Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
The White House’s decision to blame North Korea for the WannaCry ransomware attack may help companies guard against future nation-state cyberattacks, cybersecurity pros told Bloomberg Law.
Understanding who is behind a large-scale cyberattack can help companies “have a more effective cyber resiliency strategy,” Ed Stroz, co-president at cybersecurity risk solutions company Stroz Friedberg and a former special agent at the FBI, told Bloomberg Law. Without the ability to attribute a cyberattack to a source, companies can often misunderstand and underestimate the motivations of cybercriminals, especially nation-states, which can lead to future attacks on a business and on the private sector as a whole, he said.
The White House announced Dec. 19 that was it was pinning responsibility for the attack, which affected more than 300,000 computers in more than 150 countries, on the Asian nation.
Businesses are more likely to see increased U.S. government assistance when a nation-state, rather than cybercriminal gang, is involved. Attacks attributed to nation-states may also lead companies to invest more in their cybersecurity protections because such threats don’t easily go away. Nation-state attacks are launched by countries with economic and political backing, making them hard to limit.
Countries like North Korea are a formidable cybersecurity foe because, unlike other cybercriminal groups, “nation-states don’t go out of business or bankrupt,” Stroz said. Such attacks also serve as a reminder to companies that sharing any cyberthreat information can lead, at a minimum, to shifting the blame to the nation-state from the business.
The White House tying North Korea to the WannaCry ransomware attack can also be a reminder to the U.S. government and businesses that cyberthreat information sharing is important to tackle such attacks. Companies that want to share cyberthreat information with the government will generally use a Department of Homeland Security program that was set up under the Cyberthreat Information Sharing Act (CISA) in 2015.
The North Korea attribution will give the U.S. government an opportunity to win over companies skeptical of working with it, Stroz said. If companies are still worried about sharing with the government after the announcement, “this is a good way to answer the skepticism, which the White House definitely will do,” he said.
White House Homeland Security Advisor Tom Bossert said Dec. 19 that the U.S. attribution of the attack to North Korea is “a step towards holding them accountable, but it’s not the last step.” The public- and private-sectors must “cooperate to mitigate cyber risk and to increase the cost to hackers by defending America. The U.S. will lead this effort,” he said.
Companies are weighing when to share cyberthreat intelligence with the government, Matthew Heiman, fellow at the National Security Institute at George Mason University and former attorney adviser in the Department of Justice’s National Security Division, told Bloomberg Law.
The government must do more outreach to convince companies that sharing such data with the government is beneficial to national security, Heiman said. It can reduce cyberthreat sharing anxiety by providing better incentives to companies, such as greater civil and regulatory liability protections, he said.
In addition, the attack may push more companies to work with law enforcement agencies, such as the FBI and DHS, when hit with a large-scale cyberattack.
Working with the law enforcement agencies can only help companies faced with nation-state cyberattacks, Stroz said.
Ransomware attacks are infiltrating more companies across multiple sectors. These attacks are good business models for cybercriminals, as ransom payments are reaching more than $1 billion annually, according to Deputy Attorney General Rod Rosenstein.
Unlike other cybercriminal groups, “nation-states don’t go out of business or bankrupt” and use ransomware attacks to gain a profit, Stroz said.
The WannaCry strike isn’t the first cyberattack that has been attributed to North Korea by the U.S. government.
North Korea launched a cyberattack against Sony Pictures Entertainment Inc. in 2014 over the release of The Interview, a fictional satirical comedy film about a plot to assassinate North Korean leader Kim Jong-Un. U.S. officials under then-President Barack Obama blamed North Korea for the 2014 cyberattack that destroyed Sony’s company data and caused the movie studio to delay the release of the movie.
However, it is the first time that a larger hack that penetrated multiple sectors across many countries was pinned on a specific nation-state adversary, Dmitri Alperovitch, co-founder and chief technology officer at threat intelligence company CrowdStrike Inc. in Arlington, Va., told Bloomberg Law. “It is a big deal” because of geopolitical issues the U.S. faces with North Korea, Russia, and other adversaries, he said.
To contact the reporter on this story: Daniel R. Stoller in Washington at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)