chevron-down Created with Sketch Beta.
August 11, 2021

‘Overdue’ U.S. ransomware response spurred by successful attacks

Cybersecurity has risen to the top of the agenda for the Biden administration with the success of cyberattacks on such entities as SolarWinds, the Colonial Pipeline and the meat processing company JBS.

Security experts gathered on Aug. 4 at the ABA Hybrid Annual Meeting said that the country is finally taking such cyberthreats seriously.  A formal response from the White House is now on the fast track and panelists of "Cybersecurity, Critical Infrastructure, and the New Era of Information Sharing” detailed how the government is taking action.

Judge Terrence Berg of the U.S. District Court for the Eastern District of Michigan said that the U.S. response until now has been an utter failure.

Berg previously worked as a prosecutor in the U.S. Attorney’s Office, handling a wide variety of federal criminal prosecutions and specializing in complex fraud cases and computer, Internet and intellectual property crimes.  With a career fighting cybercriminals, Berg said that these threats have been known for years and many of the same solutions being implemented today have been around for a long time.

“We failed to do what we needed to do some years ago,” said Berg of the U.S. response.

But now, at last, a plan is in motion.

On May 12, following the attack on the Colonial Pipeline, President Biden signed an executive order on Improving the Nation’s Cybersecurity.

Panelists said the president’s measure mandates tighter cybersecurity rules and standards for government contractors in an attempt to reduce the impact of major attacks. Click here to view the Vendor Contracting Project: Cybersecurity Checklist, Second Edition, an important tool to harden cybersecurity defenses.

And notably, some of the lessons learned from the recent ransomware attacks are directly addressed in the Biden plan.

Among those lessons: The recent ransomware attacks underscored the need for better coordination between government agencies that monitor our national security and those public and private entities working hard to avoid being the cyberattack victim, said Claudia Rast, co-chair of the ABA Cybersecurity Legal Task Force.

Rast, who is also a shareholder with the Butzel Long law firm, said that Biden’s efforts include timely and collaborative information sharing and assistance between public and private stakeholders.

Christopher A. Peters, vice president and chief security officer for Entergy, understands the consequences of communication gaps and lack of a coordinated strategy, as a private-sector support supplier to government facilities.

He said that a collective, public-private sector approach to security will provide the country with its best shot at managing the uptick in cyberthreats and attacks.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is an active part of the Biden plan’s implementation, and its chief counsel, Dan Sutherland, said that Section 2 of the executive order – which he calls “Operation Collaboration” – specifically addresses the removal of barriers to the sharing of vital intelligence.

According to Sutherland, five of the executive order’s key deliverables include:

  • Improvements in information sharing about incidents and potential incidents and reporting of incidents.
  • Improvements in cloud security. “We have a lot of visibility in the cloud environment,” Sutherland said of vulnerable U.S. entities of both the private and public sort, also noting that the EO will provide better security principles and a central cloud strategy for the federal government.
  • Secure software used in the supply chain. “We found that commercial software often lacks transparency and a focus in security.”
  • Improvements federal agency coordination. CISA is developing a “federal incident-response playbook” so that relevant agencies work in parallel ways.
  • Creation of a Cyber Safety Review Board, similar to the National Transportation Safety Board.

New tool in cybercrime fight: Rule 41

Panelists noted that the nation’s response to the recent ransomware attacks has included a notable new development: the FBI’s use of Rule 41 of the Federal Rules of Criminal Procedure.

Earlier this year, the agency used the rule to obtain a search warrant through the Southern District of Texas that gave them court-authorized access to private sector computers. Such access allowed the FBI to copy and delete malicious web shells installed by foreign hackers that compromised thousands of Microsoft web servers and exposed private entities to potential ransomware attacks.

Sutherland said the action was helpful to victims and praised the FBI’s proactive approach. Still, “This warrant was pretty unusual,” he said, questioning its use.

“To me, the big question is: Can you use a search warrant to take proactive action to remediate a problem on someone’s computer?” he asked. “I’m not sure that is what Rule 41 was intended to do.”

Cybersecurity, Critical Infrastructure, and the New Era of Information Sharing,” was sponsored by the ABA Cybersecurity Legal Task Force.