At a glance.
- How does NATO’s Article Five apply to cyberdefense?
- CISA’s new protective DNS could be expanded to non-government entities.
- GAO’s ransomware report indicates communication is a weakness.
How does NATO’s Article Five apply to cyberdefense?
Prime Minister Edi Rama says that Albania was hit with cyberattacks from Iran so severe that he considered invoking Article Five, a NATO declaration that calls all members to act in collective defense, treating an attack against one member as “an attack against them all.” Though Rama decided against it – “I have too much respect for our friends and our allies to tell them what they should do. We are always very careful to be very humble in our assessments,” he explains – the incident raises a larger question: Should Article Five be used to respond to cyberattacks, and if so, how? As Politico explains, the only time the measure has ever been used was after the September 11 attacks on the US, and it’s unclear what the proper response should be when an attack is digital rather than physical. The NATO Cooperative Cyber Defence Centre of Excellence said the application of Article Five to a cyberattack is “a blurry but consistent position of NATO.” In 2018 NATO Secretary General Jens Stoltenberg said that the alliance’s protocols surrounding a cyberattack are intentionally vague. “I am often asked, ‘under what circumstances would NATO trigger Article Five in the case of a cyberattack?’ My answer is: we will see,” he said.
CISA’s new protective DNS could be expanded to non-government entities.
The US Cybersecurity and Infrastructure Security Agency (CISA) is launching a Protective Domain Name System (DNS) service that will help federal agencies defend against cyberattacks. DNS is used as an attack vector for a wide range of cyber incidents, and CISA’s protective DNS would serve as a barrier between agency networks and the rest of the internet, blocking queries that seek access to known malicious IP addresses. The new DNS resolver replaces an old DNS sinkholing service which was limited to agencies’ on-premise networks, while the new one covers roaming and mobile devices and cloud-based assets. Branko Bokan, lead architect for Protective DNS at CISA, explains, “A lot of federal technologies are no longer behind those on-premise networks, behind firewalls. They’re now all over the Internet, in the cloud, but also we see a large number of what we call roaming and nomadic devices and mobile devices that federal users, both employees and contractors, are using to access federal resources.” The hope is to expand the service beyond federal agencies in the future, Federal News Network adds, and the natural next step would be local governments. “When we originally designed this service, we designed it in mind of the need to scale it to serve the biggest enterprise,” Bokan states. “We would really like to be able to offer this service not just to the federal enterprise, not just the federal civilian executive branch agencies, but to other levels of U.S. governments that might be interested in the same type of protection.”
GAO’s ransomware report indicates communication is a weakness.
The US Government Accountability Office (GAO) this week released its ransomware report, a review of federal agencies’ ransomware prevention and response assistance to state, local, tribal and territorial governments (SLTTs), Nextgov.com reports. After surveying officials from thirteen SLTTs, the results indicate that a majority of local governments are “generally satisfied” with the ransomware-related support they received between January 2018 and May 2021 from agencies like the Federal Emergency Management Agency, National Guard Bureau, National Institute of Standards and Technology,Treasury Department, and the Federal Bureau of Investigation (FBI). However, eleven of the respondents “identified challenges related to awareness, outreach and communication” when seeking response assistance from the FBI. One SLTT official said that when calling the FBI’s 24-hour incident response hotline, he was sent straight to voicemail, and the agency never followed up. The respondents also said they experienced “difficulties identifying the federal prevention and response services that were available to SLTTs.” The GAO’s report recommends that CISA and the Secret Service work to determine how to “improve interagency coordination on ransomware assistance,” and it calls on the FBI to improve interagency coordination.