The Cybersecurity 202: DHS official promises help for states struggling with digital attacks on critical services

A surge in efforts by hackers holding data hostage in exchange for a fees has become a top concern for the Department of Homeland Security’s cybersecurity division, its acting director now says.

“Because right now, if there was a catastrophic cyber incident affecting states and they did lack the resources to address it, we would not be able to move as quickly and expeditiously as we need to respond and recover,” acting Cybersecurity and Infrastructure Security Agency director Brandon Wales said at an event hosted by the Auburn University Center for Cyber and Homeland Security yesterday. 

A recent breach of Microsoft Exchange that impacted thousands of state and local organizations and governments hints at how overwhelming this lack of preparation could be. Wales emphasized that, even as federal officials and Microsoft are racing to contain the breach, stakeholders need to make sure they are no longer compromised to prevent ransomware and other follow-up attacks. 

Broadly, the agency is talking to state, local and community partners “every single day” and has hundreds of employees across the country assisting with cyber and physical security support, Wales said. The agency, he added, is eager to work with Congress and the federal government to help empower states to be their first own best line of defense. 

The most recent defense authorization bill required the agency to set up cyber state coordinators to work as advisers to public institutions in every state in the country. Wales says that about 20 of the positions have already been filled. 

The agency is also preparing to within the next two months start using its new subpoena power to contact companies who have vulnerable systems exposed online. This could provide another tool for improving government insight into private-sector threats, a major concern in light of the SolarWinds and Microsoft hacks. 

Wales urged state and local governments to take advantage of its Multi-State Information Sharing and Analysis Center program, which provides cybersecurity resources to state, local and tribal governments. Both the House and Senate have introduced legislation focused on increasing cybersecurity resources and training to state and local governments and have expressed interested in helping CISA get more funding.

Wales says the agency is also looking at how it can “foster the market” for new innovations to protect potential victims from ransomware at scale. 

Ransomware attacks have risen significantly during the pandemic. (In 2020, the FBI received 2,474 complaints identified as ransomware with estimated losses of over $29.1 million. However, many such attacks go unreported.)  

“We have not cracked the code,” Wales said. “The ransomware problem continues to grow and we need more and new innovative thinking on this.”

The findings appear to contradict claims by the Trump administration that the app is an imminent national security risk, which led to an attempted ban of the app. The CitizenLab report comes as the company works to assuage the concerns, which the Biden administration is reviewing.

But the app’s rising dominance could pose a threat to U.S. businesses, the researchers said. “This potentially is an area that can be viewed as threatening U.S. national security,” they said, “as it decreases a U.S. business advantage and the influence it could exert by controlling the content distribution channels of the Internet.”

They’re taking to the anonymous, hidden parts of the Internet to trade forged government documents for hundreds of dollars, researchers from Check Point Research said. They’re also selling negative coronavirus test results that can be produced within an hour on the marketplaces, which have been booming with coronavirus-related activity this year.

Oded Vanunu, the head of products vulnerabilities at Check Point, said in a statement that he expects activity on illicit coronavirus-related markets to continue to rise. 

Powell’s attorneys said Dominion’s $1.3 billion defamation suit should be thrown out because “no reasonable person” would believe her claims about the company were “truly statements of fact,” Bloomberg News’s Erik Larson reports. Powell claimed that Dominion used computer code originally made for Venezuelan leader Hugo Chávez to flip votes in the 2020 election from then-President Donald Trump to then-candidate Joe Biden.

“Powell’s attempt to dismiss the case contradicts her claim that she wants to present her evidence in court,” Dominion attorney Tom Clare said in a statement. “Dominion Voting Systems is eager for the case to move forward and intends to hold Powell accountable.”

Powell’s court filing validated some, including former Cybersecurity and Infrastructure Security Agency director Chris Krebs:

Others, such as Georgia Public Broadcasting reporter Stephen Fowler, noted the bigger picture:

• The Cyber Initiatives Group’s three-day conference kicks off today. The day’s speakers include Brandon Wales, the acting director of Cybersecurity and Infrastructure Security Agency, and FireEye CEO Kevin Mandia.
• Dmitri Alperovitch, the chairman of the Silverado Policy Accelerator who previously co-founded cybersecurity company CrowdStrike and worked as its chief technology officer, discusses Russian cyberattacks at an event hosted by the Center for Strategic and International Studies on Thursday at 9:30 a.m.
• Gen. Paul Nakasone, the commander of U.S. Cyber Command and director of the National Security Agency, testifies at a Senate Armed Services Committee hearing on Thursday at 9:30 a.m. 
• Philipp Amann, the head of strategy at the European Cybercrime Center, speaks at an event on ransomware hosted by the Institute for Security and Technology on Thursday at 2 p.m.

• Ferox Strategies registered to lobby for software giant Microsoft effective March 1, one day before the company announced that Chinese hackers were exploiting a vulnerability in its email software. Debra Dixon, a former aide to Health and Human Services Secretary Xavier Becerra when he was a member of Congress, is registered to lobby on the account. She plans to lobby on issues including cybersecurity.
• Franklin Square Group registered to lobby for semiconductor industry group SEMI effective Feb. 1.