More focus on defending critical infrastructure against cyberattacks is needed, says cyber agency chief
“These two incidents highlight the real and real consequences of cyber incidents, targeting our critical infrastructure. And although today these attacks have impacted Americans at the gas station and in supermarkets, our concern is where could it go next, “Brandon Wales, the current acting director of the Cybersecurity and Infrastructure Security Agency, told CNN’s Pamela Brown in an interview.
While attacks like those on JBS and Colonial Pipeline aren’t new, they have increased in recent years, according to Wales, and they are bolder than ever – leading criminal attackers to seek larger targets for more ransom, including including targets that have real world consequences.
“We are concerned about the direction this may take in the future,” said Wales. “I think our concern is that more targeting of industrial control systems, those things that really allow critical infrastructure to function – whether it’s in water systems or power systems, the manufacturing base of the country – this are targets, and unless we take urgent action, we are truly concerned about the disruptive effects this may have on the American people. “
Both JBS and Colonial Pipeline have paid ransoms to their criminals to unlock their systems, but Wales has warned of the danger of such measures for the country as a whole.
“This has short- and long-term impacts for the country’s cybersecurity and for the cybersecurity potential for these individual businesses,” Wales said. “A recent study found that 80% of businesses that paid ransom were hit again. This way, opponents know they are a target willing to pay.
Why Americans Should Care
No business is too big or too small to fall victim to a ransomware attack, said Wales, and he has advised all businesses and organizations to take steps to strengthen their cyber defenses. Part of CISA’s job is not only to ensure critical infrastructure is protected, but also to help groups take action to better improve their cybersecurity.
While a cyberattack may seem like a distant idea to many, Wales said the number of potential victims “is almost endless”.
“We’ve seen ransomware targeting big business and small multinational corporations and mom and pop stores, nonprofits, almost anyone who runs an internet business in the United States is potentially vulnerable,” said Wales. “We need to do more every day to make sure that no opponent can execute an attack that causes such catastrophic effects.”
He said the daily life of Americans is intrinsically linked to cyber and therefore vulnerable to attack.
“If it’s not 100% for most people, it’s probably pretty close,” Wales said. “You can imagine, you get up in the morning and you try to turn on your lights and they don’t turn on, you try to brush your teeth, and the water isn’t, it’s not there, it is not clean. You try to log in to verify your email and it does not work, you cannot execute a financial transaction because the critical infrastructure of this country has been compromised in some way. another by a computer incident.
Cyber security after the Biden-Putin summit
Wales said it was too soon after President Joe Biden’s summit with Russian President Vladimir Putin earlier this month to determine if there had been any major Russian changes on the cyberattack front, but he responded to Energy Secretary Jennifer Granholm’s interview with CNN’s Jake Tapper on “State of the Union” earlier this month, when she warned in harsh terms that foreign adversaries have the ability to shut down the American electricity grid.
“So we know that several nation states want to target our critical infrastructure to endanger it when and where they choose. We assume that it would probably be in the case of some type of conflict they want to put our infrastructure in danger. danger, to try to influence American political decision-making in these environments or during these times, ”Wales said.
Brown asked Wales if they fundamentally hold any influence over the United States by doing this, to which Wales replied: “This is their goal.”
Wales has warned that the United States government must do more to protect its cyber infrastructure, but it is also the job of the American people and American businesses to take the problem seriously and be “cyber smart. “.
“The threats we face in the cyber world are real and they are increasing,” Wales said. “We are not helpless, there are things we can do, as the American people, as the American government, as a private sector community, can do by working together to solve this problem and we must. consider this across this government, nationwide, because only then will we truly be successful against the adversaries we face. “