December 16, 2021
by Simon Bracey Lane

Cybersecurity 2021, a Year in Review

The world continues to become increasingly hyper-competitive and uncertain. States, sub-state and non-state actors use all the tools of statecraft, short of open conflict, to inflict damage on their adversaries. Power is commonly exercised through an interconnected matrix of operations that seek to erode confidence in governance institutions; influence populations/policymakers and steer nations to actions more favourable to another. Cyber security is a frequently used component of that matrix and impacts every level of our societies.

Cyber security issues have become household concerns. I am hearing my mum talk about data protection to my dad in the kitchen as she scrambles around for her YubiKey to log into her National Health Service laptop (she works in the UK).

As we arrive at the end of the year, it’s important to take stock and think about what changed in our world, including the following three major events or trends that impacted the world of cyber security and beyond.

Critical Infrastructure Attacks:

In 2021, Critical Infrastructure remained a key target of adversaries. Attacks in this sector have often been successful as the IT infrastructure of vital systems is at times poorly protected.

The US defines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the US that their incapacitation or destruction would have a debilitating effect on security, national economic security and national public health or safety.

In her testimony to the US Senate Homeland Security Affairs Committee, Jen Easterly, Director of CISA outlines the broadscale nature of this threat. Urging a strengthening in US cyber defense to recognize that all organizations are at risk.

The attack on the Colonial Pipeline is evidence of this reality. This oil pipeline system suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The DOE coordinated a whole-of-government response to help Colonial resume operations quickly and safely, while moving fuel supplies to impacted areas to mitigate impacts to consumers.

The attack is understood to be the responsibility of the APT ‘DarkSide’. Find out more about them and the wider ransomware topic in the Cyber Security Summits webinar episode: Ransomware unplugged with Cyber Reason’s Sam Curry.

Find out more here:

The role of each Federal agency the Colonial pipeline response

Cyberwire Daily Dark Side Podcast: The way into Colonial Pipeline networks may have been an old VPN.

Dragos: Recommendations following the Oldsmar water treatment facility cyber

The NSO Group:

NSO Group Technologies is an Israeli technology firm. It became the center of international furor for discoveries made about its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smart phones. Details of its methodology can be found here[CV1] .

Following the leak of a trove of documents, it emerged that this organization’s product was being used across the world to spy on journalists, activists, businesspeople and politicians, including President Macron of France, US State Department officials and the family of Jamaal Khashoggi.

However, the bulk of those targeted were journalists. Agnès Callamard, Secretary-General of Amnesty International,described the tool as the ‘weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril’.

The initial investigation was first launched by Forbidden Stories, a coalition of journalists and outlets. As this story has evolved, NSO Group has been sued by Apple, is currently under investigation by the Indian Supreme Court, and were added to the Export Administration Regulations Entity List of entities determined by the US Government to be acting contrary to the foreign policy and national security interests of the United States.

Find out more here:

OCCRP: How does Pegasus work?

Darknet Diaries Podcast: NSO

60 Minutes Archive: NSO Group’s “Pegasus”

The Skills Gap:

As digital threats continue their speed of development, the number of cyber focused staff required to manage them continues to increase. Unfortunately, keeping up with demand has been a challenge.

This topic was discussed at this year’s Cyber Security Summit. Presentations ranged from how the public sector can retain top quality cyber talent to protecting security professionals from burnout. In last month’s newsletter, Judy Hachett CISO at Surescripts, suggested that strengthening the cybersecurity industry’s community bonds, staying personally connected, building your personal network and helping others get connected can help chip away at the shortage of cybersecurity personnel.

The role of the modern security professional has undergone an evolution of its own. The industry knows that operating in isolation within an organization is not an effective means of protecting its digital infrastructure. Cyber teams are now required to work collaboratively with the rest of the business to develop a strategic, analytical approach to cyber security. They need to pitch for resources and ensure they are adequately equipped to defend the organization and understand the organization well enough to defend it. This reality is a strong argument in favor of providing alternate routes into cybersecurity. Organizations should seek to capture skillsets existing outside the world of exclusively technically trained staff.

Broadening the diversity of cybersecurity personnel is another important facet of this discussion. As one of the early women graduates of West Point, CISA Director Jen Easterly has made reducing bias, hosting specialized events and applying innovative sourcing techniques a focus of her role.

A varied and innovative blend of approaches from both private and public sector organizations will be required to bridge the skill gap in 2021 and beyond.

As the world continued to grapple with the long-term effects of a global pandemic and economic regrowth, 2021 gave us ample opportunity to experience the best and worst of our interconnectedness. With these lesson under our belts, we move into 2022 better prepared to leverage our collective abilities to continue securing the world around us.