U.S. Security Chief: Time for private companies to help protect millions of consumers from cyber attacks
NSN Reports from Cybertech New York
Every organisation large and small must be prepared to protect itself against cyber-attacks, and in doing so will help millions, according to the US Department of Homeland Security (DHS).
This year’s Cybertech New York 2022 conference saw US Undersecretary of Homeland Security, Robert Silvers feature on a panel alongside Gabi Portnoy, Director General of the Israel National Cyber Directorate, and UAE Cyber Security Council head, Mohamed Al-Kuwaiti.
He spoke of the greatest threats that the DHS is seeing in terms of cyber terrorism and warfare, and how the US is collaborating with Israel and the UAE to combat shared cyber threats such as ransomware, strengthen critical infrastructure cybersecurity and maximise cyber resiliency.
‘We’re here because we face common threats. We all have critical infrastructure to defend, and it’s just a proven point at this point that cybersecurity is an international issue,” Mr Silvers said.
‘The cyber threat landscape is evolving quickly and in ways that require ultimate vigilance. These threats are transnational in nature, they transcend borders, they are aimed at disrupting and exploiting an integrated global technology ecosystem’.
On the Russia-Ukraine war, Mr Silvers said, “There are no current specific or credible threats to the US at this time that we know of, but we are watching the situation closely, we have seen unprovoked attacks on Ukraine including cyber-attacks on the Ukrainian government and on critical infrastructure organisations’.
“We are vigilant, and we know well Russia’s record of using irresponsible cyber-attacks to achieve its global security objectives,” he added.
In response to this threat environment, the Department for Homeland Security are spearheading a campaign called ‘shields up’ in which the department have created a publicly accessible playbook for what all businesses and organisations should be doing to protect critical assets, reduce the likelihood of damaging cyber intrusions, quickly detect potential intrusions, and be prepared should an attack occur.
Mr Silvers cautioned that we must also take on the cyber threat posed by Iran, dubbing this a major threat to the region in the cyber domain following its recently launched cyber-attacks on Israel against water utilities and other civilian targets and its attempts to engage in several state sponsored attacks against the United States and its critical infrastructure.
He went onto say that in addition to this, Iran has been exploiting flaws in prominent software to access sensitive systems that can then be leveraged for follow on operations including for data exfiltration, encryption, ransomware, and extortion.
He continued: “Our response, whether we are talking about Russia, Iran, criminal actors, or anyone else who is using cyber capabilities irresponsibly, must match the boldness of these sophisticated adversaries.
“Collaborative planning and cooperation with the private sector are prerequisites to building a robust national resilience to cyber threats. Our private sector partners are the frontline victims of malicious cyber activities, but they can also be at the frontline in leading our defensive efforts.”
“Companies and governments must be working shoulder to shoulder every day and every hour of the year in order to tackle the challenging cyber threats on the horizon.”
Gabi Portnoy, Director General of the Israel National Cyber Directorate echoed Mr Silvers, saying: “Creating a large enough network both at home and abroad, sharing information and technology, can help ease any challenges we face.”
“The better the network will be, I think we will bring better solutions and we will fight our attackers better,” Mr Portnoy added.
UAE Cyber Security Council head, Mohamed Al-Kuwaiti meanwhile said he sees inter-country collaboration as a way to bridge those gaps.
“The first line of defence, we said, is partnership, and we need to spread that culture of cybersecurity with like-minded minds of countries and entities who can help us on that.”
In order to accomplish this, Homeland Security has set out two initiatives, the Joint Cyber Defensive Collaborative (JCDC), an initiative that brings together the Department of Homeland Security and other US departments focused on cyber security together with leading software cyber security and cloud service providers in the United States.
Mr Silvers said “We are collaborating every day on operational preparedness and operational response, we are using slack channels and we are in the trenches together defending this nation, bearing in mind that by increasing security, at our leading technology providers, we are increasing security for every member of the public and for every company and organisation that relies on those providers’.
He called this the ‘ultimate force multiplier’.
The second initiative that the DHS unveiled earlier this year is the Cyber Safety Review Board (CSRB) – an initiative bringing together government and private sector leaders to review significant cyber incidences, identify cyber lessons learned and make recommendations to elevate cyber security and drive improvements within the private and public sectors.
Mr Silvers labelled this a ‘true public-private partnership’.
All three state leaders noted that while there is still significant ground to cover, there already exists a deep and sophisticated alliance between the three countries which has been achieved through significant investment in joint research and development to enhance cyber resilience with the intent of creating a technology ecosystem that is innovative, groundbreaking, yet secure.
The consensus is that while adversarial nation state actions and motivations remain typically unchanged, what has changed, is the creativity and level of sophistication in terms of the types of attacks hackers and threat actors are now deploying to intercept and infiltrate nation state networks.