Sapsiwai - Fotolia

DHS: Ransomware poses a national security threat

Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S.

Fighting ransomware attacks is now the Department of Homeland Security's number one priority, and a plan to be more proactive is already in place.

In an RSA conference webcast Wednesday, Alejandro Mayorkas, the U.S. Secretary of Homeland Security, discussed current cybersecurity challenges and outlined a strategy intended to tackle the top threats first, using the government's limited resources. Mayorkas outlined five areas to improve on: detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response.

To combat what he referred to as a "monumental challenge," the government devised new initiatives such as 60-day "cyber sprints" to address urgent priorities. The first sprint will tackle ransomware

"Let me be clear: Ransomware now poses a national security threat," Mayorkas said in the webcast.

Ransomware attacks have increased in recent years as operators adopted new tactics like public leak sites where they post stolen data if a ransom goes unpaid. Attacks spiked significantly during the pandemic, impacting some of the most vulnerable sectors including hospitals and schools. During the webcast, Mayorkas referred to the ransomware attacks against those and other critical infrastructures as "horrendous acts" and said those behind them should be held accountable.

"There are actors out there who maliciously use ransomware during an unprecedented and ongoing global pandemic, disrupting hospitals as hundreds of thousands die. This should shock everyone's conscience," he said.

DHS' Alejandro Mayorkas discusses ransomware during an RSA Conference webcast.
DHS Secretary Alejandro Mayorkas discusses the growing threat of ransomware during an RSA Conference webcast.

In response to the increase in malicious activity, the government plans to step up its efforts to fight ransomware, which will occur in the coming weeks. According to Mayorkas, that includes action to minimize risk of becoming a victim in the first place, as well as an awareness campaign to engage with partners like cyber insurance companies.

In addition, Mayorkas said DHS will step up law enforcement action against cybercriminals and dark web markets that contribute to the threat. "With respect to responding to ransomware attacks, we will strengthen our capabilities to disrupt those who launch them and the marketplaces that enable them," he said.

Additionally, the webcast provided an update to last year's massive supply chain attack on software vendor SolarWinds, which impacted a number of high-profile victims including several federal agencies. In response to the ongoing threat, which initially exploited a malicious update in SolarWinds' Orion platform, Mayorkas acknowledged that the government was unaware it had been hacked for months until it was alerted by another victim of the nation-state attack, cybersecurity vendor FireEye.

Mayorkas said supply chain attacks pose additional risks, which may require a different approach.

"Following last year's supply chain compromise targeting the federal government, we must build back better," he said. "It will take months or years to implement. Exploitation of SolarWinds highlighted that we need to think of supply chain risks holistically. We need a risk-based approach to assess all supply chain risks."

As multiple high-profile victims of the attack on SolarWinds were being revealed, another major hack hit the Microsoft Exchange Server. Like SolarWinds, it also impacted the federal government.

On March 2, Microsoft disclosed that Chinese nation-state actors exploited four vulnerabilities in its on-premises email server software. Patches were released, and while attacks were initially thought to be limited, that proved not to be the case. An emergency directive was issued shortly after from the Cybersecurity and Infrastructure Security Agency (CISA), warning all government civilian departments and agencies to update immediately.

During Wednesday's webcast, Mayorkas said progress is being made in both attacks. "In the first two months, the administration has made significant strides in mitigating the SolarWinds and Microsoft Exchange incident."

Mayorkas said the attack on SolarWinds is just one of many incidents that underscores the need for the federal government to modernize cybersecurity.

"One hard truth is that no one is immune from cyber attacks, including the government or our most advanced technology companies. Ultimately, it's not a question of if you'll be hacked, but rather when," he said.

To improve the U.S.' cyberdefense, Mayorkas said there are "urgently needed" principles that should be adopted. That includes bold and immediate innovations, widescale investments and raising the bar of essential cyber hygiene.

To that end, the government is working on nearly a dozen actions for an upcoming executive order, which Mayorkas said will be released soon.

Next Steps

Verizon DBIR shows sharp increase in ransomware attacks

Dig Deeper on Security operations and management