The Western world has not been vanquished by cybercriminals, but it needs to do more to curb the growing threat of cyber-attacks or else it will face cyber-massade, the head of the leading US cyber security agency has warned.
“I don’t think the Western world is losing the cybersecurity war,” said Brandon Wells, executive director of the US Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA). “I think we collectively believe that we have a lot more work to do.”
“We have tremendous capabilities. We have a vibrant private sector cybersecurity community that has been developed in the United States in Israel and elsewhere. And we need governments and the private sector to achieve that positive cyber security outcome. Capabilities that need to be harnessed together is what we all want,” Wells said while speaking with The Times of Israel on the sidelines of the Cyber Week conference at Tel Aviv University on Wednesday.
In his Tuesday speech at the conference, Wells compared the cyberattackers’ persistence to that of the Romans during their siege of the seemingly impregnable hill fort. Masada in the first century CE. When the Romans finally breached the fort, tradition says, they found that 960 Jewish rebels and their families had committed mass suicide rather than surrender.
“These rebels had tremendous defensive advantages, both in natural terrain and fortifications,” Wells said in his speech. “But a patient, cultured and determined opponent was able to defeat him. His 12-year hold on Masada ended after a year-long siege by the Roman Empire. Today, we are facing a variety of resourceful, determined opponents. And like those Jewish rebels, acting alone, even our best defenses will not suffice.”
“There are thousands of attempts a day,” he said. When they are thwarted by governments or companies, they are “not necessarily recognized in the same way as disruptions from ransomware and other cyber security incidents.” But successful strikes “point us to places where we need to do more work.”
Cybersecurity threats are not bound by national borders, Wells said in Tuesday’s speech, and “the cyber threat landscape is as dynamic and prohibitive as we have ever seen. From hostile nation states like Russia, China and Iran to cybercriminals.” Our opponents are diverse. They are getting bolder. Their goals are more consequential. Their techniques are more sophisticated.”
Wells said in his speech that over the past year the US has “seen cyber incident after cyber incident”, with widespread attacks that have tested the CISA and the entire cyber security community.
Brandon Wells, Executive Director at the Cyber Security and Infrastructure Security Agency (CISA) of the US Department of Homeland Security (DHS), speaking at the Cyber Week conference in Tel Aviv on July 20, 2021 (Hein Galilei / Cyberweek, Tel Aviv University) .
Cybercriminals and nation-states are using the coronavirus pandemic as an opportunity to distribute malicious software, steal data, disrupt operations and target vaccine developers and supply chains, he said. “They took advantage of the digital transformation brought about by remote working and education, targeting this expanding and increasingly difficult to manage attack surface.”
At the same time, Russia and Iran launched efforts to interfere in the 2020 US election, as well as some US state and local election systems.
As Acting Director of CISA, a position he held from November 2020 to 12 July, Wells worked with partners to protect civilian networks, manage the risk of national critical operations, and strengthen security cyber and physical infrastructure. Oversees CISA’s efforts to work with
Wells has led the agency’s response to several recent cybersecurity attacks: orion Orion supply chain attack, in which the US government Network The compromise was made by a hack blamed on Russia; NS Microsoft Center weaknesses, an unusually aggressive Sugar cyber espionage operations; Colonial Pipeline ransomware attack, which affected computerized equipment managing the US oil pipeline system; NS pulse connect secure Vulnerabilities, which affected many US government agencies, critical infrastructure entities and other private sector organizations; And this Kasia VSA Supply Chain Ransomware Attack, the single largest global ransomware The attack on record was carried out by a gang linked to Russia.
Illustrative image of a hacker (Миудаил енко; iStock by Getty Images)
Perpetrators of cybersecurity attacks must be held accountable, Wells said during the interview, and the Biden administration is determined that will happen.
“The Biden administration has been very clear from the outset that malicious cyber actors must be held accountable,” Wells said. “And that accountability is important to try and prevent them from committing attacks in the future.”
The private sector should be enabled to detect, detect and prevent any malicious activity. At the same time, it has an “obligation” for the safety and security of its network, he said.
Wales is responsible for leading and developing the long-term strategy at CISA, ensuring national and international cooperation and management of policy initiatives. That too is at hand when there are significant cyber security breaches.
“There is no such thing as a typical day,” he said. What is happening on the ground determines its agenda. “If there is significant cyber activity taking place, we can engage with significant US government partners in the law enforcement community or in the intelligence community, perhaps connecting with the private sector that has been the victim of a cyber incident.”
And then there’s their long-term work, he said, in which the agency tries to stay on top of efforts “to create a more secure federal cybersecurity system to make sure our federal networks are secure.”
bolder, more refined
That said, hackers have become more courageous and more sophisticated, and they have the resources to damage the most important functions of society. The threat landscape will become even more difficult, and the global response must be integrated and coordinated.
“Actors across the spectrum, whether nation-states or cybercriminals, have become bolder in targeting more consequential targets,” he said, including infrastructure targets such as Israel. water system last year, and US Pipeline and JBS meat processor this year.
“The sophistication of our opponents is also increasing,” Wells said. “They are using more advanced tactics, which are better designed to avoid detection.
“And therefore, we believe that the threat landscape will continue to evolve and that this network puts more pressure on the defense community to come together and be as courageous and resourceful as our adversaries.”
Wells was adamant that businesses or other entities should not succumb to ransomware attacks. The growth of these attacks, he said, “is driven by the success of the business model. People have kept paying, and this has encouraged ransomware operators, and every ransom paid is money that fueled the pandemic.” .
An example image of a computer virus, a malware, a ransomware attack by a hacker (iStock by SolarSeven; Getty Images)
On Wednesday, Prime Minister Naftali Bennett said Israel was a “global network shieldCyber security is based on partnerships with global governments to cooperate, detect and respond to attacks.
“We want to know more about it,” Wells said, referring to the initiative. CISA already has a close relationship with Israel’s National Cyber Directorate, working on real-life incidents, sharing information and strategy. He said similar collaborations have been established between the US and other countries as well.
And yes, he said that if information about malicious activity needs to be provided, there are links with Russia and China as well. “But the relationship is clearly different,” he said. “There are more ongoing and direct partnerships with countries such as Israel, such as the United Kingdom and others, where we have close and ongoing contacts.”
Global cooperation is essential to fight cyber security attacks, he said, “but
There is no silver bullet, there is no task that is going to be successful here.”
He said individual networks need to have multiple layers of security and resilience, and countries at the national and global level need to get better at sharing cyber defense information to help prevent future attacks.
Wells said what he is most concerned about in the long term is potential disruption to critical infrastructure. He warned that the systems that enable society’s “most important functions, which enable our society to operate, are at risk.”
And because malicious players want to target these critical infrastructure, “they will find means to do so. And that means we need to work extra hard to prevent that from happening.”