5 January 2022
The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geopolitical influence. After two decades of fighting a counter-terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly.
The rise of quantum computing, hypersonic weapons, and criminal groups acting on behalf of nation-states have changed the calculus and the stakes of twenty-first-century warfare. The US and its allies have to prepare for potential conflicts in Eastern Europe and/or the South China Sea. Both adversaries in such a conflict already possess significant knowledge of US cyberinfrastructure and have a consistent history of exploiting these weaknesses.
Meanwhile, the US defense contractor community is charged with building hardware and software to provide clear strategic and tactical advantages on the battlefield. However, the continuing rise of social engineering tactics and risks associated with embedded vulnerabilities in contractor networks make keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Threat actors have already demonstrated the ability to infiltrate government networks through supply chain attacks like Solarwinds, which compromised at least nine federal agencies. The close working relationship between defense contractors and the US government poses a significant risk for data leakage in a data breach.
What to do?
Use end-to-end encryption for all defense contractor data
Use a Zero Trust Security Model to prevent unauthorized access to sensitive information.
Use deception technology to share and transmit data
What can you do when this happens to you?
If you find your network has been compromised, immediately shut down.
Identify the breach and type of virus or malware present.
Identify any data which might have been compromised or stolen and inform appropriate parties.
Rebuild the network from a known clean backup
Gordon Lawson, Security Week