As Cyberattacks Surge, Biden Is Seeking To Mount A Better Defense

Jun 4, 2021
Originally published on June 5, 2021 6:40 am

President Biden received no grace period when it came to cyber hacks.

"The cyber pressures that this administration has faced so far have been relentless," said April Falcon Doss, a former National Security Agency official who now heads a technology program at the Georgetown University Law Center.

As the cyber breaches pile up, cyber experts say it's important to note the country is facing two distinct threats.

"There clearly is a dividing line between cyber hacks for intelligence gathering purposes, and these ransomware attacks that are designed principally for financial benefit," said Glenn Gerstell, a senior NSA official before stepping down last year.

On one side of that line is the SolarWinds attack uncovered last December. The Biden administration says this was primarily an intelligence gathering operation carried out by Russia's foreign intelligence service, the SVR, which was quietly stealing U.S. government secrets for months.

On the other side is ransomware, which is surging. Russian criminal gangs are blamed for both the Colonial Pipeline attack that hit gasoline supplies on the East Coast of the U.S. in May, and this week's hack that briefly shut down the world's largest meat supplier, JBS.

These duel threats require different responses, Gerstell said. But he's quick to add, "Both the intelligence attacks and some of the most significant ransomware attacks have one thing in common, and that's Russia."

Upcoming summit

Biden says he'll raise the cyber intrusions with Russian leader Vladimir Putin at a June 16 summit in Geneva, Switzerland.

Despite all the evidence pointing to Russia, Putin denies Russian involvement in the intelligence hacks, and shrugs his shoulders when asked about the ransomware attacks attributed to criminals based in Russia.

Gerstell says the U.S. shouldn't accept this answer.

"It's almost impossible to believe that a major criminal gang would operate inside of Russia, and have real world effects in the United States, and Putin wouldn't know about it," he says. I think it's pretty clear that these criminal gangs operate either with the express approval of the Kremlin or at least the Kremlin is turning a blind eye to them."

FBI Director Christopher Wray told The Wall Street Journal in a story published Friday that the bureau is investigating about 100 types of ransomware, many linked to Russia.

The Justice Department, meanwhile, now says that it will pursue ransomware cases in a manner similar to the way it investigates terrorism.

In addition to Russia, China is the other leading threat. The Chinese focus has generally been on stealing cutting-edge U.S. technology in fields that include quantum computing, artificial intelligence, bio-medicine, renewable energy and electric cars.

FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on Feb. 23, in Washington, D.C. The hearing focused on the 2020 cyberattack that resulted in a series of data breaches within several agencies and departments in the U.S. federal government.
Drew Angerer / Getty Images

President's plan

Last month, Biden laid out his cyber strategy in a detailed executive order. April Falcon Doss says it's a good start.

"There are many departments and agencies across government that really have cybersecurity postures that lag behind where they should be," she says.

While Biden can set the standards for securing government computer networks, he's much more limited when it comes to ransomware and the private sector.

"The government won't be able to actively protect the private sector from any possible ransomware attack because, thankfully, the government doesn't control the Internet. We wouldn't want that," Doss says.

Protecting the private sector falls to people like Adam Meyers, senior vice president for intelligence at the cybersecurity firm CrowdStrike.

"These companies can't put their head in the sand and hope it's not going to happen to them," Meyers says. "The only way to prevent this from happening is to improve your security posture. And these are concepts we've been talking about since I was a teenager."

Meyers says too many companies aren't keeping their cyberdefenses up-to-date. He cites the attack on the meat company, JBS, carried out with malware known as REvil. Meyers knows it well, but says many potential victims don't.

"I guarantee, lots of organizations in the food processing world right now are Googling, 'What is REvil?' " he says. "If you need to look it up when it's happening, you're in a real bad spot."

How bad? Well, consider what the current ransom demand is for an attack on a large company.

"I see the payments going out, and the payments are just stomach-churning figures: two, four, eight, 10, 30 million dollars."

It's a price he believes many more companies will have to pay.

Greg Myre is an NPR national security correspondent. Follow him @gregmyre1.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

ARI SHAPIRO, HOST:

President Biden faces an escalating battle in cyberspace. After multiple hacks, the FBI says it's investigating around a hundred different types of ransomware. The Justice Department says it will start treating ransomware in a manner similar to terrorism. So what are the prospects of success? NPR's Greg Myre has our story.

GREG MYRE, BYLINE: President Biden received no grace period when it came to cyber.

APRIL FALCON DOSS: The cyber pressures that this administration has faced so far have been relentless.

MYRE: April Falcon Doss is a former National Security Agency official who now heads a technology program at Georgetown's Law school. As the cyber breaches pile up, cyber experts say it's important to note the two distinct threats. Glenn Gerstell was a senior NSA official until last year.

GLENN GERSTELL: There clearly is a dividing line between cyber hacks for intelligence-gathering purposes and these ransomware attacks that are designed principally for financial benefit.

MYRE: On one side of that line is the SolarWinds attack uncovered last December. This was intelligence gathering by Russian spies quietly stealing U.S. government secrets. On the other side is ransomware, which is surging. Russian criminals are blamed for both the Colonial Pipeline attack that hit gasoline supplies in April and this week's hack that briefly shut down the world's largest meat supplier, JBS. These require different responses, Gerstell says. But he's quick to add...

GERSTELL: Both the intelligence attacks and some of the most significant ransomware attacks we have have one thing in common, and that's Russia.

MYRE: Biden says he'll raise the cyber issue with Russian leader Vladimir Putin at a June 16 summit in Switzerland. Despite all the evidence, Putin denies Russian involvement in the intelligence hacks and shrugs his shoulders when asked about the ransomware attacks from criminals based in Russia. Gerstell says the U.S. shouldn't accept this answer.

GERSTELL: It's almost impossible to believe that a major criminal gang would operate inside of Russia and have real-world effects in the United States and Putin wouldn't know about it.

MYRE: FBI Director Christopher Wray told The Wall Street Journal in a story published today that many of the hundred ransomware variants under investigation are linked to Russia. Last month, Biden laid out his cyber strategy in an executive order. April Falcon Doss says it's a good start.

DOSS: There are many departments and agencies across government that really have cybersecurity postures that lag behind where they should be.

MYRE: The government does face real limits when it comes to ransomware and private companies.

DOSS: The government won't be able to actively protect the private sector from any possible ransomware attack because, thankfully, the government doesn't control the internet, right? We wouldn't want that.

MYRE: Protecting the private sector falls to people like Adam Meyers, vice president for intelligence at the cybersecurity firm CrowdStrike.

ADAM MEYERS: These companies can't put their head in the sand and hope it's not going to happen to them. It is going to happen to them; it's going to be a matter of when.

MYRE: Meyers says too many companies aren't keeping their cyber defenses up to date. He cites the attack on the meat company, JBS, carried out with a malware known as REvil. Meyers knows it well but says many potential victims don't.

MEYERS: I guarantee lots of organizations in the food processing world right now googling how to find - what is REvil? And if you need to look it up when it's happening, you're in a real bad spot.

MYRE: How bad? I ask what the current ransom demand is for an attack on a large company.

MEYERS: I see the payments going out, and the payments are just, you know, stomach-churning figures - you know, $2-, $4-, $8-, $10-, $30 million.

MYRE: It's a price he believes many more companies will have to pay.

Greg Myre, NPR News, Washington.

(SOUNDBITE OF GLASS CANDY, "BEAUTIFUL OBJECT (INSTRUMENTAL)") Transcript provided by NPR, Copyright NPR.