Recently the Institute for Critical Infrastructure Technology (ICIT), known for being, “the cybersecurity think tank,” released a paper titled, “Ransomware Weaponized.” Diving into the nature of modern ransomware, the organization wrote extensively on the need for a wider and more diversified approach to combatting ransomware referred to as a “Whole-of-Nation” IT approach. But what exactly does that approach entail?
A “Whole-of-Nation” IT approach requires everyone in the entire “nation” to be on the same page when it comes to implementing cybersecurity policy. To clarify, the nation in the metaphor does not exclusively refer to large groups of citizens living in their own self-governed state. Rather, a “nation” can be any organization, including federal agencies, that may face waves of cyberattacks from all corners of the world.
The whitepaper provides three main recommendations for organizations to follow as the new year gets underway:
- 1. Make sure leadership has prioritized cybersecurity.
- 2. Create new, more efficient procedures
- 3. Involve international partners to further disincentivize cybercriminals
It Takes a Nation and a Leader
The first part of this whole-of-nation IT approach, according to ICIT Fellow Stan Mierzwa, who also serves as the director and adjunct professor at the Center for Cybersecurity at Kean University, is getting leaders more involved in ransomware preparations. Mierzwa notes that all too often, leaders and decision-makers are only involved with day-to-day operations at a high level. While many things can be delegated out, the role of an agency leader in cybersecurity is paramount.
Creating a culture that is dedicated to the prevention and mitigation of cyberattacks requires a top-down willingness to participate. Mierzwa argues that something as simple as, “all board of directors including the topic of what to do in the event of a ransomware attack,” during routine meetings can help prepare an agency for an attack.
Even more important to agencies is using table-top exercises to plan out alternatives to specific agency functions that are critical to the normal flow of business. Mierzwa points towards the energy sector as one such industry that benefits from all public and private organizations involved being prepared to combat ransomware when it occurs. That level of coordination requires buy-in at every level, from the highest executives to the men and women who act on it.
No Agency is an Island
The second recommendation for the “whole-of-nation” IT approach is for agencies to continue taking advantage of the current and previous administration’s focus on cybersecurity issues. President Biden’s administration has four lines of effort that present a unique opportunity for agencies to align their cybersecurity policies with the rest of the nation’s. Of the four, one is preeminently relevant to a government cybersecurity team and can be taken advantage of easily; bolstering resilience to withstand ransomware attacks.
As last year highlighted, the potential disruption of a ransomware attack is immense. However, utilizing the resources made available by the federal government many private and public entries have further bolstered their ransomware protection. One resource that the report details is “StopRansomware.gov,” a website that hosts numerous resources to help agencies and their private sector partners prepare their defenses.
Further, the overarching nature of the federal government has allowed some agencies and their private sector partners to collaborate further to safeguard their systems. One such example is the Industrial Control Systems Cybersecurity (ICS) initiative. This program brought together more than 150 utilities, representing almost 90 million residential customers, to create a more resilient energy supply system.
Ransomware is not limited to a single entity anymore, in fact, a well-placed ransomware attack can create a domino effect and create a cascading failure of numerous systems. This necessitates that agencies and organizations need to coordinate to prevent the worst impacts of ransomware. While far from perfect, the focus on cybersecurity by the current and previous administrations presents ample opportunity for that collaboration to thrive in the new year and beyond.
Peace of Mind in Our Time
The third and final recommendation for a whole-of-nation IT approach revolves around building and maintaining relationships with international partners, private or public. This is crucial for several reasons, but the most important is to help target attackers and to prevent them from recovering ransomware payments.
Cybercriminals are unique in several ways, but the largest difference between them and their more temporal colleagues is that they are often far removed from the location of their crimes. Cyber attackers can be on the other side of the world and are counting on their distance to insulate them from any punishment from their victims. Malicious actors also commonly use virtual assets, including cryptocurrencies, to facilitate those transfers over these distances. Addressing both of those is critical to increasing the risk and decreasing the reward of such attacks.
The whitepaper points to several actions that federal agencies can take with their international partners to achieve this, but the most relevant is mitigating the role of virtual assets as an “untraceable” way to pay ransoms. In the end, these adversaries are looking for a payday, removing their ability to receive payments serves to further increase the risk of attempting an attack.
Back to the new normal
Ransomware attacks remain one of the most pressing issues facing cybersecurity professionals today. Federal agencies, along with other public sector organizations, will likely be attacked soon, but that does not mean that they must give in to the demands of the attacker. Utilizing these three recommendations from ICIT, these organizations can position themselves in a way to minimize risk, recover and mitigate the spread of the virus, and hold the attackers responsible.
While it is unlikely that there will ever be a “silver bullet” that can save any organization from cyberattacks, there are many things that can be done right now to prevent an attack from becoming the next major cybersecurity incident. But to make the most of each requires everyone in the entire “nation” of cybersecurity to work together.
To read the full whitepaper, click here.
