In addition to facing cyber threats from nation-states, both government and private organizations have been the victims of an increased volume of ransomware attacks from criminal organizations over the last two years. A Central Intelligence Agency (CIA) official emphasized this week that organizations need to be on the lookout for any suspicious activity on their systems in order to guard against the uptick in ransomware attacks.
CIA Deputy Chief Information Officer Matthew Riddle explained how this challenge varies for the intelligence community (IC), and how the CIA deals with the challenge, at MeriTalk’s Cyber Central: Defenders Unite virtual event on Oct. 28.
“We’ve got to build our defenses in terms of not just looking for ransomware but being able to look for anything anomalous from an activity perspective and being able to take action,” Riddle said at the event. “The primary thing that we need to do is architect in for resilience, make sure that we have flexibility and availability of our systems, and we’ve really got to make sure that it’s easy for us to respond.”
To combat ransomware specifically, Riddle said it’s important that the Federal government and private-sector organizations are looking at protecting their systems by being proactive, rather than reactive.
“We’ve got to be proactive,” Riddle emphasized. “Typically, we’ve looked at cyber as a reactive activity, and we’ve really got to reframe that culture to, ‘Everybody’s got a hand in cyber.’ And that’s one of the things that we’re trying to really do in a heavy-handed way, at least at the CIA, but across the intelligence community, is make sure that everybody understands that cyber is their job.”
When it comes to the CIA and other members of the IC, there is an additional challenge to protecting those systems. As much of the IC deals in classified information and missions, those organizations are often operating on systems that feature disconnected classified networks that are not connected to the Internet.
Riddle said this additional challenge makes threat information sharing difficult both across the IC and with industry. He said moving toward a zero trust architecture and away from the castle-and-moat defense philosophy, will help protect the IC from threats.
“It also makes it fairly insular in terms of the way that we have traditionally looked at things in the past,” Riddle added. “[It was] kind of this castle-and-moat philosophy of where we look at these air-gapped networks as being unavailable to our adversaries.”
“And as we really dive down deep into the connectivity that we have across all these networks in terms of cross-domain solutions, and a lot of things we have in order to take things from the open Internet up to our classified networks and back, there’s a lot more connectivity than previously thought,” he said.
“We’ve really got to make a better effort at making sure that we’re putting the right security architecture in place and taking advantage of all the expertise,” he concluded.
To hear the full discussion, please visit Cyber Central: Defenders Unite.