On May 12, a ransomware campaign infected tens of thousands of systems across 164 countries, including the United States. From the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), government and industry experts watched WannaCry spread quickly across a range of industries.
As a team, we responded by sharing information and samples of the malware, identifying victims, and helping them contain the impact. This type of shared awareness and response between government and industry reflects the essence of the NCCIC, and the Department’s collaborative approach to cybersecurity.
The US government’s announcement that North Korea was behind last spring’s WannaCry attack signals this administration’s continued commitment to identifying those who threaten our industries, citizens and way of life, and to holding them accountable. In conjunction with Monday’s release of the National Security Strategy, this announcement underscores the need for a renewed commitment for both government and industry to work together in defense of our nation.
For WannaCry, protective measures already in place prevented significant damage to the United States. Our networks withstood the onslaught, and our response efforts prevented an unchecked ransomware attack. Private individuals, industry, and government agencies at all levels were protected because they ran modern systems and kept them up to date.
But we can’t assume we’ll be prepared the next time. Maybe a specific sector, industry, or function will be targeted — or a major company that provides essential services. We repeatedly hear that a single company can’t possibly defend itself against a nation state, and that the government must do more to protect the industries that drive the greatest economic engine the world has ever seen.
I agree. No company should be left on its own. The government must do more — but we can’t do it alone. We must work together to succeed. This concept of partnering for defense is not new.
The US government has long worked closely with allies to address shared threats, and the need for common action has been embraced by industry with the establishment of groups like the Cyber Threat Alliance. This should be our future — enhanced network protection through cybersecurity collaboration.
In 2015, Congress passed the Cybersecurity Information Sharing Act, which provided DHS authorities to share cyber threat indicators and provide liability protections to organizations that did so. One such sharing capability, the Automated Indicator Sharing (AIS) program, pushes cyber threat indicators (pieces of information like malicious IP addresses or the sender address of a phishing email, though they can be much more complicated) between DHS and the private sector at machine speed, within a strong privacy framework that enables immediate actions to protect networks.
As of today, we’ve signed up close to 200 companies and government agencies and have shared more than 1.3 million unique indicators across the AIS platform. This increases the cost for our adversaries and forces them to develop new tactics, techniques, and procedures.
Current levels of information sharing are an important start, but it’s not good enough. Cybersecurity is a shared responsibility; we all play a part in keeping the internet safe. To prevent another attack like WannaCry, we are calling on all companies to commit to the collective defense of our nation.
We must ensure that indicators and information about cyber threats are shared broadly across the community so that more organizations can be inoculated against those threats. All entities — particularly those regularly targeted — benefit when the rest of the population can defend itself. AIS can be a rallying point for that collective defense, where — with a large enough group participating — organizations of all sizes, regardless of sophistication or investments, work collaboratively to defend our networks and our country.
DHS is also moving to inject a customer-oriented approach to cybersecurity, with a focus on ensuring the Department’s services are informed by our stakeholders’ requirements and deliver measurable value. This is in line with the Cybersecurity and Infrastructure Security Act of 2017 that recently passed the House of Representatives. If enacted, the Department of Homeland Security’s National Protection and Programs Directorate would be renamed the “Cybersecurity and Infrastructure Security Agency,” to more clearly communicate our mission to our stakeholders.
I challenge our nation’s businesses to commit to join with DHS to defend our nation. DHS is working with all levels of government to enhance cybersecurity and stands ready to be your partner in taking a collaborative stance against our enemies. Together, we can defend against those who would threaten our economy and our American way of life.