The announcement by the White House Tuesday that JBS, the world’s largest meatpacker, has been hit with a ransomware cyberattack likely launched from Russia against some of the company’s U.S. and Australian plants illustrates the urgency of stepped-up action to defend against potentially catastrophic assaults.
The cyberattack prompted JBS to shut its five largest beef processing plans in the U.S., which together slaughter 25,500 cattle a day, amounting to almost a fifth of U.S. beef production, JBS said. Some plants in Australia and Canada were also shut.
"JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia," said White House principal deputy press secretary Karine Jean-Pierre.
"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals." She said President Biden has directed the federal government to take action to limit the impact on the supply of meat.
The Tuesday announcement comes less than a week after Microsoft announced that Russian hackers have staged cyberattacks on over 150 government agencies and other organizations around the world. Microsoft said Thursday that the attacks targeted about 3,000 email accounts in at least 24 countries, with the U.S. hardest hit.
The Department of Homeland Security took an important and long-overdue step Thursday with its announcement that it will regulate cybersecurity for pipelines carrying fuel and other products across the U.S., but far more must be done. The Homeland Security action is a response to the cyberattack that shut down the 5,500-mile Colonial Pipeline, which transports 45% of the gasoline and diesel fuel used on the East Coast.
The new regulation will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the Department of Homeland Security, the department said. The regulation gives pipeline companies 30 days to report any cyber vulnerabilities and requires the companies to staff round-the-clock emergency centers able to deal with cyberattacks.
The 11-day shutdown of the Colonial Pipeline in early May created a nightmare for drivers. Yet we could face a much worse nightmare because America’s infrastructure, health care system, government agencies and businesses remain at grave risk of falling victim to more devastating cyberattacks. We could see not just our fuel supply and food supply disrupted in the future, but our electricity power grid and much more knocked out of commission, creating a nationwide shutdown and unemployment far worse than what we experienced as a result of COVID-19.
The Colonial Pipeline was shut after the pipeline operator made a $4.4 million ransom payment to a criminal gang believed based in Russia that attacked the computer system controlling the pipeline. Motorists rushed to fill their tanks as gasoline pumps ran dry, while cars lined up for available fuel at higher prices.
Closing our eyes to these cyberattacks and forgetting about them would be as foolish as doing nothing to protect against terrorism after the Sept. 11, 2001 attacks. Our national security requires an urgent response to harden targets against cyberattacks to come. This will cost billions of dollars, but the cost of not acting will be far higher.
The new attacks are far from the only cyberattacks on our country. There have been many others.
One of the biggest attacks took place in 2019 against the SolarWinds information technology company. Hackers reportedly based in Russia invaded the company’s information systems undetected and infected the computers of many of its 33,000 customers with malware that enabled attackers to spy on the companies and in some cases on their clients. Federal and state agencies, a hospital, a university, and companies including Microsoft, Cisco and Intel were all hit.
Fortunately, we are not helpless to defend ourselves. Just as the military, law enforcement agencies and private security firms guard against physical attacks, we need to do more to guard against attacks in cyberspace that have the potential to cause enormous damage.
As a first step, Democrats and Republicans in Congress should unite to provide funding to protect our vital infrastructure from cyberattacks. Funds need to be added to President Biden’s proposed infrastructure and jobs plan to protect new and existing infrastructure from hackers.
In addition, government agencies, health care organizations, public utilities and businesses have a responsibility to develop strategies to proactively detect and respond to cyberattacks.
Ransomware is commonly delivered through phishing emails, or programs that are automatically downloaded from the Internet without the user’s consent or even knowledge. The malicious code typically runs without user interaction.
Strategies to detect cyberattacks can provide the ability to receive information about new threats and the ability to detect malicious software, and can scan networks for anomalies, including unusual user behavior.
Strong security controls start at the physical layer, and include personnel security, identification and authentication, access controls, media protection, system monitoring, incident response and even supply chain risk management.
At a basic level, antivirus software, firewalls, and email filters should be configured, activated, and kept updated. Computer system backups are essential. Backed-up data should be stored offline, where networks can’t make contact with the preserved digital information.
For organizations that require the highest level of protection, all employees must be investigated to the extent permitted under the law to reduce the risk of insider threats. In addition, employees must receive mandatory cybersecurity awareness training.
America is being targeted by numerous attacks every day in a global cyberwar. We must not remain vulnerable to a cyber Sept. 11.
We must learn from malevolent attacks that have already taken place to prevent future attacks, and this must become one of our top national priorities. The action by the Department of Homeland Security on pipelines is a good start, but much more needs to be done as quickly as possible.
Jason Roys is president of SDV INTERNATIONAL, which has managed cybersecurity and software development projects for federal government agencies, health care systems and other organizations since 2008. Follow him on Twitter @ThinkJasonRoys.