Full video transcript
00:01
[Music] Hey, good afternoon everybody. My name is Ed Luke. I’m the director of risk intelligence and strategy here at Everbridge. I just wanted to discuss a situation that happened yesterday outside of New York City where the United States Secret Service dismantled a clandestine telecommunications
00:20
network. The network comprised of 300 plus SIM card servers and over 100,000 SIM cards spread across five locations. So, why does this matter, right? Why does anybody care? Law enforcement says the hardware could have been used to threaten US officials, carry out
00:35
encrypted and anonymous communication, disrupt cell communications, shutting down cell phone towers, and obviously possibly interfere with emergency communications. Also, for good measure, law enforcement also obtained many illegal firearms, some cocaine and encrypted tools as well. So, no suspect
00:55
has yet been identified, but intelligence sources do suggest that the potential for involvement of a nation state actor is very real. Nation state actors have been attacking and trying to leverage gaps in United States infrastructure for years. Uh lately, the Chinese and Russian governments have
01:11
ramped up their cyber attacks against the water sector, the electricity sector, the financial sector, the health sector as well. You know, a lot of the infrastructure in this country is aging and it’s susceptible to not only sophisticated attacks like this one, but
01:25
lowcost minimal planning attacks that we’ve discussed many times when talking about domestic violent extremists. So, of course, the timing of all this is very interesting being that the UN is meeting in New York City and it just highlights a lot of risks and vulnerabilities uh that that companies
01:41
should be aware of. This is a hybrid threat. You know, cyber electronic conventional counter intelligence operations. This changes the threat vector. You know, complicates your ability to mitigate and leads to confusion. Obviously, in crisis or attack, a loss of communications even
01:57
temporarily will degrade your command and control, your ability to coordinate, and your ability to respond. uh interference of communications during a high-profile diplomatic event could escalate into other cascading security failures and physical security and executive protection. It highlights the
02:14
gap and lack of redundancies in people’s communications and their security. The sophistication and scale of this uh leads to the fact that looks like a nation state actor or some other well-funded elicit actor are other areas other sectors like health or electricity
02:33
at risk. Uh could this happen in other high-profile metro areas like Washington DC? Uh obviously it could. Are those operations actually in place right now? Uh too early in the investigation to be able to tell. Um, you know, this potential attack seems very daunting.
02:50
Uh, you know, the impacts would be massive. Uh, but there are a few things that I would consider. Uh, if I were running an organization right now, I would audit my telecom dependencies. What depends on cell and SIM services? What go through those channels? What if
03:04
that’s unavailable? Uh, establish backup communications, satcoms, mesh radio, HF radio, is additional ISP paths. Uh, it might sound primitive. Uh but then again, so is not being able to communicate to your assets and your people uh during a crisis. Also, I look at deploying anomaly detection. Uh work
03:24
with your carriers to monitor unusual loads. Uh monitor for strange traffic or spikes in encrypted communications. Use AI and ML. Leveraging those for detection, anomaly detection, monitoring, and alerting is is key for early warning. Uh I would enforce device control. uh SIM inventory, keep a tight
03:43
control over your SIM cards, uh make sure unused ones are decommissioned, exercising, simulate comms, outages, practice your business continuity. How should your team react and respond to one of these incidents, then adjust accordingly? And then also equally important is liazing with private and
03:59
public sector partners, law enforcement, telecom providers. You know, build relationships and share information. Intelligence and information sharing uh leads to better security, improves risk posture. So, those are just a few things you could do in the event uh or to limit
04:13
your exposure in the end of event of one of these attacks. You know, here at Everbridge, we’ll continue to monitor this situation and provide updates as they come on this and all other risks out there. So, reach out if you need anything. I appreciate your time. Have a great rest of your afternoon.
