Sounding The Alarm About A New Russian Cyber Threat

Apr 24, 2018
Originally published on April 24, 2018 9:43 am

In a rare joint statement, the U.S and U.K. last week warned that Russia is actively preparing for a future cyberwar against the West.

Of particular concern, according to a joint technical alert issued by the U.S. Computer Emergency Response Team, is a Russian cyberattack on network infrastructure devices such as routers, switches and firewalls. Compromised routers, the alert says, help Russia "support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations."

So what should individuals or companies or government officials be looking for?

Jeanette Manfra, the Department of Homeland Security's cybersecurity chief, tells NPR that one technique to compromise security is called "spoofing."

"It allows an actor to pretend that they're the computer, or the device that you think you're talking to, so they get into the middle of a connection between two different devices, and they can spy on the traffic that is going back and forth, they can manipulate the traffic," she says.


Interview Highlights

On what action Americans should take

It's reasonably simple: The vendors [of network infrastructure devices, like routers and switches] are putting out guidance, or have been putting out guidance that are specific to the make and model of their network device. So organizations need to go check what the vendor is, the make and the model – you can get online, you can download the vendor guidance for how to address it.

On the government's responsibility in trying to prevent cyberattacks

We've been issuing guidance or alerts, whether it's vulnerabilities that we see. We've been issuing a series of alerts on North Korean activity. But of course we want to continue to ensure that there are consequences for malicious behavior. My department is focused on defense and ensuring that network defenders have what they need. But there are other tools that the government has to deter this activity, whether that's sanctions, criminal penalties, diplomatic engagement – there's a lot that the government is doing to try to impose consequences on this type of irresponsible behavior.

On whether a cyberattack should be considered an act of war

This has been a question our government has been thinking about for some time. I think of it in terms of actions against our critical infrastructure and our country that would have consequences about public health or safety or economic security – we would take that very, very seriously.

Steve Tripoli and Ana Lucia Murillo edited and produced this interview for broadcast. Heidi Glenn adapted it for the Web.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

DAVID GREENE, HOST:

The United States and the U.K. issued this rare joint alert last week warning that Russia is actively preparing for a future cyberwar against the West. Jeanette Manfra is the Department of Homeland Security's cybersecurity chief, and she says one dangerous technique is called spoofing.

JEANETTE MANFRA: It allows an actor to pretend that they're the computer or the device that you think you're talking to. So they get into the middle of the connection between two different devices, and they can spy traffic that is going back and forth. They can manipulate the traffic.

GREENE: Rachel Martin spoke to Manfra about this threat.

MANFRA: This is very focused on what we call enterprise, or even small office or home office routers and switches. So these are the devices that basically make networks work. And what that means is that if somebody is sitting on those routers or those switches, they have full access to all of that data, all of your communications. They can see that. They can potentially manipulate that. And they have pretty broad access then to your network.

RACHEL MARTIN, HOST:

So that sounds horrible.

MANFRA: I agree.

MARTIN: Can I ask what has transpired to make this threat more severe now?

MANFRA: We've issued previous alerts, but what we saw was that it was not reaching far enough and wide enough. Not enough people had access to this and knew to take action, so we felt that we needed to get it out to as many businesses, as many even home offices as possible, which necessitated a public alert.

MARTIN: All right, so now let's tackle the solutions because there will be a lot of people out there who hear this and start to get real nervous about the idea of a cyberwarrior out of Russia getting into their home computer network. So how do you fix this?

MANFRA: So it's reasonably simple. The vendor of the network infrastructure device, whether that's a router or a switch - the vendors are putting out guidance or have been putting out guidance that are specific to the make and the model of their network device. So organizations - you know, they need to go check what the vendor is, the make and the model. You can get online. You can download the vendor guidance for how to address it.

MARTIN: So that's what an individual can do. What are you doing? What is the federal government's responsibility in trying to prevent these kind of attacks? And what can you do?

MANFRA: We've been issuing guidance and alerts on whether it's vulnerabilities that we see - we've been issuing a series of alerts on North Korean activity. But, of course, we want to continue to ensure that there are consequences for malicious behavior. My department is focused on defense and ensuring that network defenders have what they need, but there are other tools that the government has to deter this activity, whether that's sanctions, criminal penalties, diplomatic engagement. There's a lot that the government is doing to try to impose consequences on this type of irresponsible behavior.

MARTIN: If you see the threat increasing, though, are you satisfied with the punitive measures that have been put in place against Russia? Should the sanctions be more severe? Should there be more targeted repercussions?

MANFRA: I believe the sanctions are pretty severe. And I also believe that publicly naming government for this type of behavior is important. And then, of course, I believe in the continued efforts of law enforcement to identify and prosecute those who are breaking our laws.

MARTIN: Does the U.S. view a cyberwar as an actual war or a cyberattack in the same way that they perceive, for example, a physical attack on American infrastructure? If a power grid is disabled because of a cyberattack, and the result is that the power grid is down, how is that different than if it's bombed?

MANFRA: That is a great question. And I would say this has been a question that our government has been thinking about for some time. I think about it in terms of actions against our critical infrastructure and our country that would have consequences about public health or safety or economic security. We would take that very, very seriously.

MARTIN: What's the scenario that troubles you most?

MANFRA: That we will miss something. We are doing everything that we can to ensure that that doesn't happen, but we need individuals - consumers, citizens - and we need companies to all recognize that they have a role to play in keeping this Internet ecosystem safe.

MARTIN: Jeanette Manfra is in charge of cybersecurity for the Department of Homeland Security. Thank you so much for talking with us.

MANFRA: Thank you. Transcript provided by NPR, Copyright NPR.