Russia?s hacking frenzy is a reckoning

Such "supply chain" attacks have been used in government espionage and destructive hacking before, including by Russia. "We should make clear that there will be consequences for any broader impact on private networks, critical infrastructure, or other sensitive sectors.”"It's like the attacker teleports in there out of nowhere."Jake Williams, Rendition InfosecThe US has invested heavily in threat detection; a multibillion-dollar system known as Einstein patrols the federal government's networks for malware and indications of attack. It's like the attacker teleports in there out of nowhere."On Tuesday, the GAO publicly released another report, one that it had distributed within the government in October: “Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks.” By then, the Russian assault had been active for months. One potential path would be to build highly segmented networks with “zero trust,” so attackers can't gain very much even if they do penetrate some systems, but it's proven difficult in practice to get large organizations to commit to that model."You have to put a great deal of trust in your software vendors, and every one of them 'takes security seriously,'" says Williams.Without a fundamentally new approach to securing data, though, attackers will have the upper hand.