New executive steps hope to defend against ransomware
In a swift move by the Department of Homeland Security, the organization has officially labeled ransomware attacks a national security threat. Like many, they’re at full alert in the wake of the SolarWinds security compromise, not to mention the mounting surge of ransomware attacks across national networks.
Breaches like the one mentioned and more have prompted a response from the DHS, which could soon see a trend of major shifts in the IT industry. Everything from regulatory changes, financial resources, and data rules are on the table. Alejandro Mayorkas, secretary of Homeland Security, had a few things to outline and detailed the DHS’ intended approach.
Primarily, Mayorkas intends to focus on five key areas of government and national security: federal incident response, modernizing federal cybersecurity operations, improved procedures, improved data sharing, and enhanced detection. The task, he commented, is monumental. Given the gutted resources during the previous administration’s lethargic, if not incompetent, approach towards cybersecurity, the new DHS has its work cut out.
Mayorkas plans to address each category in 60 day periods, referring to them as “sprints.” They intend to educate and enhance each category of federal cybersecurity. Mayorkas stated the first period will focus on ransomware, calling it a “national security threat.” He continued to appropriately demonize ransomware attacks on school and hospital networks and desires to hold malicious actors accountable.
While the DHS hopes to enhance government IT security, they’re eager to provide resources, information, and strategies to better assist businesses, people, and public networks too. Initially, the idea is to increase awareness and build an information campaign to reduce attacks, such as ways to identify ransomware attack behavior and phishing email red flags. Mayorkas also intends to take a coordinated effort against dark web markets that sell ransomware services, while bringing the fight to malicious actors.
This is important because dark markets for malicious tools and services have exploded over the past several years with limited repercussions. And, in many unfortunate cases, victims of ransomware attacks feel they have no choice but to pay the ransom, encouraging attackers to continue their efforts.
Protection, infrastructure, and additional cybersecurity capabilities will still take months if not years to establish, according to Mayorkas. However, he stated that since the SolarWinds attack, progress has been made to mitigate the overall damage caused by it. He also stated that cyberattacks are an expectancy, not a rarity, and that it’s a question of when an enterprise will be hit by an attack, not if.
Preparing for these attacks and making the necessary changes will require a robust adoption of policies, mindsets, and retooling security approaches. Mayorkas has stated that at least a dozen executive orders are expected to roll out in order to address the various concerns of both the DHS and national cybersecurity. The nature of them isn’t clear yet, but it’s natural to assume they’ll likely deal with policy, budget, and data storage requirements, among other things.
Ultimately, this is an optimistic step towards taking the fight back to malicious actors and the deployment of ransomware.