The Wire - February 22, 2024

//The Wire//1900Z February 22, 2024////ROUTINE////BLUF: MULTIPLE NATIONWIDE CYBER EVENTS IMPACT USA.// -----BEGIN TEARLINE------International Events-Red Sea/HOA: The BBC has obtained recent imagery indicating the status of the M/V RUBYMAR. The photos confirm that the vessel is not completely sunk, but severe flooding has caused such substantial trim by the stern that her deck is awash at the base of the accommodation superstructure. Likewise, the bulbous bow is almost completely above the waterline. AC: The status of salvage operations is unclear. Though details are very scarce, by last report she is uncrewed and is being towed into port Djbouti.-Homefront-USA: This morning many cyber events were reported on a variety of platforms, utilities, and critical infrastructure.The main cyber event involved a mass cellular outage throughout the majority of the continental United States. The outage initially appears to be largely confined to the AT&T network (and various subsidiaries), but problems were also reported by Verizon users. The cause of this outage is unclear, and it is also not known how (or if) this one event cascaded to impact other industries throughout the day. In a possibly separate incident, many pharmacies across the U.S. have reported computer systems being offline, allegedly due to a cyberattack. Specifically targeted is software provided by Change Healthcare, that is used to manage records and fill prescriptions by many pharmaceutical chains throughout the Unites States.Wells Fargo brokerage users also reported problems accessing their accounts this morning. It is unclear as to if this was related to any of the other cyber events reported so far today.Occurring nearly simultaneously with the initial cellular outage, an X-class solar flare caused widespread degradation of some radio communications.-----END TEARLINE-----Analyst Comments: While the direct causes of today’s cyber events are not confirmed at this time, more generally this is likely a culmination of years of mission-creep and doctrine shift among communications networks, which have resulted in not just significant cybersecurity vulnerabilities, but also a crisis of competency. As such it is also important to remember that since most 911 call centers are heavily reliant on commercial telecom networks, many emergency services were offline for several hours. Also important to consider for the future is that adversaries conducting an attack will likely time the attack to coincide with a period of natural radio degradation (such as during a natural solar event). This compounds the degradation of communications, and ensures that maximum effectiveness is achieved. Though fortunately, this particular solar flare did not degrade radio comms as much as it could have.Conversely, the timing of such a substantial collection of cyber events is suspicious. Last week, Congress raised the alarm regarding an unidentified threat, specifically related to Russia’s attempt to emplace weapons in space that can be used to target communications satellites. As no hard details of this threat have been revealed, and this story has disappeared from all mainstream media, this was likely an attempt to force more funding through Congress for Ukraine. Consequently, the possibility must be considered that these cyber events could have a variety of causes: Deliberate cyberattack by an adversary, gross incompetency on the part of a telecom company, or a false-flag attack intended to increase funding all are equally likely theories until more details are made public.Admin Note: As announced on various social media platforms, the GhostNet stopgap communications plan that we have developed was activated during this crisis, and functioned as designed. Though far from perfect (and a work-in-progress), this system was intended to ease the