Now That the Latest Ransomware Threat is Over, Is Commerce Safer?
America wakes up to a new era in cyberwarfare from a Russian actor that can no longer be ignored or paid off to leave U.S. commerce alone. The internet has made the planet a very small playing field to commit cybercrime.
The past week has been not only a nightmare for Colonial Pipeline, but the potential threat looms over every small and large business that exposes its company operations to the internet.
Colonial Pipeline, which was forced to cease operations last week due to a ransomware assault, was extorted for $5 million to purchase an encrypted malware key to reopen their fuel pipeline. This speculative practice of paying criminals, like paying off the schoolyard bully to go away and leave me alone, doesn’t always work. The appeal of easy money just makes their appetite for another easy payday that much more insatiable.
Yesterday we reported that the FBI indicated their indifference to paying off cyber-terrorists because there are no guarantees the encryption key will be sent after the payment is made. It keeps them in business actively seeking new victims. After Colonial Pipeline paid the extortion payment, the key was received. Still, the pipeline operation startup was so slow, they used their own backup systems to ensure no further service interruptions.
Where does this leave a very vulnerable nation relying on software and the internet to conduct commerce? Warning signals have alerted cybersecurity experts for years as ransomware attacks have cost businesses billions in extortion payments. The assault this week on the Colonial Pipeline puts in sharp focus the urgent need for our tech acquisition practices to be reformed immediately. Ransomware, which is used to intrude into computer networks and hold files for ransom, is highly lucrative for cybercriminals. Payments are being made in cybercurrency or Bitcoin offering unanimity and stealth to the extortion payment.
Few businesses contact federal law enforcement to be attacked by malware or other digital threats. Still, many would opt to deal with it rather than incur more exposure or public humiliation on their own. There could be no witnesses, as with any crime, said Sam Curry, the chief security officer at cybersecurity firm Cybereason.
Hacks have jumped by more than 300% in the past year, bringing billions of dollars for the attackers.
President Biden’s executive order this week, “launching an urgent initiative to improve our capability, readiness and resilience in cyberspace,” maybe a game-changer in the future, but for the here and now, vulnerabilities in cybersecurity exist and are being exploited.
President Biden’s call to action policy:
The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is and to the consequences, we will incur if that trust is misplaced.
Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).
My Administration’s policy that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity outlined in and issued pursuant to this order.
Critical areas of the executive reform call to action are:
- Removing Barriers to Sharing Threat Information
- Modernizing Federal Government Cybersecurity
- Enhancing Software Supply Chain Security
- Establishing a Cyber Safety Review Board
- Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents
- Improving the Federal Government’s Investigative and Remediation Capabilities
Acting director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Brandon Wales said after the latest cyberattack…
The U.S. government is looking at what can be done. ... There are active discussions in the federal government about what more we can do to disrupt that business model.”