9 October 2021

Nakasone Now Sees Ransomware, Influence Ops As ‘National Security’ Threats

BRAD D. WILLIAMS

WASHINGTON: The head of US Cyber Command and the National Security Agency said his idea of “national security” issues for the US in cyberspace has expanded, specifically now including ransomware attacks and online influence operations.

“When I was here two years ago, if someone asked me about ransomware, I would say that’s criminal activity, and the FBI handles ransomware,” Gen. Paul Nakasone said on Tuesday at the 2021 Mandiant Cyber Defense Summit. But now, “when ransomware affects critical infrastructure, it’s a national security issue,” he said, referencing the Colonial Pipeline incident and other ransomware attacks earlier this year.

Ransomware attacks may be primarily carried out by criminal gangs, but when they’re protected by the nation-states in which they live, that’s also a national security issue. Speaking alongside Nakasone and other Intelligence Community leaders last month, FBI Deputy Director Paul Abbate said, “There is no evidence to suggest Russia is cracking down on ransomware operators [inside Russia]. We’ve seen no action. I’d say nothing has changed.”

Nakasone also said he “thinks a lot about influence operations,” and the government entities he now leads consider it “important for us.” He referenced nation-states’ use of social media, as well as emerging techniques such as deepfakes, adding, “That’s the piece I think about. How can we stay ahead of that?”

Nakasone’s comments on influence operations came after Mandiant recently published research on a purported large-scale Chinese influence operation involving hundreds of inauthentic accounts working in seven languages across 30 social media platforms and over 40 additional websites.

The comments also follow, separately, researchers’ warnings about the potential for a coming flood of artificial intelligence-generated disinformation.

Even in areas long considered stomping grounds for foreign hackers, like cyberespionage, Nakasone said that “the SolarWinds incident was a turning point in our nation.” SolarWinds was a widespread spying campaign detected in late 2020 and attributed to Russian actors. Mandiant CEO Kevin Mandia, who moderated the conversation with Nakasone and whose company revealed the campaign, joked, “SolarWinds was a turning point in my sleep patterns and diet.”

Much of Nakasone’s speech reflected on the founding, history, and continuing evolution of CYBERCOM over the past decade, while also touting the NSA’s achievements and capabilities. He said that signals intelligence (SIGINT) is the NSA’s “superpower.”

The year 2018, he said, was a “watershed moment” for CYBERCOM, when the command made significant strategic and operational shifts to more proactive strategies like defending forward, hunting forward, and persistent engagement. He said CYBERCOM “now stands toe-to-toe with adversaries in cyberspace.”

He said a key to CYBERCOM’s and NSA’s success in recent years stems from “cultural” changes at the organizations and in their relationships to the private sector. “We aim to convey that, ‘Hello, we are from the government, and we’re here to help’ is not a scary idea,” he joked. The quote alludes to former President Ronald Reagan’s 1986 observation that, “The nine most terrifying words in the English language are: I’m from the Government, and I’m here to help.”

Nakasone said his organizations are seeking “full-spectrum partnership” with the private sector through CYBERCOM’s DreamPort and NSA’s Cybersecurity Collaboration Center. Partnerships require trust, and trust is required for outcomes, the general observed.

No comments: