WannaCry? Not about ARAD.

  • Published
  • By Tyra Jackson, SAF/FM

WannaCry, the ransomware virus that spread earlier this year, affected hundreds of thousands of computers worldwide. As we all know, keeping safe in times of cyberattack requires speed and agility – from quickly becoming aware of the endpoints at risk to patching those vulnerabilities successfully. Recently, our Financial Management (FM) leadership at Ellsworth Air Force Base saw the speed and agility of ARAD, the Automated Remediation Asset Discovery system, first hand. In the time it usually takes to identify an attack, research and gather data, then communicate properly to those affected, countless more endpoints, networks, and in our case, Air Force financial data, can be put at risk. Thankfully, by using the new system, we were spared this impact.

On May 16, after accessing ARAD, Mr. Todd Cessna, a SAF/FM Air Force Financial Systems Office (AFFSO) System Administrator, spotted the WannaCry query specifically created to check systems for outdated software. With read-only access across the base, he executed the query and in less than 20 seconds he saw staggering results: 52 endpoints in need of attention, totaling more than 500 vulnerabilities. Within that, 34 endpoints were FM-owned – that’s roughly 240 vulnerabilities on our machines. Todd sprang into action, scheduling a meeting with the 28th Communications Squadron to give a short demo of ARAD, provided the query results, and came up with a game plan on next steps.

“I’m in awe, myself, of the capabilities of ARAD,” said Mr. Cessna. “It’s about time the Air Force has a product that’s up to speed.”

Equipped with the query results, FM had insight into exactly which endpoints were most vulnerable and specifics about what needed patching within seconds rather than the weeks it would have taken to gather this same information. As we worked quickly to fix things on our end, Mr. Cessna partnered with the local server support team to install patches and update registry values. By 22 May, we mitigated vulnerabilities on 24 endpoints and since then have completed the remaining ten.

In the short six months since being declared initially operational capable (IOC), the ARAD system has made major headway in increasing cybersecurity and mission assurance for the Air Force. Thanks to the team’s use of such a dynamic system, we were spared critical damage and saw just how powerful of a tool we have at our fingertips.