The need to strengthen cybersecurity in the United States remains largely a bipartisan issue, as evidenced by the House Oversight and Reform Committee hearing held today to combat ransomware.
About two dozen lawmakers took part in person or virtually to interview a trio of senior civil servants about how the federal government is tackling ransomware, the tools they are providing to businesses and state and local agencies, and whether the government is doing enough to provide its responses coordinate. The committee also published a Employee memorandum outlined three ransomware attacks that made headlines across the country, highlighting their similarities and downstream effects.
Chris Inglis, the White House’s first national cyber director – who received Senate endorsement in July and finally got permanent funding for his office yesterday when President Biden signed the bipartisan infrastructure bill – told the committee that at least 50% of his time was spent will be used to improve coordination among the many agencies that have some cybersecurity aspect on their mission.
“We should be held accountable for a coherent response,” Inglis told MP Debbie Wasserman Schultz, D-Fla., When she asked about the coordination. “Since the office was set up … I’ve been working with it [the Cybersecurity and Infrastructure Security Agency] to ensure they have the required federal risk assessment [information]. In the same way, I worked with CISA to synthesize and build the big picture. [which is] distributed across agencies. This work is not finished. “
Brandon Wales, executive director of CISA, said the agency is focused on making both government and private sector more resilient in the face of such an attack. “The hardest step … unfortunately depends on changing human behavior,” he said, whether it be understanding and avoiding phishing emails or accepting the need to invest in cybersecurity resources to prevent such attacks.
The FBI, the main law enforcement agency investigating cybercrime, needs both government agencies and businesses to notify them as soon as possible when a ransomware attack occurs, said Bryan Vorndran, assistant director of the FBI’s cyber division. “We are the only agency that has a well trained agent too [a victim] within an hour, ”he said. “The sooner we get this information, the sooner we can get help at a victim’s door.”
Several of the questioners wanted more information about the FBI’s decision to withhold Kaseya’s decryption key for three weeks after it was victim of a ransomware attack, particularly because of its impact on Kaseya’s customers. Vorndran defended the decision, pointing out that the decryption key was created by a bad actor and that the FBI would never suggest simply obtaining and using the key as more additional malware could be hidden in it. “We tested, tested, tested,” said Vorndran.
Wales and Inglis also defended the decision to delay the delay, noting that a balance had to be struck between assisting the immediate victim and trying to learn enough about the attack to take steps to counter future attacks prevent and arrest the people who started it.
Lawmakers were concerned about the impact of ransomware attacks on medical systems, state and local government agencies, and schools. The three witnesses said that they are all viewed by hackers as “soft targets” without the resources or expertise to strengthen their cyber defenses.
To that end, Committee Chair Carolyn Maloney, D-NY pointed out that the new Infrastructure Bill includes $ 1 billion to help state and local governments strengthen their cybersecurity, and an additional $ 100 million to help companies in critical infrastructure sectors protect their resources.
“What offensive cyber operations could be an effective deterrent against cyberattacks on our companies and authorities?” Rep. Andy Biggs, R-Ariz., Asked.
“It may not be what you think in kinetic space,” Inglis replied. “I avoid the term ‘armed conflict’.” Instead, diplomacy, sanctions, interruption of ransomware payments and other measures are used to the full.
Another issue that has been persistently questioned has been how companies may know who to turn to in the event of an attack. Rep. Jamie Raskin, D-Md., Pointed out that there are 58 contact points within the FBI alone, plus CISA and the Secret Service, for example. “Doesn’t that sound confusing and Byzantine to the victims?” He asked.
“Our job on the government side is to make sure you told everyone if you told any of them,” Inglis said.
#Lawmakers #details #federal #response #ransomware