Their Silent Intentions

May 2021 No Comments

Speaker(s): Mandia, K. (FireEye)

Date: 19 May 2021

Speaker Session Summary

SMA hosted a speaker session with Mr. Kevin Mandia (CEO, FireEye) as a part of its SMA INSS/PRISM Speaker Series.

Mr. Mandia stated that what FireEye observes in the cyber domain is reflected in geopolitical events around the world. This correlation is evident by looking at the Syrian Electronic Army’s attacks on the United States’ cyber domain and how they corresponded with the Syrian government’s use of chemical weapons.

Mr. Mandia also focused on the SolarWinds attack during the summer of 2020, in which 4,000 lines of hacked code were unknowingly sent out to its customers through a software update. The implant of malicious data was an especially effective tactic because the hackers injected their code into SolarWinds’ base code after it was approved by the company’s coders. The attack on SolarWinds also revealed that the supply chain for any company is vulnerable to hacking.

Even though the implant that affected SolarWinds did not affect the source code, Mr. Mandia emphasized that it is still important for companies to protect the source code upon which their cyber systems rely. Because the implant did not impact the source code directly, it was harder to detect and impacted many of SolarWinds’ clients (50 of which experienced varied issues) for six to nine months. Mr. Mandia also noted that the attack on SolarWinds was likely carried out by actors who applied sophisticated tradecraft to stay hidden.

Mr. Mandia emphasized that the best way for US companies to protect their supply chain is to look at who they are paying for online security. There is a ransomware pandemic in the US. For every 10 ransomware attacks in the US, there is only one in another country. Furthermore, all industries are different, and some, like those in the medical field, will be forced to pay the ransom to allow their systems to come back online to save lives. Mr. Mandia concluded by arguing that by creating more cooperation between allies, the US, and others can help strengthen retribution against those that perpetuate ransomware attacks in the international commons.

Speaker Session Recording

Our speaker requested that we refrain from sharing a recording of this session.

Briefing Materials


Submit A Comment