Cities Key in War on Ransomware, Neuberger Tells Mayors
When the cybersecurity industry talks about how critical public-private collaboration is to fending off and responding to threats, most of the “public” part of the conversation centers around the federal government, with individual states more recently finding a louder voice.
But an all-out defense against the kind of attacks recently seen against supply chains, critical infrastructure and OT targets requires the involvement of government at all levels, which is likely why mayors from across the country were asked by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger “to immediately convene heads of state agencies to review their cybersecurity posture and continuity plans.”
Speaking virtually to the U.S. Conference of Mayors, Neuberger said the Biden administration is hammering out a “cohesive and consistent approach” to guide cities on how to handle ransomware attacks, including whether they should pay a ransom or not.
“In the real world, individuals and small city governments are not expected to fight organized crime alone. Why should cyberspace be any different?” asked Chenxi Wang, managing general partner at Rain Capital.
Threat actors often find their way in through poor defenses at the local level–witness the spate of disruptive and damaging ransomware attacks a few years ago on municipalities like Atlanta, New Orleans and Riviera Beach, Fla.
Vulnerable Local Systems
“Many local city/state infrastructures are using out-of-date systems that are particularly vulnerable,” said Garret Grajek, CEO at YouAttest.
“Outdated equipment, missed patches, inadequate staffing and tight budgets are a huge problem across the public sector,” said Cybersecurity Disruption Consultant and Researcher Chloé Messdaghi. “Getting employees to update their systems in time is such a challenge, and the slower cities and towns are to patch and update their systems, the more at risk they put the public they serve.”
Indeed, the impacts of attacks on municipalities over the last few years were not insignificant. In addition to the cost of remediation and any ransom paid, the attacks came with other costs–for example, the Atlanta area saw systems go down for days, citizens and government resorting to paper-based processes and even disruptions at Jackson-Hartsfield Atlanta Airport, the nation’s busiest.
Participants at the conference “discussed how mayors and the administration can work together to prevent and respond to cyber threats against cities and towns, and how to best posture communities across the country to reduce the likelihood of cyber incidents,” according to a White House readout.
Neuberger reassured the mayors that the Biden administration would make sure that the federal government provides a full slate of resources to state and local governments when they are responding to a cybersecurity incident, offering assistance from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
“Ransomware continues to be a growing crisis for both governments and enterprises. It has become enough of a problem for the White House to get involved and elevate ransomware to a strategic national security priority,” said Gurucul CEO Saryu Nayyar. “State and local governments are being asked to examine cybersecurity practices to provide responses and contingency plans for attacks that lock out users from essential tasks in exchange for payment.”
Neuberger’s remarks reflect the high priority President Biden has given to battling ransomware and cyberattacks in general. In the past few months, he’s issued an executive order that puts cybersecurity requirements in place around government software contractors, announced plans to work with the private sector and put Russian president Vladimir Putin on notice that the U.S. will take action if the Russian government participates in ransomware attacks or gives safe harbor to groups like DarkSide, the Russian hackers behind an attack on meat processor JBS USA; the operators of REvil, the prolific and dangerous ransomware gang fingered in the Colonial Pipeline and Kaseya attacks; and Nobellium, which is believed to have orchestrated the SolarWinds campaign.
The Digital Underground
“Ransomware attacks are an active underground business with an intricate web of criminal activities and operators collaborating across the various value chains,” Wang noted. “Disrupting this vast web of criminal business requires the close cooperation of government entities spanning state, federal and across the globe, as well as private industry experts and impacted parties.”
But while the administration has laid out a clear strategy, Nayyar said, “it doesn’t solve the essential problem of how to identify and remediate attacks.” That, she said, “requires more concrete actions on addressing cybersecurity weaknesses, coupled with the ability to respond with an action plan.”