Justice official: Info sharing is the best revenge

Cybersecurity officials from the departments of Homeland Security and Justice are stressing the importance of continued collaboration to keep cyberattacks at bay.

"If you get hit, call somebody and start talking" to commercial or federal cybersecurity experts, said Brian Varine, chief of the Justice Security Operations Center. "Sharing information drives up the costs for attackers." He made the remarks at an ISMG Fraud and Breach Prevention Summit on May 18.

"It's too bad they got in, but [sharing information] is your revenge," he added.

Phyllis Schneck, deputy undersecretary for cybersecurity and communications at DHS' National Protection and Programs Directorate, echoed those sentiments and urged the audience, made up largely of private-sector corporate and IT managers, to help her agency build defenses to protect everyone.

The agency's National Cybersecurity and Communications Integration Center serves as the hub for collecting and distributing threat indicators from business and government IT operations. NCCIC includes the Automated Indicator Sharing system.

Through programs such as Continuous Diagnostics and Mitigation, Einstein and others, Schneck said DHS is building a cyber body that can automatically repel infections just like the human body. To do that, she said private-sector input about malware, viruses and other electronic attack methods is crucial.

She added that DHS officials are concerned about ransomware, which locks a user's computer and the data on it until funds are transferred electronically to the attacker.

"There is no guarantee they'll unlock anything," she said. "But it's not just data." Attackers have begun extending the "ridiculous amount of control" that the malware can convey to other areas, such as hospital patient records. Schneck warned that medical devices could also be targeted.

The re-emergence of ransomware in the past couple of years shows that some tactics remain the same but have more computing power behind them. The threat indicators for ransomware attacks are the same as those for other malware-based threats, and they could be blocked if more indicators are catalogued and sent to the government and the private sector, she said.

"If we could push out indicators, we could put a dent in ransomware," she said.