By Jeff Domansky, June 3, 2021
The world of cybersecurity is not on the radar of the average American. That is, until yesterday when news broke of a Russian ransomware attack infiltrating operations of one of the largest US beef producers, Brazilian-owned JBS.
The attack caused temporary shutdowns of several of its US plants as well as slaughterhouses in Australia, the next largest US beef supplier after Canada.
I mean, if there’s anything that’s going to get Jill and Joe Citizen up in arms, it’s a threat to their plans for next weekend’s BBQ.
Hamburglared
Yesterday’s attack presents more fuel for the BBQ when it comes to funding support for cybersecurity.
Present Biden needs another trillion dollars for cybersecurity? Check!
The White House needs to impose new sanctions on Russian bad actors? If they’re targeting our hamburgers, by God, we’ll show ’em.
A bipartisan approach to protecting BBQ? All hot dog and hamburger-loving Americans should be pressing their representatives to get on board.
“Texas has the most beef cows in the United States in 2021, followed by Oklahoma, Missouri, Nebraska & South Dakota. Texas has more beef cows in 2021 than Missouri and Oklahoma combined. Texas accounts for roughly 15% of the beef cows in the United States,” according to the industry website Beef2Live.com.
These largest states producing beef in the US are – wait for it – decidedly red, just like a rare steak. C’mon Republicans, your hamburger loving constituents need you now.
I think we have a solution that can finally bring together Americans of all political stripes for once. BBQ-loving, half-ton driving, gun owners, and McDonald’s customers finally have something in common with latte-loving, Silicon Valley millennial millionaire liberals. It’s hamburgers!
Cybersecurity and sanctions against foreign actors need our support. Without it, our barbecues, family get-togethers, and tailgate parties are in serious jeopardy.
The serious side to US infrastructure cybersecurity
All kidding aside, the Biden government recognizes the potential impact of cybersecurity attacks on the US economy.
In a May 18 Executive Order, the White House said, “Cybersecurity is one of the preeminent challenges of our time, which is why President Biden has made strengthening US cybersecurity capabilities a top priority.”
The White House is asking Congress to support billions of dollars for civilian government cybersecurity next year, in addition to funding for classified military cybersecurity operations.
Recent infrastructure cyber-attacks on a municipal water treatment facility in Florida, energy infrastructure including nuclear facilities and the Colonial Pipeline, the ferry to Martha’s Vineyard, and the attack on beef production yesterday all bring the issue into sharp focus.
The proposed cybersecurity budget includes $750 million for fixes following the SolarWinds hacks of corporate and government internet infrastructure. Another $500 million aims to replace outdated government IT at federal agencies vulnerable to hacking, replacing them with updated systems and cybersecurity protection.
A further $110 million is targeted to go to the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency and its growing role as the government’s own cybersecurity traffic cop.
All in all, Biden’s FY22 budget includes $58.4 billion for IT and $9.8 billion for civilian cybersecurity. So far, the GOP hasn’t served up any support or an adequate response to an escalating infrastructure problem.
Security expert talks hamburgers and Russian hackers
Yesterday, Rachel Maddow led off her MSNBC News program with a look at the Russian hacking of US infrastructure, including the JBS beef operations. She interviewed David Kennedy, a former US military operations hacker and corporate cybersecurity expert, and CEO of TrustedSec to talk about the challenge of Russian hackers.
“These groups operate with complete impunity inside of the Russian government,” Kennedy said. “REvil most specifically nets over $100 million a year from ransomware attacks. DarkSide’s very similar to that type of figure as well. You look at Ryuk, multiple hundreds of millions of dollars per year. These groups continue to grow, expand, and their sophistication grows.”
“The problem is we’re continuously paying these ransoms because they’re getting so good at what they do, going after our backups and stealing our data. They entrench themselves so that these companies cannot recover. It’s a terrifying situation for these organizations… They’re completely shut down, they can’t pay checks, they can’t export their goods, they can’t manufacture products, they’re completely shut down, and the only recourse they have is to pay these ransomware groups,” Kennedy explained.
Kennedy said the hacker groups reinvest their proceeds into more research, becoming more sophisticated and attacking larger organizations like Acer and Universal Health Services.
“If the Russian government didn’t want these ransomware groups to operate, they wouldn’t be operating. One hundred percent,” Kennedy said. “Let’s just be frank. The top five ransomware groups are out of Russia.”
In the leadup to the Biden-Putin summit, Maddow asked Kennedy how to interpret recent US infrastructure attacks.
“The Russian government and FSB have been involved in some major, prolific attacks against SolarWinds which impacted Microsoft, Intel, VMware, Cisco, all the major companies that are the technological backbones of our country. Also, going after federal government agencies, our energy grid, I mean Russia’s government has been very overt on the cyber fronts, but we’ve never seen these ransomware groups bite off so big of an attack against critical infrastructure before,” Kennedy cautioned.
“They’ve been very brazen about what they’ve been doing, and it’s peculiar that it’s around the same timeframes with the new administration coming on board to test the waters,” he concluded. “I’d be very surprised if they weren’t aware these targets were going on and if it wasn’t directed by the [Russian] government itself.”
Cybersecurity & economy tied closely together
Recent attacks show Russian and other foreign actors are targeting government agencies and critical business infrastructure. These global criminal enterprises don’t just steal money. They damage infrastructure, create havoc and disrupt everyday life, and enable the weaponization of cybersecurity to harm the economies of enemies.
“A 2019 fire at a single Tyson Foods processing plant in Kansas caused cattle prices to fall and retail beef prices to jump. A hint of those market dislocations was seen again on Tuesday. Cattle futures fell on fears that meat processing shutdowns would suspend the ability to move cows from the pasture and feedlot to the slaughterhouse, while at the same time, fears rose about potential price hikes in stores and restaurants,” CNBC reported.
Security experts pose solutions
The previous administration and government agencies were slow to respond to security threats. Homeland Security just issued a new set of cybersecurity requirements for pipelines following last month’s Colonial Pipeline attack. Expect to see similar conditions for other essential economic sectors soon.
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger issued a June 2 open letter to business leaders urging heightened vigilance and specific cybersecurity protection and prevention steps to protect against attacks.
“The White House has expertly identified the key steps companies can take to minimize the risk and impact of a ransomware attack. Unfortunately, with hundreds of thousands of cyber positions unfilled in the US alone, the million-pound gorilla in the room is, “where are the qualified cyber practitioners that can expertly implement the recommendations?” Ideally, the national strategy will also rethink the underlying economics of identifying the potential talent, decreasing the cost of training the talent, and retaining that talent in industry,” said Doug Britton, CEO, Haystack Solutions.
Part of the challenge is the failure of businesses to replace or update aging legacy technology systems that simply can’t protect against today’s modern cybersecurity threats.
“These repeated breaches indicate it is time to hold critical infrastructure organizations accountable. Financial institutions and even retail have been held to a higher level of legislative scrutiny, so why is it that infrastructure organizations appear to skate by?” asked Tom Garruba, CISO of Shared Assessments. “Perhaps it’s time to bring in the executives and board members of these breached organizations to publicly explain these breaches and how their organizations are addressing the IT risks in the current environment. Every C-Suite and BoD needs to be similarly prepared to answer these questions.”
Cybersecurity hamburger helper
Cybersecurity is now on the average consumer’s backyard BBQ table for discussion. You just don’t get between an American and her or his hamburgers. It’s a recipe for potential bipartisan cooperation.
In the effort to promote cybersecurity, my advice to President Biden and his opponents is to remember the immortal words of John Belushi in one of our favorite Saturday Night Live skits: “Hamburger, hamburger, hamburger!”
If that doesn’t get you hanging onto your hamburger tightly and supporting increased cybersecurity efforts, nothing will. Meanwhile, I hope your plans are going well for a sunny weekend BBQ.
Watch Rachel Maddow’s fascinating interview with Kennedy at the following link on YouTube https://youtu.be/xeBnIDVfFZs.
Other PaymentsNEXT cybersecurity coverage:
The sorry state of application security in financial services
Klarna buys now, will pay later for security lapse
Lazy Android app cloud security exposed data for 100 million+
LET’S CONNECT