Daxdi now accepts payments with Bitcoin

US Security Chief on Cyber Threats: We Alone Cannot Fix It 

SAN FRANCISCO—The security-focused RSA Conference has often been used by US government officials to explain policy positions and connect with the industry, and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs made a similar pitch on Tuesday: collaborate to protect the US from cyber attacks.

Officially, Krebs’ job is “to defend civilian networks, manage systemic risk to National Critical Functions, and work with stakeholders to raise the security baseline of the nation’s cyber-infrastructure and physical infrastructure.” Onstage here, his pitch was more to the point: “We like security so much it’s in our name twice.”

CISA Needs Your Help

Krebs described CISA as the nation’s risk advisor, and it has the unique role of being able to take information from intelligence agencies and match it to reports from the industry to create US-CERT warnings.

To make that work, however, the private sector needs to share what it knows.

“If you see something, you can share it [and we can] validate and amplify it,” said Krebs.

Part of that process is anonymization, so companies don’t have to worry about embarrassing blowback.

“I’m not a big fan of security through obscurity,” said Krebs.

“If everybody does work together...and shares information rapidly enough, we can build up better defenses.”

Christopher Krebs in January 2020 (Photo By Tom Williams/CQ-Roll Call, Inc via Getty Images)

Krebs acknowledged that the feds missed the rise of ransomware, which holds data or machines hostage by encrypting them and only releases the key if a ransom is paid.

In recent years, we've seen ransomware go beyond individuals to target state and municipal governments.

Krebs advises victims not to pay.

When they do, “you’re validating the economic model,” he argued.

The keys might not even work, at which point victims have no recourse.

“What are you going to do? Sue them?”

Elections and the Common Good

Krebs referred to Russia’s meddling in the 2016 US presidential election as a Sputnik moment.

It "was the first time for the elected officials and the American public to truly understand that cyber could destabilize a democracy, and that’s where we are now,” he said.

The decentralized nature of American elections—where individual districts and states have enormous leeway over how elections take place—makes it much harder for an attacker to change votes at scale in an undetectable manner.

But even successfully targeting just a few districts, Krebs said, could have a damning effect on the public’s confidence in elections.

“We have the time right now to understand what the threats are and inoculate the public,” he said.

Recommended by Our Editors

When it comes to voting, Krebs echoed the advice of many security experts—paper ballots are the best way to ensure a verifiable election.

He was deeply skeptical of alternative forms of voting, such as smartphone or computer applications.

“Those systems are not clean enough that you’re going to get the authentic, credible piece of information about the vote,” said Krebs.

While industry and government have a role in securing elections, Krebs also said individual voters play a part.

“One hundred percent security is not possible,” he said.

“You as the voter need to have a plan as well.”

That fit in well with his larger theme of CISA and the security industry working to protect the common good for all citizens.

“We are only gonna do this together, this is what we have to achieve here,” said Krebs.

SAN FRANCISCO—The security-focused RSA Conference has often been used by US government officials to explain policy positions and connect with the industry, and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs made a similar pitch on Tuesday: collaborate to protect the US from cyber attacks.

Officially, Krebs’ job is “to defend civilian networks, manage systemic risk to National Critical Functions, and work with stakeholders to raise the security baseline of the nation’s cyber-infrastructure and physical infrastructure.” Onstage here, his pitch was more to the point: “We like security so much it’s in our name twice.”

CISA Needs Your Help

Krebs described CISA as the nation’s risk advisor, and it has the unique role of being able to take information from intelligence agencies and match it to reports from the industry to create US-CERT warnings.

To make that work, however, the private sector needs to share what it knows.

“If you see something, you can share it [and we can] validate and amplify it,” said Krebs.

Part of that process is anonymization, so companies don’t have to worry about embarrassing blowback.

“I’m not a big fan of security through obscurity,” said Krebs.

“If everybody does work together...and shares information rapidly enough, we can build up better defenses.”

Christopher Krebs in January 2020 (Photo By Tom Williams/CQ-Roll Call, Inc via Getty Images)

Krebs acknowledged that the feds missed the rise of ransomware, which holds data or machines hostage by encrypting them and only releases the key if a ransom is paid.

In recent years, we've seen ransomware go beyond individuals to target state and municipal governments.

Krebs advises victims not to pay.

When they do, “you’re validating the economic model,” he argued.

The keys might not even work, at which point victims have no recourse.

“What are you going to do? Sue them?”

Elections and the Common Good

Krebs referred to Russia’s meddling in the 2016 US presidential election as a Sputnik moment.

It "was the first time for the elected officials and the American public to truly understand that cyber could destabilize a democracy, and that’s where we are now,” he said.

The decentralized nature of American elections—where individual districts and states have enormous leeway over how elections take place—makes it much harder for an attacker to change votes at scale in an undetectable manner.

But even successfully targeting just a few districts, Krebs said, could have a damning effect on the public’s confidence in elections.

“We have the time right now to understand what the threats are and inoculate the public,” he said.

Recommended by Our Editors

When it comes to voting, Krebs echoed the advice of many security experts—paper ballots are the best way to ensure a verifiable election.

He was deeply skeptical of alternative forms of voting, such as smartphone or computer applications.

“Those systems are not clean enough that you’re going to get the authentic, credible piece of information about the vote,” said Krebs.

While industry and government have a role in securing elections, Krebs also said individual voters play a part.

“One hundred percent security is not possible,” he said.

“You as the voter need to have a plan as well.”

That fit in well with his larger theme of CISA and the security industry working to protect the common good for all citizens.

“We are only gonna do this together, this is what we have to achieve here,” said Krebs.

PakaPuka

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue