Cybersecurity czar warns of threats, sings steps

by Steve Brawner ([email protected]) 324 views 

Companies and individuals can take four simple steps to protect themselves from cyber threats, and the federal Cybersecurity and Infrastructure Agency (CISA) can help them do it.

That was part of the message provided by Jen Easterly, CISA director, at the two-day 2024 Cybersecurity Summit organized by Arkansas Attorney General Tim Griffin in cooperation with the Forge Institute.

Easterly sang a public service announcement created by her agency to help attendees remember the four steps to having “cyberhygiene”: “Install your updates, make better passwords, thing before you click and use mul-ti-ple factors.”

Taking those four steps would prevent 98% of all cyber attacks, she said.

She encouraged attendees to use complex, unique passwords and download a free password manager that can generate and remember passwords for sensitive accounts. Users should install software updates, which exist in order to fill new security holes. They should recognize and report phishing attempts where someone is trying to embed malware onto their system. And they should use multifactor authentication where more than one step is required to sign into an account.

Amplifying the importance of strong passwords, Griffin said “friendly” hackers had been brought to Arkansas to test a major infrastructure entity in the state that he said probably impacts everyone in the room. The hackers discovered the password for the air-conditioning system was “password.” By getting into that system, they could go anywhere they wanted within the entity’s infrastructure.

Easterly said a similar situation had occurred recently with water facilities that were using default “11111” passwords set by the vendor.

More than 1,600 were registered for the summit held at the Statehouse Convention Center in Little Rock. Also scheduled to speak were Sen. Tom Cotton, R-Ark., and U.S. Reps. Rick Crawford, R-Jonesboro, and French Hill, R-Little Rock.

Griffin opened the summit by warning that the world is interconnected and that adversaries including China pose a threat. Low-level warfare – “gray zone conflict” – is already occurring in a way reminiscent of the Cold War.

“I don’t think anyone can question: Why cybersecurity? Why now?” he said.

Easterly was nominated by President Biden in April 2021 to lead the agency after a career in the U.S. Army and after serving as President Obama’s special assistant for counterterrorism.

She said Congress created CISA in 2018, making it the newest agency in the federal government. She said it’s the government’s cyberdefense agency and is the national coordinator for critical infrastructure security and resilience. It helps protect the cyber and physical infrastructure Americans rely on every day for water, power, healthcare, education, finance and other sectors of the economy.

The vast majority of all that is owned by the private sector or at the state and local level. CISA isn’t a regulator but instead is a voluntary agency that works with partners in 10 regions. Since the summer of July 2021, it has hired more than 2,200 people. Staff work with partners on the ground and provide no-cost cybersecurity and physical security services.

CISA had created 37 cybersecurity performance goals characterized by cost, complexity and impact that entities can use to reduce their vulnerability. Its scanning services can assess a system and generate reports that will describe a vulnerability being used by a ransomware actor.

Griffin warned that those distrustful of working with the federal government should know their computers are already being scanned by bad actors, to which Easterly added, “All the time.”

She said China has “become increasingly aggressive.” The Chinese state-sponsored cyber group Volt Typhoon is looking to embed itself in critical American infrastructure to create disruption in the event of a major crisis in the Taiwan Strait.

“This is a world where a conflict halfway across the globe could have real impacts on the lives of Americans,” she said. “You could see things like pipelines exploding, rail lines getting derailed, comms being severed, and water being impacted very negatively.”

She said foreign adversaries are working to undermine Americans’ confidence in the country’s institutions and to stoke partisan discord.