| From | Jim Himes <[email protected]> |
| Subject | We are under attack |
| Date | June 3, 2021 8:02 PM |
Links have been removed from this email. Learn more in the FAQ.
Links have been removed from this email. Learn more in the FAQ.
Friend,
Our gasoline pipelines. Our food supply. Sony. Target. The federal government’s networks.
All under attack. Vulnerable to threats. Every single day. It doesn’t stop, and we’re not doing nearly enough to stop it. In fact, most of the time, we do little more than wonder how the attackers will spend their ransom or use our stolen data.
It's time to surely and swiftly fight back against these cyber and ransomware attacks. Before it's too late.
Please read and share my recent op-ed titled "It is time to strike back against cyberattacks" in the Stamford Advocate [[link removed]] on what we need to do below :
With gasoline once again flowing through the Colonial Pipeline, I too will resume a predictable routine. Every few days, I will pass armed guards and locked doors to be briefed on the week’s cyberattacks. Most will have come from Russia, China, North Korea, Iran or some shadowy criminal group, often sheltered by one of those countries. Many will have succeeded in stealing valuable data or breaking crucial networks. Some will have been catastrophic. Only a few, like the recent attacks on the Colonial Pipeline and the SolarWinds breach, will ever become publicly known.
There is a long list of things we must do to stop these attacks. We should require private companies to tell the public, or at least the government, when they have been attacked. We should make sure that experts at places such as the NSA and the FBI are side-by-side with corporate network operators when attacks are underway. We should have a clear policy on the payment of ransom to ransomware attackers. We could all help by using two-factor authentication and not clicking unknown links.
But at the very top of the list is the need to fundamentally change the game by establishing a sure and swift deterrence.
Had the attack on the Colonial Pipeline involved explosions at pumping stations, law enforcement or military operators would be breaking down doors. Had the SolarWinds attack snuck Russian military operatives instead of malicious code into server farms, we would have called it an act of war, and responded appropriately.
Instead, time and again, we do too little, too late.
Five years ago, President Barack Obama responded to the Russian attack on our presidential election, on the very essence of our democracy, with the expulsion of 35 Russian “diplomats” and the closing of a few secondary Russian facilities. And he told Putin to “cut it out.” Putin barely felt the slap on the wrist.
Fewer than four years later, the SVR, a Russian intelligence agency involved in the 2016 election hacks, used a supply chain attack on Microsoft and SolarWinds to penetrate thousands of networks including those of the federal government. In response, the United States — you guessed it — expelled some Russian diplomats. Fool me once ...
For the bad guys, the cost of doing business is very low indeed.
It is time to strike back, using our unparalleled offensive cyber capabilities with the ferocity and precision (and yes, proportionality) that these and many other cyberattacks would have provoked had they been undertaken kinetically.
Darkside, the shadowy ransom-ware gang behind the Colonial Pipeline attack, gave the game away with their bizarre appeal for public sympathy: “Our goal is to make money, and not creating (sic) problems for society.” For DarkSide, it’s all about maximizing revenue and minimizing cost. Nation states do a similar, if more expansive, calculation of costs and benefits.
So let’s raise those costs. Let’s hurl the full weight of the American legal, diplomatic and cyber capabilities against DarkSide and the organizations or countries that assisted. There is no reason why our immense power, if applied, can’t result in jailed hackers, businesses sanctioned into bankruptcy, emptied bank accounts and melted equipment.
The same goes for Putin, who draws no formal distinction between the Kremlin and the private groups who supply it with propaganda, mercenaries, and hacking services. I have now told the senior-most officials of three presidential administrations that Putin respects only the Machiavellian language of force and retribution. For him, all else is tactical. So let’s demonstrate the cyber capabilities we have spent billions of dollars developing. Let’s make sure that he and the oligarchs who support him feel the fear and anxiety felt by millions of Americans contemplating crashed email systems or rising gasoline prices.
The objection to my arguments has been consistent: that as a highly networked nation, we are particularly vulnerable to a cyber tit-for-tat. In a cyber exchange, the Russians, Chinese or Iranians may choose to attack our critical infrastructure. Like, say, an essential fuel pipeline. Yes, there is risk. But that risk must be weighed against the fully unacceptable status quo.
Hitting back isn’t the only answer. It’s part of the answer. In this new world, a credible deterrent must be combined with clearly articulated international rules, norms and an understanding of our national doctrines: all the things that helped keep the Cold War with the Soviets from becoming hot. We must rededicate ourselves to leading a global push for the establishment of what I think of as an E-neva Convention.
Though challenging, it is possible to identify things such as the networks controlling health care, aviation, power and other critical infrastructure that should be completely off-limits during peacetime. China and the United States are equally vulnerable to rogue private hacking operations; we should work together to stamp them out. International agreements are imperfect and occasionally flouted. But the world is far more risky without them.
Above all else, however, it’s time to change the game and impose the meaningful costs that will finally deter our adversaries. Until we do, I know exactly what I will learn the next time I walk through those locked doors for a cyberattack briefing.
- Jim
[link removed] [[link removed]] [link removed] [[link removed]] [link removed] [[link removed]]
Paid for by Himes for Congress
Himes for Congress
857 Post Road
#312
Fairfield, CT 06824
United States
Email is an important way for us to keep supporters like you informed about critical issues and to build a winning grassroots campaign. If you believe you received this message in error or wish to no longer receive email from us, please unsubscribe: [link removed] .
Our gasoline pipelines. Our food supply. Sony. Target. The federal government’s networks.
All under attack. Vulnerable to threats. Every single day. It doesn’t stop, and we’re not doing nearly enough to stop it. In fact, most of the time, we do little more than wonder how the attackers will spend their ransom or use our stolen data.
It's time to surely and swiftly fight back against these cyber and ransomware attacks. Before it's too late.
Please read and share my recent op-ed titled "It is time to strike back against cyberattacks" in the Stamford Advocate [[link removed]] on what we need to do below :
With gasoline once again flowing through the Colonial Pipeline, I too will resume a predictable routine. Every few days, I will pass armed guards and locked doors to be briefed on the week’s cyberattacks. Most will have come from Russia, China, North Korea, Iran or some shadowy criminal group, often sheltered by one of those countries. Many will have succeeded in stealing valuable data or breaking crucial networks. Some will have been catastrophic. Only a few, like the recent attacks on the Colonial Pipeline and the SolarWinds breach, will ever become publicly known.
There is a long list of things we must do to stop these attacks. We should require private companies to tell the public, or at least the government, when they have been attacked. We should make sure that experts at places such as the NSA and the FBI are side-by-side with corporate network operators when attacks are underway. We should have a clear policy on the payment of ransom to ransomware attackers. We could all help by using two-factor authentication and not clicking unknown links.
But at the very top of the list is the need to fundamentally change the game by establishing a sure and swift deterrence.
Had the attack on the Colonial Pipeline involved explosions at pumping stations, law enforcement or military operators would be breaking down doors. Had the SolarWinds attack snuck Russian military operatives instead of malicious code into server farms, we would have called it an act of war, and responded appropriately.
Instead, time and again, we do too little, too late.
Five years ago, President Barack Obama responded to the Russian attack on our presidential election, on the very essence of our democracy, with the expulsion of 35 Russian “diplomats” and the closing of a few secondary Russian facilities. And he told Putin to “cut it out.” Putin barely felt the slap on the wrist.
Fewer than four years later, the SVR, a Russian intelligence agency involved in the 2016 election hacks, used a supply chain attack on Microsoft and SolarWinds to penetrate thousands of networks including those of the federal government. In response, the United States — you guessed it — expelled some Russian diplomats. Fool me once ...
For the bad guys, the cost of doing business is very low indeed.
It is time to strike back, using our unparalleled offensive cyber capabilities with the ferocity and precision (and yes, proportionality) that these and many other cyberattacks would have provoked had they been undertaken kinetically.
Darkside, the shadowy ransom-ware gang behind the Colonial Pipeline attack, gave the game away with their bizarre appeal for public sympathy: “Our goal is to make money, and not creating (sic) problems for society.” For DarkSide, it’s all about maximizing revenue and minimizing cost. Nation states do a similar, if more expansive, calculation of costs and benefits.
So let’s raise those costs. Let’s hurl the full weight of the American legal, diplomatic and cyber capabilities against DarkSide and the organizations or countries that assisted. There is no reason why our immense power, if applied, can’t result in jailed hackers, businesses sanctioned into bankruptcy, emptied bank accounts and melted equipment.
The same goes for Putin, who draws no formal distinction between the Kremlin and the private groups who supply it with propaganda, mercenaries, and hacking services. I have now told the senior-most officials of three presidential administrations that Putin respects only the Machiavellian language of force and retribution. For him, all else is tactical. So let’s demonstrate the cyber capabilities we have spent billions of dollars developing. Let’s make sure that he and the oligarchs who support him feel the fear and anxiety felt by millions of Americans contemplating crashed email systems or rising gasoline prices.
The objection to my arguments has been consistent: that as a highly networked nation, we are particularly vulnerable to a cyber tit-for-tat. In a cyber exchange, the Russians, Chinese or Iranians may choose to attack our critical infrastructure. Like, say, an essential fuel pipeline. Yes, there is risk. But that risk must be weighed against the fully unacceptable status quo.
Hitting back isn’t the only answer. It’s part of the answer. In this new world, a credible deterrent must be combined with clearly articulated international rules, norms and an understanding of our national doctrines: all the things that helped keep the Cold War with the Soviets from becoming hot. We must rededicate ourselves to leading a global push for the establishment of what I think of as an E-neva Convention.
Though challenging, it is possible to identify things such as the networks controlling health care, aviation, power and other critical infrastructure that should be completely off-limits during peacetime. China and the United States are equally vulnerable to rogue private hacking operations; we should work together to stamp them out. International agreements are imperfect and occasionally flouted. But the world is far more risky without them.
Above all else, however, it’s time to change the game and impose the meaningful costs that will finally deter our adversaries. Until we do, I know exactly what I will learn the next time I walk through those locked doors for a cyberattack briefing.
- Jim
[link removed] [[link removed]] [link removed] [[link removed]] [link removed] [[link removed]]
Paid for by Himes for Congress
Himes for Congress
857 Post Road
#312
Fairfield, CT 06824
United States
Email is an important way for us to keep supporters like you informed about critical issues and to build a winning grassroots campaign. If you believe you received this message in error or wish to no longer receive email from us, please unsubscribe: [link removed] .
Message Analysis
- Sender: Jim Himes
- Political Party: Democratic
- Country: United States
- State/Locality: Connecticut
- Office: United States House of Representatives
-
Email Providers:
- NGP VAN