Justice official: Info sharing is the best revenge
- By Mark Rockwell
- May 18, 2016
Cybersecurity officials from the departments of Homeland Security and Justice are stressing the importance of continued collaboration to keep cyberattacks at bay.
"If you get hit, call somebody and start talking" to commercial or federal cybersecurity experts, said Brian Varine, chief of the Justice Security Operations Center. "Sharing information drives up the costs for attackers." He made the remarks at an ISMG Fraud and Breach Prevention Summit on May 18.
"It's too bad they got in, but [sharing information] is your revenge," he added.
Phyllis Schneck, deputy undersecretary for cybersecurity and communications at DHS' National Protection and Programs Directorate, echoed those sentiments and urged the audience, made up largely of private-sector corporate and IT managers, to help her agency build defenses to protect everyone.
The agency's National Cybersecurity and Communications Integration Center serves as the hub for collecting and distributing threat indicators from business and government IT operations. NCCIC includes the Automated Indicator Sharing system.
Through programs such as Continuous Diagnostics and Mitigation, Einstein and others, Schneck said DHS is building a cyber body that can automatically repel infections just like the human body. To do that, she said private-sector input about malware, viruses and other electronic attack methods is crucial.
She added that DHS officials are concerned about ransomware, which locks a user's computer and the data on it until funds are transferred electronically to the attacker.
"There is no guarantee they'll unlock anything," she said. "But it's not just data." Attackers have begun extending the "ridiculous amount of control" that the malware can convey to other areas, such as hospital patient records. Schneck warned that medical devices could also be targeted.
The re-emergence of ransomware in the past couple of years shows that some tactics remain the same but have more computing power behind them. The threat indicators for ransomware attacks are the same as those for other malware-based threats, and they could be blocked if more indicators are catalogued and sent to the government and the private sector, she said.
"If we could push out indicators, we could put a dent in ransomware," she said.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.