Page 52 - FCW, November/December 2021
P. 52
Tech Spotlight Ransomware
from users. Federal agencies’ systems emerged largely unscathed, however, thanks in part to continuous monitor- ing and ongoing access rights reviews that had been strengthened in the pre- vious few years.
The Continuous Diagnostics and Mitigation (CDM) Program, which is managed by CISA, provides a platform for guarding against newly discovered ransomware threats, and its continu- ous monitoring can help security per- sonnel identify and mitigate vulner- abilities in agency systems. The data on specific risks and impacted systems enables agencies to pri- oritize the problems they are addressing. CDM’s reporting capabilities help individual
agencies and the govern- ment as a whole track progress on addressing newly discovered risks. CDM is mandatory for agencies governed by the Chief Financial Offi- cers Act and available for other agencies to use.
WannaCry relied on two
Microsoft Windows vulner- abilities, which Microsoft identified and published to the National Security Database in May 2017, shortly after the first attacks were reported. Information on those Com- mon Vulnerabilities and Exposures (CVEs) are a key resource for the CDM program. Agencies can quickly scan their systems to find assets with those vulnerabilities and then track the reme- diation efforts they undertake. CISA officials can adjust the risk score of the CVEs and push those warnings to agency dashboards across the gov- ernment, with data on the number of at-risk systems flowing back up to an agencywide view.
If a similar ransomware threat emerged today, the current CDM eco- system would allow agencies to iden- tify the risk with minutes and track governmentwide remediation efforts
Year-over-
year growth
in reported
ransomware
attacks
The average ransom demand increased 225% from 2019 to 2020.
62%
20% 56%
2018
42%
of public-sector organizations have suffered ransomware attacks in the past 12 months.
$1.5m
is a government organization’s average cost of recovery from a successful ransomware attack.
Sources: Cybersecurity and Infrastructure Secu- rity Agency, Department of Health and Human Services, FBI
within hours. That response works only when a vulnerability and its fix are known, of course, and zero-day ransomware threats can emerge. But the continuous monitoring that CDM makes possible is an important line of defense.
Is zero trust the real solution?
Federal Chief Information Security Officer Chris DeRusha, who was recently appointed to also serve as deputy national cyber director for
federal cybersecurity, has argued that zero trust architectures are the key to guarding against ransomware and other threats. President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity, released in May, requires all federal agencies to work toward
zero trust.
“We have had some
really serious cyber events over the last six months,” DeRusha told FCW in August, “and from where I sit, it does not look like this is slowing down any- time soon.” The federal gov- ernment needs a paradigm shift and rearchitected systems so that “everyone and everything is treated as untrustworthy until proven other- wise.” Done right, that approach can deny ransomware the access privileges
needed to alter or even access data. Moving to zero trust is a massive and costly undertaking, but DeRusha said the administration is working on ways to support those investments. He recently testified before Congress that Technology Modernization Fund awards are prioritizing security efforts, and 75% of funding requests have been
for cybersecurity improvements.
At the same hearing, National Cyber Director Chris Inglis said the fund’s board is ensuring that “each of the awards [is] consistent with our over-
all cyber strategy.” n
52
November/December 2021 FCW.COM
)
Y
L
U
J
–
Y
R
A
U
N
A
J
(
1
2
0
2
9
1
2
0
0
2
2
0