The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory on ransomware, in response to the DarkSide, the variant used in the recent attack on Colonial Pipeline. In response to the advisory, please see below comments from Edgard Capdevielle, CEO of Nozomi Networks, which discusses its recommendations and whether they are enough.
Does it go far enough?
“Given the level of authority these agencies have, it goes about as far as it can. That said, the Government needs to do more. We can criticise critical infrastructure owners for not moving quickly enough to strengthen their cybersecurity postures. But now, as nation-states, ransomware gangs and other cyber criminals get more daring and execute attacks that are impacting civilisation, it is fair to criticise the government for not doing enough to help protect us when it comes to ‘no dust’ defensive actions, and offensive actions too to shut down threat actors and hold them accountable.”
What, if anything, is missing?
“More aggressive programmes and incentives to help critical infrastructure organisations strengthen their security and time to help keep threat actors at bay. That includes tax breaks for cybersecurity, particularly cyber-defence for critical infrastructure should be something we move toward. Having private companies take on their defence.”
What do you think the response will be?
“Hopefully more organisation will take this advice. From our work with critical infrastructure and industrial organisations around the world, we’ve found that those who invest early in cybersecurity are able to respond faster and with less financial damage to ransomware and other cyberattacks. Enterprises with mature cybersecurity are more resilient and able to navigate those challenges easier than those that waited until an incident to invest in their defences.”
Why is the government acting so strongly now, when ransomware has been a serious problem for a long time (attacking hospitals for example)?
“Frankly – it’s complicated. There isn’t an easy solution and real results must navigate government politics, privacy laws, international laws and will require cooperation from nation-state adversaries. It’s not a simple task, but we can take steps now to solve the problem. Waiting will only make it more difficult to solve. Additionally, the publicity around the impact was greater than many other attacks. Americans are suffering the impact at the gas pumps, or saw others going through issues. The visibility on rising gas prices and other impacts on innocent citizens also plays a role in bringing attention to the matter.”
Read the article online at: https://www.worldpipelines.com/business-news/12052021/nozomi-networks-responds-to-cisa-security-advisory-on-ransomware/