Source: Science Photo Library via Alamy Stock Photo

COMMENTARY

As cyber threats grow increasingly sophisticated, protecting critical infrastructure is essential. State-sponsored actors, such as the notorious Volt Typhoon, continue to target critical infrastructure, using advanced cyber techniques. The stakes are high: Cyberattacks of this caliber can lead to significant disruptions to critical infrastructure, threats to democracy, global economic crises, and potentially loss of life. There is an urgent need for enhanced cybersecurity measures to protect these functions and services — it's a matter of public safety and national security. In order to combat these sophisticated threats, the industry must develop an approach that is focused on transparency, information sharing, and enhanced visibility.

Volt Typhoon, a sophisticated cyber-espionage group associated with China, employs advanced stealth techniques to infiltrate critical infrastructure networks. It primarily targets US military and government entities, accessing systems via vulnerabilities in products within these environments. Its attacks are characterized by the use of "living off the land" tactics, which leverage existing legitimate tools and processes within the target systems to evade detection. Since it does not rely on malware to infiltrate its victims, its attacks are difficult to detect and track.

Transparency and Information Sharing Can Help Safeguard Our Systems

Transparency is crucial in responding to these cyber threats effectively. When an incident occurs, the ability to act swiftly is paramount — not just for the affected organizations, but also for the government agencies tasked with investigating and mitigating these attacks. This is especially critical when signs suggest they are malicious state-sponsored actors. Transparency allows for more efficiently coordinated and timely responses to mitigate an incident from escalating.

Enter software bills of materials (SBOMs), which the US federal government has recognized the importance of as a crucial tool to enhance cybersecurity, directing the National Telecommunications and Information Administration to publish minimum standards for federal agencies to adopt and implement. The need for SBOMs, however, extends beyond federal agencies and government contractors. SBOMs can play a crucial role in protecting against and preventing these types of attacks by providing a fine-grained list of components and interdependencies, including open source and third-party components. Since they provide a detailed inventory of all the software components and transitive dependencies within a system, they make it easier to quickly identify unusual or unauthorized components that might indicate a Volt Typhoon attack.

While the SBOM is an extremely important artifact, it may overstate the actual risks of the vulnerability without the Vulnerability Exploitability eXchange (VEX) companion document. The VEX document can provide a complete picture of risk in the specific context to the SBOM, reducing the time to investigate and accelerating the time to remediate vulnerabilities by providing a greater understanding of the components. If a vulnerability truly presents a risk or if compensating controls are already in place to mitigate the risk. Utilizing the SBOM data in conjunction with the VEX, organizations can gain a comprehensive picture of their environment, allowing them to make decisions based on security intelligence provided in the data to enhance their overall security posture against cyber threats like those posed by Volt Typhoon and other bad actors.

Strong Partnerships Between the Public and Private Sectors Are Critical to Fight Cyberattacks

Public-private partnerships play a crucial role in this ecosystem of transparency and security. Through these partnerships, the government can share intelligence on emerging risks and provide the public sector with the insights needed to bolster their defenses. In return, public entities can contribute by sharing real-time data on the threats they encounter, creating a continuous exchange of critical information. This back-and-forth flow of intelligence and information sharing strengthens the collective ability to prevent and counter cyber threats.

Transparency within partnerships, which is enabled by strategies like SBOMs, creates an environment where both sides trust each other and openly share information about threats and vulnerabilities. A high level of trust within these relationships also encourages private organizations to disclose critical data without worrying about misuse, which again allows public organizations to offer better support and resources in response to cyber threats. Beyond just information sharing, this mutual confidence strengthens the overall cybersecurity posture by enabling both parties to work together to quickly resolve these issues.

Enhanced Visibility Into Complex IT Systems Enables Organizations to Enhance Cybersecurity Efforts

In addition to external efforts, visibility within organizations, both public and private, is equally important in combating cyberattacks. Modern IT environments grow more complex by the day, often consisting of hybrid infrastructures and multicloud environments. Responding quickly to cyber incidents requires a deep understanding of these systems. Solutions like observability can provide a critical lift, as they help detect anomalies as they occur. By providing real-time insights into the status of an entire IT environment, observability empowers IT teams to act swiftly and prevent an incident from occurring or escalating.

The effort to gain better visibility and insights into systems and processes — as well as the promotion of partner transparency — are two important pillars of the SolarWinds Secure by Design initiative, which is a framework that aims to bolster cyber resiliency and security across both public and private sectors. Organizations can take a similar approach to help develop a clear road map toward achieving an enhanced cybersecurity posture.

The need for ongoing collaboration and innovation in cybersecurity cannot be overstated. In today’s rapidly evolving cyber landscape, no organization can single-handedly defend against sophisticated cybercriminals and nation-state threats. It is imperative for governments and private sector entities to continue collaborating, sharing information, and developing robust defenses against cyber threats. By leveraging the power of SBOMs and observability, we can build a more resilient and secure future, and by working together, we can create a safer and more secure environment that can face today’s cyber threats.