In May 2021, cybercriminals attacked Colonial Pipeline. Based in Texas, but vital for carrying three million barrels of oil to the US Eastern seaboard every day, the company announced that hackers had blocked its billing system. This meant that Colonial couldn’t receive payment from customers – while facing a looming ransom payment to its attackers.
To get their systems back online, the company eventually paid $4.4m in ransom to a group of cybercriminals in one of the most audacious ransomware attacks ever seen in the US. Colonial was not the only one affected by the assault: airlines cancelled flights, and more than 15,000 fuel stations suffered shortages.
And as Marcus Fowler, Darktrace’s director of strategic threat, makes clear, the Colonial fiasco will not be the last time that hackers disable a significant slice of the American economy. “Cyber aggression has increased at a rapid scale,” observes Fowler.
Indeed, from the attack on Colonial Pipeline to 2020’s SolarWinds hack, criminals and state actors are increasingly ruthless and ambitious when it comes to targeting critical national infrastructure. In turn, cybersecurity has moved to the top of the security agenda for governments and private enterprises. As President Biden recently put it, cybersecurity is now “the core national security challenge we [face].”
A public commitment
If this is a war, it requires a new type of general. In recognition of this fact, earlier this year, Chris Inglis became the first-ever individual to take the helm at the Office of the National Cyber Director. This new agency was designed to advise President Biden on cybersecurity and is part of a broader thrust to place ones and zeros at the heart of White House policy.
Taken together, Fowler says he would give the Biden administration “fairly high marks” so far in prioritising and addressing the cyber challenge head-on. All the same, it would be wrong to imply that public officials have received a positive appraisal across the board over the longer term.
For one thing, government efforts have arguably been too focused on what Fowler calls the “perimeter and moats” of external-facing cyber defence without reflecting on their internal set-ups. For another, partnerships with the private sector – private firms like Colonial Pipeline ultimately run 80% of America’s critical infrastructure – have traditionally been too lax.
But with recent public attacks front of mind, Fowler hints that things are starting to change, something he says begins with the government. For him, a robust national cybersecurity strategy is less about “threat prediction” and more related to “the ability to disrupt attacks in their earliest moments, as they’re occurring.”
With some 36,000 cybersecurity positions currently open across US national and local government, and a growing number of newly issued cybersecurity executive orders and directives, there is ample evidence that officials are finally paying attention. In a similar vein, Fowler says he would like to see “increased reporting requirements” around what private infrastructure providers are doing to protect themselves.
In a recent public statement, Chris Inglis proclaimed that the US wasn’t “out of the woods yet” regarding ransomware. But, as Fowler points out, given that we only know about publicly reported ransomware attacks, not having the full picture of the scale of the challenge means we can’t even gauge the size of the forest – or where we stand in the journey
Although Inglis has only been in situ for a few months, Fowler is optimistic that he can “orchestrate a unified defence” at the Office of the National Cyber Director if given the necessary resources and authority to own the mission properly. “It can’t just be another voice in a room of lots of federal agencies that have a sliver of cyber defence,” Fowler cautions.
Threat-agnostic responses
Beyond the shock of recent attacks, the changing nature of the threats themselves is stimulating a more holistic approach to cyber defence. To begin with, state actors are becoming more brazen. From attacking space assets to disrupting the Covid-19 vaccine supply chain, in a world still lacking proper rules of digital engagement and where spooks can ravage a rival’s infrastructure at the press of a button, this is probably to be expected.
“There’s an overlap between some cybercriminal groups and adversary nation-states,” acknowledges Fowler. And regardless of who exactly is behind an attack or which multinational is the target, the consequences of a cyber breach can quickly ripple down to small businesses too.
“I get very concerned about unintentional escalation because [the attacker] didn’t quite understand that this attack was going to cause collateral damage,” says Darktrace‘s director of strategic threat. It goes without saying, he adds, that this is doubly true in an increasingly interconnected and globalised national-security environment.
Even so, it would be wrong to think that any counterstrategy needs necessarily only be reactive after an attack has occurred. On the contrary, if independent and state-backed cybercriminals now pose similar threats, IT teams need to adopt similar tactics and hone what Fowler calls a “threat-agnostic” response.
“If you can leverage home-field advantage by understanding what is normal and quickly respond to what is abnormal within your business operations, you can actively defend,” he says.
“That’s a very different place when it comes to business resilience – because whether it’s a zero-day threat, an insider threat, or a ransomware actor, your defence is still going to be able to react to whatever flavour that actor comes in.”
AI partnerships
Of course, developing such a versatile cybersecurity platform requires proper expertise. But in a country where 359,000 cyber jobs went unfilled in 2020, finding the right talent can be challenging.
One solution is to harness the power of technology. Rather than scouring LinkedIn for that one perfect candidate that meets almost unrealistic requirements, Fowler suggests government and infrastructure bodies can leverage artificial intelligence (AI), of the type offered by Darktrace, to act as a kind of super-intelligent workmate.
Apart from giving existing staff more time to work on other critical tasks, Darktrace’s AI can quickly get to grips with incoming threats – before offering their human partners concise, actionable reports.
If nothing else, harnessing the power of new technologies and abilities is crucial as new threats emerge and evolve. ”Cybercriminals are always going to adapt,” Fowler says. We can only beat them when defences constantly adjust, too — a valuable lesson, both for Colonial Pipeline and government leaders on Capitol Hill.