TRENDING:

3rd Party Risk Management , Events , Fraud Management & Cybercrime

Neuberger: Ransomware Requires International Response

NSC Adviser Outlines Administration's Cybersecurity Priorities at RSA 2021 Scott Ferguson (Ferguson_Writes) • May 18, 2021    
Neuberger: Ransomware Requires International Response

The threat posed by ransomware attacks, including the growth of cybercriminal cartels, double extortion schemes and big game hunting targeting larger organizations, requires an international response, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told attendees Tuesday at RSA Conference 2021.

See Also: Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

"International cooperation to address ransomware is critically important because transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and money laundering networks to do so," Neuberger said.

To address the ransomware threat, the Biden administration wants to build the same type of coalition that helped the U.S. government investigate the SolarWinds supply chain attack and eventually determine that Russia's Foreign Intelligence Service was involved. The White House later imposed economic sanctions on Russia (see: FBI, CISA Warn of Ongoing Russian Cyberthreats).

Companies in all sectors need to make sure software vulnerabilities that ransomware gangs exploit are promptly patched, and they must strive to build more secure and resilient systems and networks, Neuberger said.

"It's concerning that ransomware often exploits known weaknesses, such as targeting endpoint and software vulnerabilities. ... Proactive prevention, through effective cyber hygiene, cybersecurity controls and business continuity resiliency, is often the best defense against these criminals," Neuberger said.

Neuberger's comment came as the investigation continues into the ransomware attack on Colonial Pipeline Co., which forced the company to temporarily shut down its 5,500-mile pipeline for several days until full service was restored Saturday. Government officials say the incident is tied to a Russian-speaking cybercriminal gang using DarkSide ransomware.

Threats to Critical Infrastructure

Neuberger said the White House is increasingly focused on cyberthreats to critical infrastructure. For example, the administration has released a 100-day plan to address the security of the electrical grids, and similar initiatives for other areas, including oil and gas pipelines, are expected to follow (see: 100-Day Plan to Enhance Electrical Grid Security Unveiled).

Neuberger said companies as well as government agencies need to consider reliability and trust when building and modernizing operational technology and other systems.

"Trust is reliant on having the level of visibility needed to match the consequences if a system is degraded or disrupted," Neuberger said. "The level of visibility we need is built on the trust we need. And the trust and visibility we need are based on the consequences if a system fails. That's an important point to think about - particularly as we build systems here."

Executive Order on Cyber

Neuberger also told RSA attendees that President Joe Biden's executive order on cybersecurity, issued last week, is designed to help reduce the chances of another supply chain attack along the lines of the SolarWinds incident (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).

Neuberger said the most critical component of the order is its guidelines for how agencies should evaluate software before it's implemented.

The order lays out extensive rules for how agencies must ensure vendors address security as software is developed, and it describes how the government will create an "energy star" type of label signifying whether software follows new security guidelines.

"Our efforts will pay dividends outside of the federal government because much of the software the government buys is the same software that schools, small businesses, big businesses and individuals use," Neuberger said. "The starting point for building more security is where you build your software, which should be in a separate and a secure build environment. This also includes things such as using strong authentication and limiting privileges."

Previous
Banking Trojan 'Bizarro' Expands to Europe
Next
Tracking DarkSide Ransomware Gang's Profits

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.