F.B.I. Director Compares Ransomware Danger to 9/11 Threat
The Biden administration is taking steps to counter the growing threat of cyberattacks on U.S. businesses, and encouraging companies to do more to protect themselves.,
WASHINGTON — The Biden administration is sounding increasingly urgent alarms about high-profile ransomware attacks that have caused widespread gas shortages, shut meat processing plants and paralyzed hospitals, as officials step up efforts to counter cyberthreats.
Christopher A. Wray, the F.B.I. director, told The Wall Street Journal in an interview published Friday that the ransomware threat was comparable to the challenge of global terrorism in the days after the Sept. 11, 2001 attack.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
The F.B.I., Mr. Wray said, is investigating 100 different software variants that have been used in various ransomware attacks, demonstrating the scale of the problem.
Mr. Wray’s comments came on the heels of the Biden administration warning businesses on Thursday that they needed to take urgent steps to improve their cybersecurity and defend against ransomware attacks. One such attack this week on a meat processor, JBS, forced the shutdown of nine beef plants and disrupted poultry and pork production. Last year, a spate of ransomware attacks on hospitals caused widespread concern.
A ransomware attack on Colonial Pipeline in May ultimately prompted the company to shut down one of the nation’s largest fuel pipelines, creating gasoline shortages across the East Coast. Immediately after that attack, American officials said Colonial’s cyberdefenses were far from adequate and that it had done too little to defend itself.
Ransomware is a form of malicious software that encrypts an organization’s data, rendering it unusable until money is paid to cybercriminals. Colonial Pipeline paid millions of dollars to free its data.
While most ransomware attacks are carried out by criminal networks, some Russian and Chinese groups operate with the implicit blessing of their governments. In return, some criminal groups do work for those country’s spy agencies and take steps to make sure local companies are not affected.
Mr. Wray told The Journal that Russia was harboring some of the most dangerous ransomware groups.
“If the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” Mr. Wray said.
The Biden administration is looking for ways to pressure the Russian government to reign in their cybercriminals. Officials expect President Vladimir V. Putin of Russia to raise the issue of cybersecurity at his upcoming summit with Mr. Biden.
Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, wrote in an open letter to corporations on Thursday that the Biden administration was working with partners “to disrupt and deter” attacks. Ms. Neuberger noted “a recent shift in ransomware attacks — from stealing data to disrupting operations.”
Mr. Wray’s comments built on Ms. Neuberger’s note. In his interview with The Journal, he said the pipeline attack had shown Americans how a cyberattack could impact their daily lives.
“Now realizing it can affect them when they’re buying gas at the pump or buying a hamburger — I think there’s a growing awareness now of just how much we’re all in this fight together,” he told the Journal.
Any company that has waited for the federal government’s warnings is already acting too late, Ofer Israeli, the chief executive of Illusive Networks, a cybersecurity firm, said Friday. But, he added, Mr. Wray’s comments and the efforts by the administration to elevate the priority of responding to ransomware attacks were welcome.
“Though it may be shocking to see things like Colonial Pipeline or JBS in the same conversation as events like 9/11, the two are not entirely dissimilar,” Mr. Israeli said. “As attackers continue chipping away at our nation’s critical infrastructure, significant disruptions are to be expected. Without a clear direction on how to build a more robust defense, those disruptions will become disastrous.”
Last month, the Biden administration put in place an executive order meant as a first step to bolster cybersecurity, and included efforts to create review boards to study cyberattacks and collect lessons learned.
Cybersecurity experts have praised the Biden administration’s steps, but also said that businesses must think more creatively about the kind of defenses they put in place.
“I would argue that cybersecurity has largely tended to focus on cyberdefense, building nice deep and wide moats, building nice, high-end, strong walls and focusing your efforts on trying to stop an adversary from gaining access,” retired Adm. Michael S. Rogers, a former director of the National Security Agency, said in an interview last month.
But Admiral Rogers, who now advises cybersecurity firms, said those kinds of defenses were not enough.
“The second component of cybersecurity is not just cyberdefense, but it’s going to be resilience,” he said. “It’s about this idea about, ‘Hey, so how am I going to continue to operate when an adversary penetrates my network?'”