By Stefanie Horvath
April 12, 2021
Supply chain attacks signal who is synchronized and holds a dominant knowledge of technology – and it is not us.
Each day brings another attack – each attack more insidious and obfuscated than the last. Accellion’s Legacy File Transfer Application exploitation attacks automated data transfers, taking down organizations with wildfire swiftness. The rapid progression of supply chain attacks signals that cyber criminals are far better than us at leveraging synchronization.
The supply chain attacks demonstrate a considerable depth of knowledge of the technology and the companies using the technology. The Identity Theft Resource Center (ITRC) 2020 Data Breach Report describes how attackers are specifically targeting supply chain attacks to access information in multiple organizations through a single, third party vendor. It’s time to broaden our defensive strategy to counter adversarial synchronization and capabilities to better defend against supply chain attacks.
First strategic objective – Providers develop secure products and services.
Companies small and large do not have the staff to catch and fix all the vulnerabilities embedded in the product and services they procure. Vendors and providers can help out the local system admin by testing and checking code before selling the product or service.
Second strategic objective – Security first is the strategy.
Companies must “batten down the hatches” and invest to secure technology through policies, procedures and resourcing. From more rigorous scrutiny of Third Parties to additional security staff, tools and training, targeted investments can significantly bolster a company’s defensive posture and detection capabilities.
Third strategic objective – Sharing is Caring.
Sharing information is as critical as ever. Nothing new here, so to end on a happier note, let’s examine a couple of information sharing initiatives.
OASIS Cyber Threat Intelligence project – Supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis.
Given the repeated reality of a highly synchronized cyber adversarial network successfully attacking deep into company infrastructure, companies and organizations must embrace a different strategy. Companies should not have to face the swarm of cyber criminals alone. Vendors and other organizations must work jointly with companies to bolster defenses and share information. Working jointly is the only way to accelerate detection and response to withstand the onslaught of supply chain attacks.
Brigadier General Stefanie Horvath provides guidance, leadership, and oversight to the Joint Staff and advises the Office of the Adjutant General on joint matters for 13,000 Soldiers and Airmen on ready units, providing a competent ready force, optimal force structure, and cyber response. Her responsibilities include emergency response operations, government relations, strategic planning and international affairs. Horvath joined the North Dakota Army National Guard in 1989 and was commissioned a Second Lieutenant in 1991. She has both in a full-time capacity and as a traditional Soldier. She has commanded at the company, battalion and brigade levels and completed deployments to Kosovo in 2003-2004 and Iraq in 2009-2010. Her most significant awards include the Bronze Star Medal and the Meritorious Service Medal with three bronze oak leaf clusters.
General Horvath has earned a Bachelor of Arts in Sociology & Criminal Justice from North Dakota State University and a Master of Science in Strategic Studies from the United States Army War College. She holds numerous professional certifications in information security. In her civilian occupation, she serves as the Chief Business Technology Officer (CBTO) for the Minnesota Boards, Councils, and Commissions (MBCC) and the Enterprise Program Management Office (EPMO) for the State of Minnesota. She is also Program Chair of the Cyber Security Summit, a consortium of industry, government, and academic leaders working together to improve the state of cybersecurity on the domestic and international level.