The Biden administration is sounding the alarm of an increasingly urgent cyber-attack. High-profile ransomware attacks have become increasingly serious. Gas shortages, meatpacking plants closed, hospitals paralyzed. What’s next? Federal agencies are stepping up efforts to combat cyber threats.
FBI Director Christopher. Wray (Christopher A. Wray) told the Wall Street Journal in an interview with reporters on June 4, local time, that the threat of ransomware is comparable to the challenges faced by global terrorism after the “911” incident.
FBI in action
“There are a lot of similarities, a lot of importance, and we take cyber breaches and their prevention very seriously,” Christopher said. Ray said. “We have a shared responsibility, not just government agencies, the private sector, but even ordinary Americans.”
Christopher. Wray said the FBI is investigating 100 different software variants used in various ransomware attacks, underscoring the magnitude of the problem.
Right here at Christopher. Wray’s remarks came after the Biden administration warned businesses on June 3 that they needed to take urgent steps to improve their cybersecurity levels to fend off ransomware attacks. An attack on a JBS meat processing facility this week forced the closure of nine meat processing plants and disrupted poultry and pork production. Last year, a series of ransomware attacks targeting hospitals also drew widespread attention.
This past May, pipeline company Colonial suffered a ransomware attack that eventually prompted the company to shut down one of the largest U.S. fuel pipelines, causing gasoline shortages across the East Coast. Immediately after that attack, U.S. officials said Colonial’s cyber defenses were far from adequate and that it was doing too little to secure the pipeline.
Ransomware is malware that encrypts an organization’s data, making it unusable until it pays cybercriminals money. Colonial Pipeline spent $4.4 million to obtain the decryption key, and it took nearly a week for the data to be decrypted until the pipeline industry resumed operations.
While most ransomware attacks are carried out by criminal networks, some cyber operations originating in Russia and North Korea have implicit support from their governments. In return, some criminal groups work for these countries’ spy agencies and take steps to ensure that local companies are not affected.
Christopher. Ray told The Wall Street Journal that Russia harbors some of the most dangerous ransomware groups. “If the Russian government wants to show that it’s serious about this issue, they have a lot of room to show some real progress that we’re not seeing right now.”
The Biden administration is looking for ways to pressure the Russian government to rein in their cybercriminals. Officials expect President Biden to address Russian President Vladimir at the June 16 summit. Vladimir V. Putin raises the issue of cybersecurity.
Christopher. Ray’s comments build on Newberg’s report. In an interview with The Wall Street Journal, he said the cyberattacks on oil and gas pipelines really showed Americans how serious the impact of cyberattacks is, directly affecting their daily lives.
Christopher. Ray expressed the need for broad participation in fighting cyberattacks: “There is now a realization that cyberattacks can affect people when they’re gasping at the gas station or buying a burger. I think there’s more and more awareness now that, What a role we have in this fight.”
Justice Department escalates investigation into ransomware attack
The U.S. Department of Justice has begun to elevate the investigation of ransomware attacks to a terrorism-like priority as the FBI’s efforts to combat cyber ransomware attacks unfold.
A memo titled “Guidelines for Investigations and Cases of Extortion and Digital Extortion” sent by Deputy Attorney General Lisa Monaco to the U.S. Attorney’s Office on June 3, local time, requested that when the U.S. Attorney’s Office Senior department officials in Washington must be notified when they learn of a new ransomware attack in their area. For example, such an “emergency report” should cover ransomware incidents affecting critical infrastructure or municipal governments — which are frequent occurrences.
The memo noted the growing threat posed by recent ransomware attacks — including last month’s attack on the Colonial pipeline company and digital extortion — with damaging and devastating consequences for the nation’s critical installations.
U.S. New Deal Against Ransomware Attacks – DOJ Demands Close Tracking of Ransomware Attacks and Timely Sharing of Case Investigation Information
Cybersecurity industry welcomes move
The Biden administration is working with partners to “disrupt and contain” cyberattacks, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, wrote in an open letter to businesses on June 3. Ms Neuberger noted “the shift in recent ransomware attacks – from stealing data to disrupting operations.”
Ofer israel, chief executive of cybersecurity firm Illusive Networks, said on June 4 that if companies waited for the federal government to warn of an attack, it was too late to act. But he added, Christopher. Ray’s remarks, and the government’s efforts to increase the priority of responding to ransomware attacks, are welcome.
“While it may be shocking to see events like the Colonial extortion of oil and gas pipeline company or JBS compared to events like 9/11, they are not entirely different,” Ofer Israel said. “Severe disruptions are expected as attackers continue to encroach on our nation’s critical infrastructure. Without a clear direction on how to build stronger defenses, these cyber disruptions will be catastrophic.”
Last month, the Biden administration issued an executive order as a first step toward strengthening cybersecurity, which includes the creation of a review committee to study cyberattacks and learn from them.
Cybersecurity experts praised the Biden administration’s moves, but also said companies must think more creatively about the defenses they’re taking.
Retired Admiral and former NSA Director Michael. Rogers believes that current cybersecurity tends to focus largely on cyber defense, building a moat deep enough and wide enough, building a wall high enough and strong enough that your efforts focus on trying to deter the enemy. But these defenses are not enough. Rogers currently advises a cybersecurity company. “The second component of cybersecurity is not just cyber defense, it should be cyber resilience,” he said. “It’s about ‘Hey, when an adversary hacks into my network, how do I keep it going?’”