The Broadcasting Board of Governors is free from the grasp of Chinese hackers.
But that was not the case just seven years ago.
“When I first came on board in 2009, every single server in this agency was controlled by the Chinese cyber army and they could have literally dropped this agency with one key stroke. Fortunately they chose never to do so, but at the same time we knew they were exfiltrating literally gigabyte upon gigabyte of information every day,” said Andre Mendes, the chief information officer and CTO of the Broadcasting Board of Governors. “We were able to eradicate them through a long-term exercise, about four months, to completely clean them out of our environment, but we continue to be targets for some of the most sophisticated cyber hackers in the world. Because we transmit into China, into Iran, into Vietnam, into Russia, into Chechnya and into North Korea, we are constantly being pounded by these individuals. So for us, cybersecurity is absolutely one of our top priorities because we can’t afford to fail in that endeavor. We have far too many, far too sophisticated people that are really trying to get into our data centers and wreak havoc with our operations.”
Mendes said the attack on BBG had been a long-term persistent infection that had grown over time.
“One of our first objectives was to not let them know that we knew they were here because we wanted to draw up a cleanup plan that we would be able to operate and to implement in a very short period of time without major disruptions to the operations of this agency because after all we are 24/365,” he said. “At the same time, we wanted to ensure once we did it, we could go all the way and not lead anything untouched because the last thing we wanted was for them to have a revenge capability from being excised from our environment, or to have some permanent residence that would later grow on in a later stage and be undetected.”
The fact that this exorcism happened six years ago isn’t lost on BBG’s executives today.
Mendes said the agency continues to advance its cyber defenses, while at the same time play “white hat hacker” against nations stopping BBG doing its job.
“We have been installing intrusion detection systems, exploring things like white listing of applications and we had engaged some help from some consultants with some very specific engines to look at our traffic on a constant basis,” he said. “We also were one of the first agencies to take advantage of the [Homeland Security Department’s] EINSTEIN and the Managed Trusted Internet Protocol Services (MTIPS) traffic monitoring technology. We were quite sure that over time if we saw some more of those activities they would be brought to our attention. We did a lot of DNS sink holing so we were able to identify when those beacons were trying to call home again because some of them remain dormant for a while but when they came to life again, they were going to very specific internet protocols and IP ranges that we had been able to identify and sink hole.”
Mendes said BBG’s networks and computers remain under constant attack today thus requiring his office to continue its aggressive patching and updating of systems to stave off hackers.
“A lot of the servers that we are patching are running our mission critical applications that have both a complex and fragile technology stake from a driver standpoint so we have to make sure every single patch is tested before being applied,” he said. “This puts a tremendous onus on the team, but at the same time they have developed all the protocols, all the test beds to make sure we can do that safely. It’s a constant struggle. The amount of resources consumed by our security program are not insignificant at all.”
While the Broadcasting Board of Governors is protecting its network from attacks, Mendes is overseeing a program to get past the online blockers put up by Iran, China, North Korea and many other nations that stop those country’s citizens from seeing or hearing BBG’s content.
He said BBG has about $15 million for an Internet Anti-Censorship operation.
“In the past as we saw regimes jamming short-wave broadcasts, jamming AM broadcasts and even jamming satellites for TV, today what we are seeing is regimes being extremely concerned about the dissemination of information that they do not want their population to have access to,” he said. “We are seeing the enormous effort by states like China, Iran, Vietnam, Yemen, Saudi Arabia, [and] Ethiopia to really curtail access to the Internet mostly through very sophisticated firewalls and censorship engines. We actually operate the largest anti-censorship activity in the world, about $15 million, and with that money we enable literally trillions of hits from behind those firewalls on a yearly basis. It’s a constant cat-and-mouse game where they increase they increase the sophistication of their filtering algorithms and we find a way to defeat them. We go back and forth, but by and large, we are willing this particular war.”