The Trump administration on Dec. 19 publicly attributed a global ransomware attack earlier in 2017 to the North Korean government, saying the release of the WannaCry malware demonstrates the need for the government and industry to further enhance their collaboration to better secure the U.S. and its critical infrastructures from cyber threats.
In addition to the U.S., Britain also charged North Korea with the WannaCry attack, which infected several hundred thousand computers in about 150 countries, including impacting the United Kingdom’s National Health System and hospitals in other countries but largely failed in the U.S. due to strong actions taken by the Department of Homeland Security and its engagements with domestic and international partners.
“The attribution is a step toward holding them accountable but it’s not the last step,” Tom Bossert, President Donald Trump’s top advisor on homeland security and counter-terrorism matters, said a White House press briefing. “Addressing cyber security threats also requires governments and businesses to cooperate to mitigate cyber risk and to increase the cost to hackers by defending America. The U.S. will lead this effort.”
The U.S. government and private sector for years have been sharing information with each other about cyber threats but that sharing has been somewhat limited. In 2015, Congress passed and then-President Barack Obama signed, legislation aimed at improving the sharing of cyber threat indicators between the public and private sector by providing companies and other private sector entities that voluntarily participate liability and privacy protections.
The new law also authorized the Department of Homeland Security (DHS) to set up a portal to enable real-time sharing of these cyber threat indicators. The Automated Indicator Sharing (AIS) system has slowly ramped up participation by government and private entities since it went live early in 2016.
Currently more than 200 entities are connected to the AIS and 275 have signed up to participate, a DHS spokesman told sister publication Defense Daily. Those numbers are less than desired. He added that about 1.5 million unique cyber threats have been shared via the portal.
Sectors that make up various critical infrastructures such as financial, energy, water and health, also share cyber threat information among themselves through various organizations established for that purpose.
Bossert said that while the private sector already reports “to us all the time … we want them to increase their sharing of information with us. And as we move forward and become more sophisticated in this administration we’re going to ask them to look into sharing more technical information on how they’re architected and where their exposure points are so we can get a better strategic view of defending ourselves.”
DHS is the lead federal agency for helping the private sector strengthen its computer networks and for sharing cyber threat information. Jeanette Manfra, the department’s assistant secretary for Cybersecurity and Communications, said at the briefing that there is more that companies and industries can do to better protect themselves and the country from cyber attacks.
“In addition to broadening the threat landscape, we see some gaps between what an entity might consider adequate security for themselves or their sector and what is in the public’s interest,” she said, noting the dependence of people on critical infrastructures such as communications, electricity and the financial system, which are largely in the private sector.
“To ensure adequate security in the private sector, DHS plans to move beyond only offering voluntary assistance to more proactively becoming the world leader in cyber risk analysis and intervening directly with companies when necessary,” she said. “Specific to North Korea, we have issued technical alerts to assist network defenders in understanding the types of malware that they are using and urge them to remove them from their systems so that they cannot continue to have access to our infrastructure. As we learned during the WannaCry attack, these incidents can have life threatening consequences.”
Bossert praised Microsoft [MSFT], Facebook [FB] and other technology companies for actions they took the week of Dec. 10 in helping shut down cyber attacks by North Korea.
“They shut down accounts the North Korean regime hackers used to launch attacks and patched systems,” he said.
“I call today, the president calls today, we call today on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and the bad actors the ability to launch reckless and destructive cyber acts,” Bossert said.
While the Trump administration says it will hold North Korea accountable for its actions, Bossert admitted that given that the president has “used just about every lever you can use short of starving the people of North Korea to death to change their behavior, so we don’t have a lot of room left here to apply pressure to change their behavior.” Still, he said, being able to attribute the ransomware attack to North Korea is important in terms of being able to call them out and eventually “move to stop their behavior.”
Bossert said North Korea’s actions on the nuclear weapons front and the cyber attacks show “they want to hold the world at risk.”
Citing North Korea as the culprit behind the WannaCry virus is the second time the U.S. has attributed the regime of Kim Jong –un to a cyber attack. In December 2014, the FBI blamed North Korea for an attack against California-based Sony Pictures Entertainment (SPE), an incident that Obama used to prompt Congress to complete work on legislation to improve the sharing of cyber threat information between the government and industry. SPE is part of Japan's Sony Corp. [SNE].
The attack against SPE, which crippled the company’s computer network and also showed it had lax cyber hygiene measures in place, prompted the company to pull distribution of a satirical movie portraying a CIA plot to assassinate Kim Jong-un.
“We cannot have a society in which some dictator some place can start imposing censorship here in the United States,” Obama said in his 2014 year-end press conference.