Leaked documents from a Moscow-based defense contractor that assists Russian intelligence agencies with cyberattacks mentions “Fairfield” as a potential breach for an attack, according to a Washington Post article published today. Whether this is a reference to Connecticut’s Gold Coast town, however, remains unclear.
The Post article discusses a cache of more than 5,000 corporate documents from the Russian defense contractor NTC Vulkan that were leaked to a German reporter. The documents, according to the article, “detail a suite of computer programs and databases.”
“One illustration for a Vulkan platform called Skan makes reference to a U.S. location labeled ‘Fairfield’ as a place to find network vulnerabilities for use in an attack,” the article reads.
Arthur House, who worked as the chief cybersecurity risk officer under the Malloy administration and was also the director of congressional relations and communications for the director of national intelligence, said the first thing he would do at a state level when confronted with information something like this is work with the state’s chief information officer to figure out more about what “Fairfield” actually refers to.
“My gut reaction … is, it’s a code name,” House said Thursday. “It could be a code name because it refers to a business in Fairfield County. It could be not in Connecticut at all, but just a code name in Fairfield, just as you make up code names for so many other things.”
Brenda Kupchick, First Selectwoman of Fairfield, also questioned whether the “Fairfield” mentioned in the leaked document referred to a town in Connecticut.
“As special and unique as Fairfield Connecticut is, there are twenty-nine other “Fairfields” in the United States,” Kupchick wrote to CT Examiner in an email. “It’s unclear from the article that “Fairfield” even refers to a municipality. I would like to think that if the Washington Post could uncover a vulnerability in our IT systems, we would have heard something from the federal or state government by now.”
John McKay, spokesperson for the state’s Department of Administrative Services, told CT Examiner on Thursday that in an email that they “have not been made aware of any information that this new story relates to Fairfield, CT or the state network.”
“Cybersecurity is of critical importance to every organization, including the State of CT. The recent actions by the White House announcing a national cybersecurity strategy to counter nation-state criminal activities is a welcome plan to address global threats,” McKay said.
House said, at a national level, there are multiple agencies working on intelligence gathering using different methods. He said it’s possible that certain intelligence organizations are already aware of a threat even as people in other areas of intelligence — or reporters, or the public —- are just finding out about it.
“What we don’t know is how much about this we already knew, and it’s entirely possible that this is not a surprise to the intelligence community,” he said. said House. “We try to stay on top of these things as closely as we possibly can. And secondly, we don’t talk about it. So it’s entirely possible this could go anywhere from, ‘Yep. We know about this. We’re watching it all along,’ to ‘This really is a discovery and we’ve got to get on top of it.’”
Depending on the knowledge that national intelligence gatherers already have about a potential cybersecurity breach, they may form a task force, House said, and do a risk assessment. But he noted that also said that the national security agencies might opt to keep quiet and observe rather than having a target shut down all its operations.
“So we’ll keep watching this rather than, you know, calling up Fairfield and saying, ‘Shut everything down. Somebody’s watching you,’” he said. “Because if you did that, you may lose sight of a far more dangerous operation which is underway.”
The state’s Attorney General’s Office recorded just over 1,000 electronic breaches that affected about 546,000 of the Connecticut state’s residents in 2020, according to a document detailing the Lamont administration’s cybersecurity strategy. Public organizations and private companies are required to report these breaches under state law.
House said the state is mainly focused on keeping state agency data secure, which he said the state takes seriously. Under the administration of Gov. Dannel P.ernor Malloy, the state also used to have plans detailing how it would work with law enforcement, businesses, individual towns and universities, according to House, although he’s not sure of the current status of those plans. He added that the state’s utilities have strong protections.
“There are very serious efforts to protect the state and they do updates on their malware protection, their software, all the time,” he said..
But outside the state, he said, cybersecurity protections that municipalities and businesses have vary widely from one to the next. He said some municipalities have taken cybersecurity seriously, particularly after recent ransomware attacks in the state. Many, he said, hire outside firms to provide cyber protections.
“It’s very difficult for a small town,” he said. “Ten years ago, they didn’t even have a chief information officer and to suggest now that you have to have cyber protections … (on) a small budget that can be difficult to do.”
In 2021, Gov. Ned Lamont allocated $11 million toward cybersecurity improvements. A report on the IT Strategic Plan for 2023 notes that the state has basic cybersecurity infrastructure, enterprise scanning and protections against malware in place, but still needs to address risks that could come from third-party vendors.
House said everything on the internet is vulnerable to hacking, but that there are two things businesses and individuals can do to protect themselves.
“One is to enhance your ability to defend yourself so that nobody gets through. And two, have a plan on what you’re going to do if they do,” he said.
This story has been updated