Acting director of CISA speaks about ransomware attacks


By Caroline Kenny and Pamela Brown, CNN

Following the attacks by the Colonial Pipeline and JBS ransomware in recent months, the head of the country’s leading cybersecurity agency says these events are a harbinger of what is to come on the cyber front and that there is a greater focus on strengthening the defense must of America’s most important assets.

“Both incidents illustrate the real consequences of cyber incidents in the real world and target our critical infrastructure. And while today these attacks hit Americans at the pumps and in supermarkets, our concern is where this may go next, ”Brandon Wales, the current acting director of the Cybersecurity and Infrastructure Security Agency, told CNN’s Pamela Brown in an interview.

While attacks like those on JBS and Colonial Pipeline are not new, Wales says they have increased in recent years and are bolder than ever – leading criminal attackers to seek bigger targets for more ransom, including those that have ramifications for the real world.

“We are concerned about where this might go in the future,” said Wales. “I think our concern is that more alignment of industrial control systems, the things that actually enable critical infrastructure to operate – be it in water systems or power systems, the country’s manufacturing base – are goals, unless we take urgent action Actions, we are really concerned about the disruptive effects this could have on the American people. “

Both JBS and Colonial Pipeline paid their criminals ransom to unlock their systems, but Wales warned of the danger of such moves across the country.

“It has both short and long-term implications for the country’s cybersecurity and the cybersecurity potential for these individual companies,” said Wales. “A recent study found that 80% of companies that paid ransom were hit again. And so the opponents know that they are a target willing to pay. “

Why Americans Should Care

No company is too big or too small to fall victim to a ransomware attack, Wales said, and he advised all companies and organizations to take steps to strengthen their cyber defenses. Part of CISA’s job is not only to ensure critical infrastructure is protected, but also to help groups take steps to improve their cybersecurity.

While a cyberattack may seem like a distant idea to many, Wales said the number of potential victims was “almost endless”.

“We have seen ransomware target large businesses and small multinational corporations and mom and pop stores, nonprofits. Almost anyone who runs an internet-enabled business in the United States is potentially vulnerable, ”Wales said. “We have to do more every day to ensure that no enemy can launch an attack with such catastrophic effects.”

He said Americans’ daily lives are inextricably linked to the internet and are therefore vulnerable to attack.

“If it’s not 100% for most people, it’s probably pretty close,” said Wales. “You can imagine that you get up in the morning and you try to turn the light on and it doesn’t turn on, you try to brush your teeth and the water isn’t there, it’s not there, it’s not clean. You try to log in to check your email and it doesn’t work, you cannot conduct a financial transaction because the critical infrastructure in this country has been compromised in some way by a cyber incident. “

Cybersecurity after the Biden-Putin summit

Wales said it was too early after President Joe Biden’s summit with Russian President Vladimir Putin earlier this month to see if there had been any major changes on the cyberattack front by Russia, but he replied to Energy Secretary Jennifer Granholm’s interview with CNN’s Jake Tapper on State of the Union earlier this month when she warned in sharp words that foreign opponents have the ability to shut down the US electricity grid.

“So we know that several nation states want to target our critical infrastructure in order to endanger it at a time and place of their choice. We believe this would likely be the case if, in the event of a conflict, they wanted to compromise our infrastructure in an attempt to influence US policy making in these environments or at these times, ”said Wales.

Brown asked Wales if they had any fundamental influence over the United States, to which Wales replied, “That is their goal.”

Wales warned that the United States government must do more to protect its cyber infrastructure, but it is also up to the American people and businesses to take the problem seriously and be “cyber smart”.

“The threats we face in the cyber world are real and growing,” said Wales. “We are not helpless, there are things we can do because the American people, the US government, our private sector community can work together to address this problem, and we need to see it across the government.” because only then will we be really successful against the opponents we face. “

The CNN Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia company. All rights reserved.

Source link


Leave A Reply