Business Continuity Management / Disaster Recovery , Cybercrime , Cybercrime as-a-service
Top US Cyber Officials Say Ransomware Is Here to Stay
Head of NSA, Cyber Command Says US Will Continue to Battle Ransomware for YearsSome of the highest-ranking cybersecurity officials in the U.S. government discussed the pervasive threat of ransomware on Tuesday, likening it to a clear issue of national security with the ability to inflict measurable damage on major world powers.
See Also: SIEM Wishlist: Top 5 Reasons Security Teams Can’t Wait to Upgrade
Speaking at security firm Mandiant's Cyber Defense Summit, Anne Neuberger, who serves as the deputy national security adviser for cyber and emerging technology in the Biden administration, and Gen. Paul M. Nakasone, the commander of U.S. Cyber Command and director of the National Security Agency, outlined today's threat landscape, highlighting the ability of malicious actors to penetrate federal and corporate networks.
Both federal officials underscored the threat of ransomware on everyday commerce and its ability to alter and shape foreign policy. Asked to predict whether network defenders will be forced to combat ransomware five years down the road, Nakasone answered frankly, "Every day."
Neuberger, who leads the nation's diplomatic efforts around cybersecurity, touted the president's "aggressive yet achievable" modernization of the government's IT systems - announced via executive order in May - and his focus on dismantling the infrastructure that props up ransomware gangs (see: Biden Signs Sweeping Executive Order on Cybersecurity).
Administration's Cyber Approach
"Today, more than ever, modernizing our nation's defense is a national security imperative," Neuberger said during her keynote address. "And the administration's aggressive agenda on cybersecurity reflects that understanding, and our commitment has been buttressed by the lessons we've learned in the first nine months of this administration through a number of incidents."
The three prongs of Biden's cybersecurity strategy, Neuberger said Tuesday, include:
- Modernizing U.S. defenses;
- Leveraging international partnerships;
- Ensuring the nation can compete in cybersecurity and in key emerging technologies - from 5G to artificial intelligence to microelectronics and quantum computing.
Neuberger discussed the president's May executive order on cybersecurity, which she said houses five areas that will "dramatically reduce the risk of a cyberattack (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways). They include:
- Multifactor authentication;
- Data encryption;
- Endpoint detection
- Having a fully managed security operations center;
- Logging to detect anomalous activity.
Neuberger also said the executive branch intends to use the buying power of the federal government to "lift all boats," and "fundamentally make technology more defensible."
"The executive order requires that all software bought by the federal government be developed using secure practices in a secure development environment."
Neuberger also referenced Biden's August summit with leading technology executives from across the country, which aimed to identify how the nation can build more defensible technology (see: White House Unveils Supply Chain, New Security Initiatives).
Ransomware: A Transnational Issue
In her address Tuesday, Neuberger indicated that ransomware "is a transnational issue" due to the nature of threat actors and their illicit use of cryptocurrency to bankroll their operations.
It's the president's aim, she continued, to disrupt ransomware's financial infrastructure and hold countries harboring ransomware actors accountable. Biden pushed this message, she said, during a bilateral summit with Russian President Vladimir Putin in June. Biden reportedly told Putin to act against ransomware gangs operating within his borders, or the U.S. reserved the right to do so (see: Analysis: The Cyber Impact of Biden/Putin Summit Meeting).
Later this month, the deputy national security adviser said, the U.S. will host 30 countries for a "counter ransomware initiative," which will tackle different elements, including the use of cryptocurrency, resilience, disruption and diplomacy.
Later asked about proposed incident reporting language recently introduced in Congress, Neuberger - who didn't endorse a specific bill - noted: "If companies have to come forward and say, 'There was risk to this customer's data,' or risk to critical services the country relies on, and be more forthcoming, that will drive that accountability and the investments we all need in cybersecurity, to really have more defensible infrastructure" (see: New Legislation Eyes Both Ransom, Incident Reporting).
Focus on Crypto
As the administration postures to compete in cybersecurity and emerging technologies, Neuberger said Tuesday, the use of cryptocurrency remains an area of focus. The administration, she noted, aims to "truly understand the virtual currency ecosystem and how [to] separate illicit use from all [of its] innovative, licit use."
She referenced the U.S. Department of Treasury's blacklisting of Russia-based cryptocurrency exchange Suex this month as one effort to dismantle ransomware's global infrastructure. Forty percent of the company's dealings, she indicated, were deemed illicit (see: US Treasury Blacklists Russia-Based Crypto Exchange).
Nation-State Threats
In his keynote address, Gen. Paul Nakasone, who heads U.S. Cyber Command and the NSA, warned of increasingly sophisticated threats from nations such as China and Russia.
"[They] have expansive computer network exploitation programs. Their tools, tactics, techniques and tradecraft have evolved, along with the scope, scale and sophistication of their cyber campaigns," he warned.
"Russia is a persistent, disruptive force interfering with democratic processes, and leveraging proxy actors to conduct influence operations … with the power of social media," the four-star general continued. "Russia has waged a disinformation campaign often using U.S. infrastructure and technology to sow division into our society."
He referenced damage of the SolarWinds incident, a Russian foreign intelligence espionage campaign that ultimately impacted 100 organizations worldwide and involved follow-on attacks on nine federal agencies, along with the Microsoft Exchange exploitation at the hands of the Chinese - in which vulnerable servers were compromised and backdoors could have been leveraged for ransomware attacks - as stark reminders of rising sophistication.
'A National Security Issue'
"When ransomware starts impacting our critical infrastructure, it's significant," Nakasone continued. "And so … ransomware is a national security issue. I firmly believe that. And that's [why] I announced we have a surge going on right now across both the agency and the command in terms of understanding the threats that ransomware poses, understanding the tactics, understanding how we get after the adversaries, and how we partner better."
The four-star general also highlighted the importance of the NSA's relationship with the FBI and the Cybersecurity and Infrastructure Security Agency, saying that the 50-plus joint advisories on tactics and techniques of the nation's cyber adversaries that have been released "enable network defenders to prioritize mitigation and patching efforts to counter the vulnerabilities adversaries are currently exploiting in the wild."