According to a Washington Post article published today, documents leaked from a Moscow-based defense contractor that assists Russia’s intelligence services in cyberattacks mention “Fairfield” as a potential compromise in the attack. increase. However, it remains unclear whether this is a reference to the town of Gold Coast, Connecticut.
An article in the Post describes a cache of over 5,000 corporate documents from Russian defense contractor NTC Vulkan that was leaked to a German reporter. According to the article, the document “details a series of computer programs and databases.”
“One instance of the Vulkan platform, called Skan, mentions a location in the United States labeled ‘Fairfield’ as a location to find network vulnerabilities used in attacks,” the article reads. I’m here.
Arthur House, who served as Chief Cybersecurity Risk Officer under the Malloy administration and was also Director of Parliamentary Relations and Communications for the Director of National Intelligence, said the first thing to do at the state level when faced with such information is: says. He works with the state’s chief information officer to take a closer look at what “Fairfield” really refers to.
“My instinctive response is… it’s a codename,” House said Thursday. “It could be a codename because it refers to businesses in Fairfield County. is.”
John McKay, a spokesman for the state’s Office of Administrative Services, told the CT Examiner by email on Thursday, “I have not been informed that this new story involves Fairfield, CT, or the state’s network. ” he said.
“Cybersecurity is of paramount importance to all organizations, including the state of CT. It is a welcome plan for
At the national level, House said, there are multiple agencies working on intelligence gathering in different ways. He said certain intelligence agencies may already be aware of the threat.
“What we don’t know is what we already know about this, and it’s entirely possible that this shouldn’t come as a surprise to intelligence agencies,” he said. “We’re trying to get as close to these things as possible. And secondly, we don’t talk about it. So it’s entirely possible that this could go anywhere. Know about this: “This is really a discovery and we have to overcome it.”
Depending on what knowledge national intelligence collectors already have about potential cybersecurity breaches, they may form task forces and conduct risk assessments, House said. National security agencies said they may choose to observe silently rather than force targets to cease all activity.
“So instead of calling Fairfield and saying, ‘Shut it all down,’ I’ll keep an eye on this. Someone’s watching you,” he said. “If we do that, we might lose sight of the more dangerous operations that are underway.”
According to documents detailing the Lamont administration’s cybersecurity strategy, the state’s Attorney General’s Office recorded more than 1,000 electronic breaches that affected approximately 546,000 Connecticut residents in 2020. Public agencies and private businesses are required to report these violations under state law.
House said the state is primarily focused on keeping state agencies’ data safe, and said the state takes this seriously. Under the control of Gov. Dunnell-Perner-Malloy, the state also had a plan detailing how it would work with law enforcement agencies, businesses, individual towns and universities, House said. He is unsure about the current status of the plan.. He added that state utilities have strong protections.
“There is a very serious commitment to protecting the nation and they are constantly updating their malware protection and software.
But outside of the state, the cybersecurity protections that local governments and businesses have vary greatly from one to the next. said it did after the recent ransomware attack within. He said many hire outside companies to provide cyber protection.
“It’s very difficult for a small town,” he said. “Ten years ago they didn’t even have a chief information officer. Now they couldn’t suggest that they needed cyber protection …[on]small budgets that are hard to do.”
In 2021, Governor Ned Lamont has allocated $11 million to improve cybersecurity. According to his IT Strategic Plan report for 2023, the state has basic cybersecurity infrastructure, enterprise scanning, and protection against malware, but addresses potential risks from third-party vendors. need to do it.
House said everything on the internet is vulnerable to hacking, but there are two things businesses and individuals can do to protect themselves.
“One is to improve your ability to protect yourself so no one gets through. Two is to have a plan for what to do if they do,” he said.