Wednesday, May 19, 2021

Neuberger: Ransomware Requires International Response
NSC Adviser Outlines Administration's Cybersecurity Priorities at RSA 2021

Scott Ferguson (Ferguson_Writes) • May 18, 2021


The threat posed by ransomware attacks, including the growth of cybercriminal cartels, double extortion schemes and big game hunting targeting larger organizations, requires an international response, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told attendees Tuesday at RSA Conference 2021.

"International cooperation to address ransomware is critically important because transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and money laundering networks to do so," Neuberger said.

To address the ransomware threat, the Biden administration wants to build the same type of coalition that helped the U.S. government investigate the SolarWinds supply chain attack and eventually determine that Russia's Foreign Intelligence Service was involved. The White House later imposed economic sanctions on Russia 
(see: FBI, CISA Warn of Ongoing Russian Cyberthreats).

Companies in all sectors need to make sure software vulnerabilities that ransomware gangs exploit are promptly patched, and they must strive to build more secure and resilient systems and networks, Neuberger said.

"It's concerning that ransomware often exploits known weaknesses, such as targeting endpoint and software vulnerabilities. ... Proactive prevention, through effective cyber hygiene, cybersecurity controls and business continuity resiliency, is often the best defense against these criminals," Neuberger said.

Neuberger's comment came as the investigation continues into the ransomware attack on Colonial Pipeline Co., which forced the company to temporarily shut down its 5,500-mile pipeline for several days until full service was restored Saturday. Government officials say the incident is tied to a Russian-speaking cybercriminal gang using DarkSide ransomware.

Threats to Critical Infrastructure


Neuberger said the White House is increasingly focused on cyberthreats to critical infrastructure. For example, the administration has released a 100-day plan to address the security of the electrical grids, and similar initiatives for other areas, including oil and gas pipelines, are expected to follow
 (see: 100-Day Plan to Enhance Electrical Grid Security Unveiled).

Neuberger said companies as well as government agencies need to consider reliability and trust when building and modernizing operational technology and other systems.

"Trust is reliant on having the level of visibility needed to match the consequences if a system is degraded or disrupted," Neuberger said. "The level of visibility we need is built on the trust we need. And the trust and visibility we need are based on the consequences if a system fails. That's an important point to think about - particularly as we build systems here."

Executive Order on Cyber


Neuberger also told RSA attendees that President Joe Biden's executive order on cybersecurity, issued last week, is designed to help reduce the chances of another supply chain attack along the lines of the SolarWinds incident
(see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).

Neuberger said the most critical component of the order is its guidelines for how agencies should evaluate software before it's implemented.

The order lays out extensive rules for how agencies must ensure vendors address security as software is developed, and it describes how the government will create an "energy star" type of label signifying whether software follows new security guidelines.

"Our efforts will pay dividends outside of the federal government because much of the software the government buys is the same software that schools, small businesses, big businesses and individuals use," Neuberger said. "The starting point for building more security is where you build your software, which should be in a separate and a secure build environment. This also includes things such as using strong authentication and limiting privileges."

No comments: