challenge we may face. It appears that Maersk was slow to understand the situation and/or never planned for a cyber attack on their systems, but if they conducted rehearsals and/or installed updated software this could have been prevented? The article stated that it took Maersk, 48hrs to bring their subject matter experts together from multiple countries to identify the threat and figure out what was needed to fix their network, which is a pretty rapid response for such a large multinational organization. I’m glad that the article highlighted the use of other platforms to communicate on “whatsapp. We need continued to stay functional on these platforms, even if we’re not using them on a regular basis because they could come in handy one of these days, Twitter, Snapchat, Whatapps, Google hangout. etc.
ReplyDeleteCPT Bringhurst
IC DET
Good feedback everyone! I like the thinking going into the responses, even though we're still missing a few.
ReplyDeleteThe organizations that tended to do best in the cyber attack were those who had fairly robust systems and personnel who were capable of reacting quickly to an unknown threat. Maersk, while knocked off its center initially, rallied and ultimately saved itself from disaster. The government in Ukraine and other organizations weren't as successful given their capability to handle such an event.
At the unit level, we have to develop our Soldiers proficiency in order to enable their flexibility. Part of that is helping them understand their jobs better. Part of that is developing them to make decisions in a dynamic and fluid environment. We do that by putting them in those types of situations in training. While the real world doesn't always exactly mirror what happens in a training environment, it gives our Soldiers a framework from which to operate. As we develop leaders and individual Soldiers to make good decisions in training, we can set them up for success in environments that are completely new or foreign. This also develops their flexibility. We have to learn and teach that more often than not, the next crisis will not look like anything we've seen before, and yet, we'll still be expected to perform at a very high level. That's the Army.