Federal cybersecurity executives testified to a House committee yesterday about the challenge Ransomware Environment and the way forward to better protection of state, local and private partners.

National Cyber ​​Director Chris Inglis, Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA), Brandon Wales, and Bryan Vorndran, Assistant Director of the FBI’s Cyber ​​Division, discussed the importance of raising awareness among state and local officials about existing, free ones Online Safety Resources. Witnesses also called for mandatory incident reporting, but acknowledged that the federal government needs to put in place a more streamlined and coherent reporting process.

The hearing followed the House Oversight and Reform Committee memo on ransomware released earlier that day, reported the preliminary results of an investigation into attacks on three major victims last year: CNA Financial Corporation in March, Colonial pipeline in May and JBS Foods in June.

“We are at a tipping point as cyberattacks have become more common and potentially more harmful,” said Committee Chair Carolyn Maloney.

A committee Press release further underlines the extent of the problem and estimates that “transactions related to ransomware will be higher in 2021 than in the last 10 years combined”.

Biden’s Infrastructure Act brings new funds into the pipeline to combat cyber threats Deliver $ 1 billion for the cybersecurity efforts of the state, local, tribal and territorial governments and to equip Inglis’ new office with $ 21 million.

the Build Back Better Act pending would also fund CISA with more cash, including $ 80 million for CISA and the Federal Emergency Management Agency (FEMA) to promote cybersecurity training and recruitment from state, local, territorial, and tribal governments.


Even a small mistake by an employee, for example using a password that is too simple, can be enough for hackers to gain access to the company, according to the committee’s memo. And to ward off ransomware, it is not enough for some individuals to adopt cyber-secure behavior – entire organizations and communities have to join in, too, Wales said.

However, smaller businesses may not know which steps to prioritize, or they may lack the budgets and tools to address them.

Wales said there are many free tools and services available, including from the Multi-State Information Sharing and Analysis Center (MS-ISAC) and CISA. The latter offers support including an online catalog of known vulnerabilities that companies are urged to prioritize patches and a website stopransomware.gov with guidance and resources, Wales said.

However, more work is needed to make officials aware of the offers available, with Wales noting that “school districts are among the least signed up for a number of these free services” from MS-ISAC.

To this end, CISA has 36 cybersecurity coordinators that it sends to state and local governments to assist them Check out resources available, Wales said.


However, cyber-attack strengthening tools cannot guarantee that none will slip through, and cybersecurity and law enforcement agencies want to know when this happens – especially when victims are on critical infrastructure.

CISA and FBI officials at yesterday’s hearing called for legislation requiring victims to report cybersecurity incidents swiftly to their authorities – something Wales described as a “top priority”. Once alerted, authorities can provide immediate support to victims, track down the perpetrators and warn potential next victims. Once alerted, authorities can provide immediate support to victims, track down the perpetrators and warn potential next victims.

“I cannot stress enough the importance of the FBI having full and immediate access to cyber incidents so that we can respond to them as quickly as possible,” said Vorndran. “For most people, 24 hours probably wouldn’t be a huge delay, but the help we can offer within that time can make the difference in keeping a business or critical infrastructure afloat or crippled.”

Better reporting could also help fill a sizable knowledge gap, with Vorndran saying the FBI believes it detects only about 20 percent of cyberattacks in the US

The details of what a mandatory reporting directive would look like have not yet been finalized, with Wales saying there are several different versions of a federal one Cyber ​​reporting bill currently in circulation.

Another problem: even victims who intend to report may have difficulty finding the correct method, the memo says. Maryland Rep Jamie Raskin said it may be unclear whether they should report to CISA, the Secret Service, or the FBI, and even then which of the agencies or channels to use.

Inglis said improving cybersecurity communications between federal agencies was a key priority in his office. He works to ensure that incidents that have been reported to one of the various government agencies are passed on to CISA and that the agency can then share its findings with others.


Members of the Congress also examined the broader cybersecurity strategies used by the agencies and the Biden government, and asked about the decision-making process in responding to FBI ransomware and international diplomacy.

Attack by the hacker group REvil on IT software providers in July Kaseya spread out on one estimated 2,000 public and private clients worldwide, including Leonardtown, Maryland. Rep. James Comer asked why the FBI waited several weeks before revealing that it had secretly obtained decryption keys to unlock infected systems.

Vorndran said these keys were developed by criminals, which the FBI made careful that they could also contain malicious code. The agency wanted to take the time to thoroughly test the decryption tool to ensure that it did not add backdoors or other vulnerabilities to victims’ systems when it was implemented.


South Carolina’s Ralph Norman also wondered if the US should take more aggressive action against it Russia for failing to act to stop ransomware perpetrators based in their country.

“When is this a declaration of war?” Said Norman.

Inglis said the Russian government has not yet been attributed any ransomware attacks, only hackers based in Russia. The White House will first see if it can make a change by urging Russia to take action against criminals within its borders who target critical US sectors.

The US intends to “take financial and diplomatic action” if that does not bring about change, and recent international agreements on cyber norms then add weight to allegations of wrongdoing, Inglis said. On-going strategies include efforts to prevent payments from reaching hackers and collaborations with other nations in order to arrest suspected perpetrators. Improving the nation’s cyber attitudes to make U.S. businesses a tougher target is also essential, he said.

“Defense is just as important, if not more important,” said Inglis.

Source link
#Federal #cybersecurity #executives #testify #status #ransomware

Leave a Reply