Crisis Management

Crisis Management
How has the Solar Winds breach impacted how your organization thinks about IOT security?

Top Answer : We have been using SolarWinds since before I got to campus, so we're on the hook to think about this type of impact. The reality is until somebody is breached, until somebody is personally affected, no one pays attention. At UCLA, we know our leadership is definitely concerned about ransomware and security issues in general. Those are the things that get people's attention, and then once you've got their attention, you can actually try and move forward with a solution, or multiple solutions. The difficulty there lies in needing more people. There just aren't enough people with that skill set already in place to be able to do that. Even though you want to rush to fix the problem, it's still months away until you can get that group of people together that can actually start to move forward, get it resourced, get it funded, get it organized in a way that you can actually implement something and do it. You can't knee-jerk react to Orion and say, "Oh, let me fix the problem." No, too late. Beforehand we had FireEye. FireEye was what picked it up for us. FireEye is relatively new to us and if we didn't have FireEye, we'd have no idea. And I'm one of the lucky ones, at least for now, it doesn't look like it phoned home. I don't have ADFS. This goes back to technology, right? When I walked in the door, we didn't even have a SIEM, right? It's been on my list. We implemented Splunk in June. I can go back now and look at Splunk and see what happened... yay, right? Again, it seems like these little moral victories, that you would think would be normal blocking and tackling. These solutions need to be in place. You need the right tools in the toolkit to be able to help yourself survive.

Anyone using cameras or other setups to scan for fever for people walking into your office?

Top Answer : I work for a non-profit in DC. All employee badges have been turned off to prevent staff from entering the building without prior approval. A request process has been setup thru our ERP system for staff to both request building access and to agree to the conditions for building access. The conditions include: a mandatory temperature scan; an acknowledgement that PPE is required and acknowledgement that social distancing is mandatory. However, there is an outstanding question around what to do if an employee has received the COVID vaccine. The organization has no plans to require staff to get vaccinated. But vaccinated staff do not pose a risk, so the organization is struggling in how to handle the situation when some staff may have received the vaccine.

If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it.  The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world.  What do others think ?  How could this impact your organization ?   Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge

Top Answer :

What's a greater concern for returning to the office? Comment how you are prioritizing...

Top Answer : The majority of our focus is definitely on the human factors as the technical factors are mostly related to things we had to solve as we went distributed.  We will need some additional technical stuff to support the human factors (eg. scheduling software to limit the # of people in the office at the same time) but solving the human factors of helping people to feel comfortable, ensuring that safety precautions are being followed, etc... are much harder and why it will be a while before we go back.

SolarWinds just hired Chris Krebs, under whose reign as former CISA director the SolarWinds hack happened.  How do you feel about this hire?

Top Answer : An excellent move that SolarWinds took to help repair their reputation in the information security space.

Related Tags
How permanent are some of the pandemic-induced changes going to be?

Top Answer : It's been a huge “forced march” experiment. It has forced people to embrace some virtual technologies they might not have in the past. If you've worked for a large enterprise tech company and managed teams around the world, you're used to doing virtual teaming. But it was not the mainstay of how people interact. It was more isolated. I think the pandemic has forced everybody to learn how to interact in those environments. I feel I've seen a lot of innovations around keeping people engaged in those environments. How do you stay in touch with people? How do you meet new people that you haven't met before? This has truly forced people out of their comfort zone and it's skills building that is going to be here for a long time. I think it is going to disrupt a lot of the ways people think about how they run their businesses as well. I don't know that it's a disruption, as much as it's an opportunity to really do things differently. It's a strengthening exercise for how people build viable, sustainable business models. It's going to make organizations and businesses stronger over the long haul.

How did COVID-19 impact your organization? How did you approach the adjustment to remote work?

Top Answer : Everything had to be re-evaluated and I think many of us in tech, we're probably fortunate because we had a lot of experience with cloud technologies around being able to work in a remote, virtual sort of way, but it still presented a lot of challenges. We went from the first phase of figuring things out, just the basics: how to onboard people, interview people, get laptops to people. And then we went to the next phase, once we sort of stabilized things, trying to determine when we would return to the office. And now we're in this phase of understanding that this is not a temporary thing. I believe it's a permanent thing. Now it’s about how things are going to be different, and preparing for that new different.  What changed for me first was the technology on process and security. Security is a big one, always. How do you make sure that people have the tools, the data, the access they need now in a remote world since they're potentially never coming in the office again? We’ve had to really rethink the way that we set up security, the way we're managing data, the way we're monitoring and measuring what's going on in our environment from a security perspective.  We're now focusing on the people part of this because that's the hardest to solve and it's the one that many companies are struggling with the most. First, it was about productivity, now it's pivoting over to being really mindful around mental health. How do you actually start to find ways to stay really closely tied to what's going on in your employee population? It's not a technology problem anymore. It's not a process problem anymore. You have people all around the world that have different stresses, different concerns, but also some very common stresses and concerns around the economy,,,about their own health, how they manage their job day in and day out when they have kids in school or loved ones they're taking care of. We are also looking at how we return to work safely because that day will come. It's going to be different, likely a hybrid.

Related Tags
Who do you think is behind the SolarWinds attack?

Top Answer : Similar actors as Sandworm - Russia

Related Tags