Listen to the full episode on Apple, Spotify or wherever else you get your podcasts, and subscribe!
In the wake of a cyber attack last week that disrupted operations of a 5,500-mile Colonial Pipeline, the infrastructure reportedly supplying nearly half of the fuel for the East Coast of the United States had to shut down, but former FBI assistant director Frank Figliuzzi noted that the suspected perpetrator of the hack—the Russian-based criminal group, DarkSide—pulled off a fairly “rudimentary” hack.
“Imagine if there was a sophisticated nation state actor that decided to pull out all the stops and defeat sophisticated security countermeasures, we’d be in big trouble,” Figluizzi, a national security contributor for NBC News, said in an interview for the latest episode of Law&Crime’s podcast “Objections: With Adam Klasfeld.”
With a simple ransomware attack, DarkSide reportedly got the pipeline owner to cough up $5 million in extortion money, but not before its attack sparked shortages at gas stations throughout the region as panicked consumers purchased fuel that they feared would run dry.
Figliuzzi warned that is just an example of what could happen.
Having led the bureau’s counterintelligence division and served as an agent for 25 years, Figliuzzi discussed the “dirty little secret” about U.S. cybersecurity: The nation’s adversaries have signaled the ability to do the same thing on a vaster scale.
“The dirty little secret is, the nation states are already telling us they can do this,” Figliuzzi said. “Whether it’s China, Iran, North Korea or Russia, we have seen them peek into some of the scariest places you can imagine—hydroelectric dams, power grids, traffic, air traffic control, 911 systems, credit card payment systems, you name it. They have waved ‘Hello,’ in those networks.”
“We know they’re there,” Figluizzi emphasized. “And they’ve done it for the purposes of reminding us, ‘If things go south between us, understand: We can shut this down.'”
Beyond nation states, domestic terrorism groups have been flagged as an increasing threat by the U.S. intelligence community, in the wake of the U.S. Capitol siege.
“If you combine the growing threat of cyber with the growing domestic threat of extremism and violence in our country, and now you start intertwining them, you may have hit on the very next threat on the horizon,” Figliuzzi added, noting that some of the hacking tools are easy to purchase online.
“We’ve just lived through a global viral pandemic, where we had to stay home and shut down work,” he noted. “The next pandemic could be one of a cyber nature where you can’t go to the office because of a number of reasons: The traffic lights don’t work in an entire city, and it’s not safe to drive. Your infrastructure is down. You can’t fuel your car because the gas pumps at all the gas stations have been turned off. The ATMs don’t work, and you can’t access your money. This is the next thing on the horizon. The thought that a domestic group would do it is pretty scary.”
After the pipeline hack, President Joe Biden issued a cybersecurity-focused executive order that creates an “Energy Star” type system apprising consumers of the safety of their software, establishes a newly formed Cybersecurity Safety Review Board, standardizes the federal response to cyber incidents, and facilitates information sharing between the federal government and the private sector.
Applauding those measures, Figliuzzi described them as overdue and a “no-brainer,” but he added that executives orders are not enough, as they only can reach the federal government. Congressional action may be difficult with resistance from the political right.
“For cybersecurity, you know what one conservatives would say, ‘Hey, listen, we really believe in the free hand of capitalism, we don’t want to dictate a lot of things to the private sector,” Figliuzzi said. “We want the market to take care of itself, and figure it out. Those who don’t won’t survive,’ et cetera.”
Then, there is the Donald Trump factor.
“The more cynical amongst us would say, ‘Well also, comma, it could be that a former president has successfully used cyber attacks, social media propaganda, to his own benefit. And so if you start denying nation-state actors the ability to mess with us, you deny perhaps a technique that has been used successfully by a former president—or a nation state he was aligned with, so that’s problematic as well,'” Figliuzzi added.
Figliuzzi, the author of “The FBI Way,” is the host of the upcoming podcast “The Bureau.”
Listen to the full episode below:
(Screenshot from Zoom interview)
Have a tip we should know? [email protected]