Making WannaCry response a model for the future

Shutterstock image for a line of faulty code. 

The combined government and private-sector response to the WannaCry ransomware outbreak in May is a textbook example of how information sharing should work, said a senior Homeland Security official. But cultural and other barriers remain when it comes to such cooperation.

"WannaCry is a really great example of how the government and the private sector did it right. And we want to keep doing it right," said Department of Homeland Security Assistant Secretary for Cybersecurity Jeanette Manfra at the Sept. 25 TechTrends conference hosted by the Professional Services Council in Arlington, Va.

The WannaCry ransomware attack in May affected more than 200,000 computers in more than 150 countries.

"We were getting information from an open source perspective and from international or computer and security service response teams," which delivered technical data gathered from companies being affected overseas, she said.

"These sorts of incidents are sector agnostic; we're seeing more and more of that. So what we're really looking at -- across the sectors -- is how do we take advantage of the people from the banks, from the electric sector, from the ISPs that are sitting on the floor with us in our operations center in Arlington, [Virginia]," she said.

DHS Secretary John Kelly told Congress in May the agency was able to minimize damage to U.S. agencies following news of the cyberattack.

Kelly and Manfra attributed that to coordination between agencies and tech companies. Manfra said the agency was able to relay that information to U.S.-based companies hours before the ransomware attack spread to domestic entities, she said.  The Department of Health and Human Services was able to immediately connect with the United Kingdom's National Health Service, which was hit hardest by the attack, to discuss how the agency has handled similar intrusions in the United States.

By mid-afternoon on the Friday of the attack, Manfra said, all of the major service providers, most of which have global presences, were on calls with DHS discussing what activity they saw and how they could volunteer their services. Those talks between industry and every corner of the government from the Treasury Department, Energy Department and HHS, extended into the night and through the weekend following the ransomware attack, she said.

Manfra said getting it right had a lot to do with preparation and patching software vulnerabilities as soon as agencies were aware of them. "We had been more postured to deal with ransomware," because of previous collaboration with industry and other agencies, and focused on patching, particularly with Microsoft Windows, she added.

Complicated issues around mistrust have stymied information sharing between agencies, tech companies with resources and hackers with information who are afraid of prosecution.

Manfra didn't address cultural barriers but did point out that information sharing between major companies and federal agencies isn't enough if it doesn't trickle down.

A successful cybersecurity framework means there's an "entire apparatus in place from the global level to the local level," she said. During WannaCry's aftermath, an industry partner pointed out that small businesses were being left out of the conversation. Manfra said DHS was able to coordinate with the Small Business Administration CIO Maria Roat to distribute materials to small businesses within a day of being notified.

But while WannaCry is an example of what information sharing can do, Manfra said there's still more work to do honing of the public-private partnership for cyberattack prevention, recovery and response.

"I really like to think of this as all of the hard work, whether its industry or the government, that we've all been putting in place for the last decade and more is now coming to fruition. And now it's sort of on us to continue to build on that, to continue to keep pace with industry in terms of technology deployment and to continue to scope what our role is versus industry."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.