While Cybersecurity and Infrastructure Security Agency has not aggressively addressed ransomware threats, the agency is reaching out to local governments, businesses and critical infrastructure managers about how to prepare and respond.
The head of the Cybersecurity and Infrastructure Security Agency admitted the Department of Homeland Security has been “a little bit late to the game on ransomware” and other threats that directly impact citizens.
“For years and years and years, particularly in the federal government, we’ve been focused on the nation-state adversary,” CISA Director Christopher Krebs said. However, the agency is reaching out to other federal agencies, local governments, businesses and critical infrastructure managers about how to prepare and what to do if their data is encrypted and held ransom by criminals or state-aligned hacking groups.
Speaking at the RSA conference in San Francisco, Krebs described CISA’s role as that of a middleman uniquely positioned to canvass all the major stakeholders in the cybersecurity ecosystem and “facilitate a knowledge transfer from the haves to the have-nots.” CISA can leverage the collective financial and human capital resources of the big fish -- like major banks -- and push that knowledge and awareness down the chain to the broader cybersecurity network.
He encouraged organizations to build greater resilience against such attacks by patching their systems, implementing multifactor authentication, having an incident response plan in place and ensuring there are recoverable backups so that they’ll “be better off when that bad thing happens.”
While ransomware is not a new phenomenon, agencies like CISA increasingly see it and similar attacks deployed across a broader spectrum, from local governments and businesses to critical infrastructure. Earlier this month, CISA warned the public that hackers had successfully breached the IT and operational technology systems of a natural gas compression facility and used commodity ransomware to encrypt its data. According to the notice, the facility never lost control of its operations, but the incident has served as a wake-up call for industrial control system operators that these incidents are only likely to worsen.
Officials also worry that ransomware could target voter registration databases and other IT systems in the weeks leading up to Election Day. According to Reuters, CISA set up a specific program last year to help state and local governments guard against this possibility. Krebs said offline or analog backups with paper voter rolls and a ready-to-go plan for how elections officials are going to communicate with the public and media are vital to successfully weathering such an attack.
“An adversary … that understands we care about election security [might say], ‘We’ve got a big election coming up, I’ll bet I can go pop that database and ask for $2 million, and I’ll bet they’ll pay,’” Krebs said.
A longer version of this article was first posted to FCW, a sibling site to GCN.
NEXT STORY: The census goes digital -- 3 things to know