At a press conference early this morning, T. John
McIntyre, President of MedDevice, told reporters that his company was the alleged
target of the cybersecurity attack reported
yesterday by the Cybersecurity Agency’s (CSA) Critical Infrastructure
Security Operations Center (CI-SOC). He told reporters that the cyberattack was
a routine communication with our manufacturing partner in China, not an attack
on the company.
“I spent a number of hours
yesterday meeting with the CI-SOC away team and we finally concluded that the ‘data
exfiltration’ that their system detected was actually a routine communication
with MedZS, our manufacturing partner in Guangdong, China.” McIntyre told
reporters; “This whole ‘cyberattack’ fiasco was caused by some miscommunications
between MedDevice and CI-SOC.”
An email from General Buck
Turgidson (ret), Director of CI-SOC indicated that the IP address that the
information was sent to by MedDevice was not on the current list of approved
communications whitelist prepared by the Company. Walter O’Reilly, spokes
person for MedDevice, confirmed that the data was sent to a new cloud-based
account used by MedZS that had not yet been communicated to CI-SOC.
O-Reilly told reporters that the
data dump was a detailed description of the company’s new rapid-test device for
COVID-19 detection that the company expects to be placed in company’s and
schools for daily screening of employees and students arriving at a facility.
The device relies on a non-invasive swab being taken from the inside of the
facemask being worn the person to be tested with a specially treated cotton
swab. The COVIDSWAB® would then be placed in a scanner and a positive/negative
determination would be made within seconds.
“This will be a game changer for
facilities that want to safely open during the COVID-19 pandemic,” O’Reilly
said.
A source that declined to be
named because they were not authorized to talk to the press told me that the
leadership at the CI-SOC was somewhat abashed about the apparently premature announcement
of the non-attack, but still felt that the right decision had been made. There
were concerns that recent
reports about the current understaffing of the facility were leaving the
impression that the facility was not an effective response to cyberattacks on
critical infrastructure.
According to Johnathan Quest,
spokes person for the Federal Bureau of Inquiry, that agency’s investigation of
the incident has not yet been closed. “There are still some questions about the
sharing of information with a Chinese company with ties to the PLA, specially with
the potential national security implications of this product,” Quest told
reporters this morning.
Sen TJ Kong (R,GA) told reporters today that he agreed with
the decision by Turgidson to release the information on the reported cyberattack
even though it turned out to be a miscommunication problem instead of an
attack. “It is important that the country knows that the US government is being
proactive in defending the nation from foreign cyber adversaries,” he said; “Minor
hiccups like this are to be expected as the CI-SOC and its private sector
partners learn how to work together.”
No comments:
Post a Comment