- The Department of Homeland Security is hiring and upskilling cybersecurity talent as part of its sprints to bolster national and department cybersecurity, Alejandro Mayorkas, secretary of Homeland Security, said during a webcast by the U.S. Chamber of Commerce Wednesday. Mayorkas called it "the most significant hiring initiative" the agency has undertaken.
- DHS chose ransomware as its first cyber-related priority under the Biden administration because of the "gravity of the threat." The threat is already "upon us," Mayorkas said. Victims paid more than $350 million in ransom payments in 2020, as attacks increased 300% year over year.
- DHS is exploring additional grant programs to aid enterprise cybersecurity efforts. The agency has arranged preparedness grants estimated at $1.9 billion, Mayorkas said in February. "I am also directing additional grant funding to support cybersecurity efforts."
Cybersecurity is normally difficult for people to quantify because it often lacks a tangible sense of loss, said Eric Goldstein, executive assistant director for cybersecurity within DHS' Cybersecurity and Infrastructure Security Agency (CISA), during a subsequent panel hosted by the Chamber of Commerce.
Ransomware attacks, however, have the physical impact people can see to understand, he said. "Unfortunately, the ubiquity of ransomware at this point means that no matter what sector of the economy your company operates in, there are undoubtedly ransomware victims in your sector."
Likewise, ransomware often lacks the "elegance" of other sophisticated cyberattacks, said Goldstein. Ransomware attacks consumers and businesses using outdated software or phishing emails, making it a specific piece of cybersecurity everyone might have experienced on a personal level.
DHS is working with a ransomware task force, including members from the Global Cyber Alliance, Palo Alto Networks, and the Institute for Security and Technology (IST). The IST task force report includes 48 recommendations for disrupting the ransomware landscape.
DHS has a grant program to defend "high-threat, high-density'' urban areas as part of its Urban Areas Security Initiative (UASI) program, which has $615 million in allocation funds available for FY2021. While the UASI is part of greater terrorism preparnedness, USAI applicants are required to have at least one project for each the top five national priority areas, including cybersecurity, crowded spaces, intelligence and information sharing, countering domestic violent extremism, and emerging threats.
Mayorkas estimates small businesses account for between one-half and three-quarters of all ransomware victims. "If one considers oneself invulnerable, insulated from it, one is probably putting a bigger target on one's back," he said.
"Unfortunately, our efforts to prevent the attack from occurring in the first instance, do not succeed," said Mayorkas. He wants to bolster resources to defend against the malware.
Ransomware purveyors demanded more than $920 million from entities in the U.S. in 2020, according to data from Emsisoft, based on 23,661 submissions. But the actual cost to organizations and home users reached almost $3.7 billion.
When consumer rates are factored out, the public and private sector's combined 15,672 submissions had a minimum cost of nearly $600 million. Estimated costs reached almost $2.4 billion.
In October, the Treasury Department announced sanctions against companies paying ransom demands. The department's Office of Foreign Assets Control (OFAC) included cyber insurers, digital forensics and incident response into the mix of possible penalty recipients. The advisory was used as a notice that these actions were potentially consequential to recovery companies, making ransom payments the last resort.
Prior to the sanctions, some companies already felt hesitancy to disclose an incident in fear of law enforcement ransacking their existing investigation. "I hear these concerns a lot regarding contacting law enforcement quite a bit," said David Smith, special agent within the Secret Service criminal investigative division, during the panel. Many professionals working in incident response are former Secret Service, he said, "there's an organic connection between the groups."
Disclosures serve everyone because it helps shrink the information sharing gap.
In a recent investigation, the Secret Service uncovered digital currency wallet information on a phone. After cross analyzing the information against a ransomware victim (who paid more than $1 million), law enforcement was able to "link that person to some crime we would not otherwise have been able to do so" without the shared information, said Smith.
"When it comes to attribution, it has to be a group effort. It can't just be law enforcement working in the blind," said Smith. "The more target or victim organizations can share information with us, we can share that with our partners," including CISA.