Expect U.S. intelligence and national security to mount a “surge” against nation-state sponsors of cyber attacks that have increasingly addled government agencies and forced critical infrastructure operators to pay millions in ransom, Gen. Paul Nakasone told attendees at the National Security Summit.
Nakasone, who heads the U.S. Cyber Command (CyberCom) and the National Security Agency (NSA), first signaled his intention to adopt a more aggressive cybersecurity stance two years ago but lacked a definitive adversary. Now, prompted by a series of blows landed by ransomware attackers, particularly Russian-backed operatives, cyber hijacking is a clear threat to national security, he told the Associated Press (AP).
“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’” Nakasone said. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”
Earlier this year, Nakasone told the Senate Armed Services Committee that CyberCom had carried out some two dozen strategic operations to safeguard the 2020 national elections.
Eleven of the operations in nine different countries were “hunt forward,” intended to secure the 2020 election, he said. This time around, the ability of government specialists to find and share information about cyber attacks and “impose costs when necessary,” including publicly tying foreign adversaries to high-profile attacks and offering up details about incidents, is on the menu, Nakasone told the AP. The latter part of Nakasone’s cyber strategy isn’t new and has yet to be proven fully effective but may still serve to improve public awareness of cybersecurity threats and prompt better cyber hygiene.
What's this mean for government MSSPs? Be prepared for federal agencies to outsource forensic analysis to cyber specialists and to request assistance to improve public and private sector cyber awareness.
It’s no stretch to assume that Nakasone’s remarks were directly primarily at Russia. Russian-backed Nobelium hackers are believed to have orchestrated and carried out the SolarWinds operation and also been a prime mover of U.S. election meddling. The same syndicate has reportedly launched a malware blitz not only on federal government agencies but also researchers, consultants and non-government organizations that has hit some 3,000 email accounts in more than 150 different organizations.
In addition, REvil and Sodinokibi, the Russia-linked group blamed for the attack on meat producer JBS USA, is suspected in the Kaseya hacking offensive that involved dozens of its customers.
The Biden Administration has enacted a number of measures to store up the nation’s cyber posture. Last May, the President signed a cybersecurity-centric executive order that has implications and deadlines for IT service providers that work with the federal government. A month earlier, his administration imposed sanctions on Russia for the SolarWinds Orion cyber attack and interfering in U.S. presidential elections. Biden subsequently warned Russian President Vladimir Putin to expect a U.S. response if Moscow is shown to be responsible for any past and future cyber aggression. Some lawmakers are calling for the Biden administration to squeeze Russia even harder.
Law enforcement and security agencies and the private sector have issued a number of alerts on Russian hacking. Earlier this year, a jointly issued Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency bulletin forewarned U.S. IT companies, government entities, researchers and policy makers on the primary tactics Russian-backed hacking crews are using to steal critical intelligence. And, in early July, top security agencies in the U.S. and U.K. warned that Russia-sponsored cyber crews have been carrying out brute force hacking campaigns trying to steal user account credentials of hundreds of government and private sector organizations worldwide.
FBI Deputy Director Paul Abbate told attendees at the Summit that there is “no indication” yet that Russia had acted to crack down on ransomware. Nakasone declined to detail allegations against Russia, saying intelligence agencies were “generating insights which will move to sharing information in the not too distant future,” the AP reported.