Wednesday, May 12, 2021

Frum Deputy National Security Adviser Anne Neuberger Getting Flack For Breaking With FBI Policy on Ransom Payments

 


Cybersecurity experts condemned the White House after senior officials broke from the FBI's advice that companies should not pay ransomware demands, saying instead it was instead a decision for the private sector. 

Specialists in computer security fear the lure of easy corporate money could trigger a fresh wave of attacks even as gas stations run dry in the wake of the Darkside attack on a major fuel pipeline.

James Knight, of Digital Warfare Corp, told DailyMail.com: 'I think it is incredibly foolish that they even suggested it.

'It may be something that has to be done in practice – but to say it live was ridiculous. Absolute stupidity.'

The U.S. cybersecurity community has been poring over the attack on Colonial Pipeline to learn just how members of the Darkside hacker group were able to access its systems.

Colonial Pipeline shut down its 5,500-mile pipe network on Friday and has not said whether it paid a ransom.

White House officials addressed the issue during a briefing on Monday.

'We recognize that victims of cyberattacks often face a very difficult situation,' said Anne Neuberger, deputy national security adviser for cyber.

'And they have to just balance off, in the cost-benefit, when they have no choice with regard to paying a ransom.'

She said officials had not told the company what to do.

KINDLY SUPPORT OUR BLOG BY BROWSING THE ADS

THANKS SO MUCH,, IT MEANS THE WORLD TO US IN THESE DIFFICULT TIME

'Typically that is a private-sector decision and the administration has not offered further advice at this time,' she said.

Her stance is at odds with FBI advice on paying ransoms.

It tells victims not to make the crime profitable by paying up.

'Paying a ransom doesn't guarantee you or your organization will get any data back,' it says on its website.

'It also encourages perpetrators target more victims and offers an incentive for others to get involved in this type of illegal activity.'

Jim Carafano, national security expert at the conservative Heritage Foundation, said he was 'gobsmacked' by the White House's cavalier approach.

'This is a very risk averse administration that doesn't want to get deeply bogged down in a lot of things that distract from its domestic agenda,' he said.

'For them to take ownership of this pipeline issue would make it their problem.

'It is more convenient for them to push it back on the company.'

The attack on a company that delivers almost half of the fuel used on the East Coast, underscores the vulnerabilities in the nation's critical infrastructure.

On Monday evening, the White House said it was monitoring shortages in the Southeast and that President Joe Biden had directed federal agencies to act.

'We need to invest to safeguard our critical infrastructure,' he said earlier in the day. 

However, experts like Knight fear the US is ripe with targets for groups like Darkside who steal or scramble data before demanding a ransom.

'Security of critical infrastructure is still a bit of a mess in this country. They have done a lot of good work, particularly on the electricity grid, but there's still a lot of problems, especially in the state systems and local water systems,' he said.

That meant paying a ransom was often the least worst option for victims of the ransomware gangs, he said, even if it was wrong for the administration to offer a tacit green light.

'Sometimes you have to weigh it up,' he said. 'And it's not just about how much it will cost you in downtime, restoring everything – it is also how reliable are the people running the ransom.' 

KINDLY SUPPORT OUR BLOG BY BROWSING THE ADS

THANKS SO MUCH,, IT MEANS THE WORLD TO US IN THESE DIFFICULT TIME

No comments: