WannaCry exposes defense supply chain vulnerabilities.

• Author: Berger, Brian
• Position: Viewpoint

The launch of WannaCry, a strain of leaked National Security Agency ransomware, affected more than 300,000 computer users in more than 150 countries in May.

The attack--which operated by encrypting a computer's data, then demanding a payment of $300 in bitcoins under the threat of deleting all files--has since been labeled one of the largest operations of its kind in the internet's history.

At particular risk were organizations that did not update their current operating systems and those running older versions of Microsoft Windows, primarily Windows XP and Windows Server 2003, whose systems had not been updated with security patches since 2014.

The ransomware utilized a backdoor implant tool known as DoublePulsar to exploit a weakness in Microsoft's server message block to initiate the attack, and once active, spread itself across a vulnerable network. Its victims included FedEx, Deutsche Bahn and Britain's National Health Service, among many others. The ransomware package is said to have originated from an NSA-utilized technology known as EternalBlue, which was leaked earlier this year.

As the global computer security community races to rectify the vulnerabilities exposed by WannaCry, experts fear the potential of a similar incident. While the attack itself was remediated through the discovery of a kill switch left in the ransomware's code, its widespread effectiveness in shutting down entire networks provided an alarming example of the consequences of poor cyber posture.

The Defense Department supply chain--a critical segment of the nation's infrastructure --is particularly vulnerable to high-profile targeting: with valuable assets and limited protection, it may present itself as a hacker's paradise. As one of the largest and most operationally volatile supply chains in the world, an attack on this key resource could have potentially catastrophic effects. It may inhibit the military's ability to respond to a contingency. Fortunately, there are several useful takeaways from the incident, including recommended best practices to ensure the global end-to-end security of the supply chain.

The worm took advantage of the well-known fact that many organizations do not patch and update their operating systems in a timely manner. While it is common practice for many larger enterprises to wait to adopt a new release, often due to internal policies, this processing period creates network vulnerabilities. Flaws in these systems are publicly released...