Cybersecurity expert available to comment on IMF breach

first_imgAddThis ShareCONTACT: David RuthPHONE: 713-348-6327EMAIL: druth@rice.edu Cybersecurity expert available to comment on IMF breachRice University’s Baker Institute fellow Christopher Bronk available for interviewsOver the weekend, news articles reported a significant compromise of computer systems at the International Monetary Fund (IMF) by an unauthorized party. While the details leaked to reporters of the New York Times remain scant, what is known is that the IMF is a critical target. Christopher Bronk, a fellow in information technology policy at Rice University’s Baker Institute for Public Policy and a former U.S. State Department diplomat who specializes in cybersecurity issues, is available to comment on the IMF breach.The IMF oversees the global financial system by following the macroeconomic policies of its member countries, in particular those with an impact on the exchange rate and balance of payments. Its objectives are to stabilize international exchange rates and facilitate development through the encouragement of liberalizing economic policies. Nonpublic member state data and highly sensitive negotiating communications between the IMF and the member states are kept on the IMF’s network, much of which is so sensitive it could affect world financial markets and public policy decisions in the member states.“For those trolling for data at the IMF, much valuable information could no doubt be found, as the fund assumes a pivotal role in managing the still unraveling financial crises around the globe, particularly those in Europe,” Bronk said. “In the statecraft of cyberspace, this is a serious event, perhaps the most serious since the cyberattack directed at the Iranian nuclear enrichment facilities last year.” Bronk said three questions are in need of answer, even if the information available is scant and vague.What happened? According to Bronk, an outsider likely gained access to the accounts of multiple users at the IMF. “The Times’ reporters believe the vector for the compromise was an incident of ‘spear phishing,’ in which IMF employees received targeted emails, possibly from sources they trust, carrying malicious software designed to clandestinely purloin data. In other words, someone poked a straw inside the IMF and began drawing its information. What information was purloined and to where it went are now matters for the fund and the FBI to figure out,” Bronk said.How did it happen? “A series of emails passed to Bloomberg News paint an interesting picture of an IT organization coping with a spear-phishing crisis,” Bronk said. “On June 1, IMF employees purportedly received a message stating, ‘Staff are strongly requested not to open emails and video links without authenticating the source.’ A week later, there was more bad news, as IMF’s IT division asked employees to turn in their RSA SecureID tokens, a device designed to provide an additional layer of security to information resources beyond username and password.” Who did it? “Due to the sophistication of the attack, fingers have generally pointed to nation-states or state-sponsored cybergroups,” Bronk said. “While likely, this is not the only possibility. Assuming the best hackers are those who don’t get caught, and the IMF or someone aiding the organization did figure out that exfiltration of data was occurring, the absolute top tier of state actors – the U.S., U.K., perhaps Israel, France and Germany – can probably be counted out. Next down the rungs are the usual suspects who do get caught – principally Russia and China. But perhaps bigger thinking should be conducted before we connect too many dots.”Bronk previously served as a career diplomat with the Department of State on assignments both overseas and in Washington. His last assignment was in the Office of eDiplomacy, the department’s internal think tank on information technology, knowledge management, computer security and interagency collaboration. He also has experience in political affairs, counternarcotics, immigration and U.S.-Mexico border issues. Since arriving at Rice, Bronk has studied a number of areas, including information security, technology for immigration management, broadband policy, Web 2.0 governance and the militarization of cyberspace. He teaches classes on the intersection of computing and politics in Rice’s George R. Brown School of Engineering.Bronk has provided commentary for a variety of news outlets, including ABC, NPR, the BBC and the Houston Chronicle.Bronk has a Ph.D. from the Maxwell School of Syracuse University and a bachelor’s degree from the University of Wisconsin, Madison. He also studied international relations at Oxford University.To schedule an interview with Bronk, contact David Ruth at druth@rice.edu or 713-348-6327.last_img

Write a Reply or Comment

Your email address will not be published. Required fields are marked *