- Published on
Massive U.S. Government Cyberattack Highlights Need for New Security Approaches
- Michael Jones
Blockchain technology can better secure supply chains and digital transactions.
December 2020 brought a flurry of news stories around the massive cyber attack on the U.S. government. Called the Solar Winds Orion Supply Chain Compromise, or the Great Supply Chain Hack, this evolving story reflects the risks even sophisticated networks—like those run by the federal government—face when dealing with attackers deploying anti-forensic techniques, user impersonation, privilege escalation and persistence, and MITRE ATT&CK® techniques.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 17th on the advanced persistent threat (APT) to government agencies, critical infrastructure entities, and private sector organizations, saying the attack began in at least March 2020 and the attacker “demonstrated sophistication and complex trade craft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”
A December 21st NPR article says the “list of affected U.S. government entities reportedly includes the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service and the National Institutes of Health.” Plus, the Department of Energy acknowledged its computer systems had been compromised, though not the critical National Nuclear Security Administration systems.
“Hackers exploited the way software companies distribute updates, adding malware to the legitimate package,” note NPR reporters Bill Chappell, Greg Myre, and Laurel Wamsley. “Security analysts said the malicious code gave hackers a ‘backdoor’—a foothold in their targets’ computer networks—which they then used to gain elevated credentials. Solar Winds traced the ‘supply chain’ attack to updates for its Orion network products between March and June.”
“This is looking like it’s the worst hacking case in the history of America,” says one U.S. official, speaking on condition of anonymity. “They got into everything.”
In this environment of fear and reaction, the promise of distributed ledger technologies offers an appealing new approach to digital security. For example, blockchains have quickly been embraced as a solution for improving supply-chain security for data, communications, and logistics.
The emerging technology of blockchain “adds layer of security to movement of critical components,” claims SAIC, an American government contractor. “We see blockchain as a transformative technology to protect elements of supply chains.”
“Blockchain can greatly improve supply chains by enabling faster and more cost-efficient delivery of products, enhancing products’ traceability, improving coordination between partners, and aiding access to financing,” says Vishal Gaur and Abhinav Gaiha in a Harvard Business Review article. “There is considerable room to improve supply chains in terms of end-to-end traceability, speed of product delivery, coordination, and financing. Blockchain can be a powerful tool for addressing those deficiencies.”
“It’s about time we start talking about the advanced methods of privacy and security we can ensure on blockchain,” adds Shamsh Hadi, CEO and co-founder of ZorroSign, Inc. “How many times do we need hacks to happen before we finally ask the right questions?”
For governments organizations and companies that require secure digital transactions, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. Unlike other electronic signature solutions, ZorroSign’s platform is built on a private, permissioned Hyperledger Fabric blockchain architecture to secure digital assets and deliver security certificates with robust audit trails and lifetime document escrow.
“Ultimately, blockchain technology helps make digital transactions more secure, faster and less expensive,” says Hadi.
Learn how blockchain can more securely manage your organization’s digital signatures and documents—contact ZorroSign today.