Защита инфрастуктуры

[tijd]

Комиссия Сената по разведке закончила первую стадию своего расследования рекомендациями по укреплению избирательной инфраструктуры от хакерских атаки - тема, важная в предверии выборов в Конгресс 2018.

The Senate Select Committee on Intelligence has examined evidence of Russian attempts to target election infrastructure during the 2016 U.S. elections. The Committee has reviewed the steps state and local election officials take to ensure the integrity of our elections and agrees that U.S. election infrastructure is fundamentally resilient. The Department of Homeland Security, the Election Assistance Commission, state and local governments, and other groups have already taken beneficial steps toward addressing the vulnerabilities exposed during the 2016 election cycle, including some of the measures listed below, but more needs to be done. The Committee recommends the following steps to better defend against a hostile nation-state who may seek to undermine our democracy:
https://www.burr.senate.gov/imo/media/doc/One-Pager%20Recs%20FINAL%20VERSION%203-20.pdf

Click to view

Сенаторы донесли свои рекомендации до Министерства нацбезопасности на вчерашних слушаниях:
https://www.intelligence.senate.gov/hearings/open-hearing-election-security

Не остановившись на этом, они обновили законопроект Secure Elections Act.

“During the 2016 election, Russian entities hacked presidential campaign accounts, launched cyber-attacks against at least 21 state election systems, and attacked a US voting systems software company. This revised Secure Elections Act adequately helps the states prepare our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group. Although funding for election security is included in the Omnibus appropriations bill, Congress still must pass the Secure Elections Act in order to put needed election improvements into law.”
https://www.lankford.senate.gov/news/press-releases/senators-introduce-revised-secure-elections-act-with-burr-warners-support

Учитывая, что законопроект совместно выдвинут четырьмя республиканцами и четырьмя демократами, у него неплохие шансы.



Российским хакерским атакам подвергается не только избирательная инфраструктура, но и другая важная инфраструктура, в частности системы электроснабжения, включая атомные электростанции. Официальный отчет о расследовании этих атак был опубликован МНБ и ФБР.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
https://www.us-cert.gov/ncas/alerts/TA18-074A

Надо полагать, испытания на полигоне в Украине прошли успешно.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.
That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.
https://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html

Click to view

Сенатор Ангус Кинг, который не устает напоминать, что нужно не только развивать системы защиты, но и нападения, чтобы отбить у враждебных правительств охоту соваться в Америку, подготовил законопроект Securing Energy Infrastructure Act.

The bill was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack’s severity was limited by Ukraine’s use of less complex technology to operate its grid, a concept that helped inspire the bill.
The bill establishes a two-year pilot program within the National Laboratories to partner with industry and develop ways to utilize cyber-informed engineering concepts to simplify and isolate automated systems and remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.
Senator King has been a leading voice on the need for a national emphasis on cyber deterrence and has repeatedly pressed officials in both the Obama and Trump Administrations on the importance of deterrence, including in four hearings in the last two months. A report from the Secretary of Defense on options for deterring and responding to adversaries in cyberspace was mandated by a provision in the 2017 National Defense Authorization Act authored by King and Senator Mike Rounds (R-S.D.). The report was due in June 2017, but has yet to be finalized. In addition, the provision requires a report from the President identifying the types of actions carried out in cyberspace against the United States that could warrant a military response; this report is due 180 days following the initial report from the Secretary of Defense.
https://www.king.senate.gov/newsroom/press-releases/king-risch-bill-to-protect-electric-grid-passes-enr-committee