The Department of Homeland Security is building momentum on its plans to get ahead of an escalating ransomware threat, and getting started on 60-day sprint focused on ramping up its cyber workforce to get ahead of these threats.
DHS Secretary Alejandro Mayorkas said Wednesday marked day one of its workforce sprint, the second of six sprints the agency has planned.
“We intend to execute the most significant hiring initiative that the Department of Homeland Security has undertaken in its history,” Mayorkas said speaking at a U.S. Chamber of Commerce event on ransomware.
The sprint, he added, will rethink recruiting with a focus on improving diversity, equity and inclusion, will also look at developing future generations of cyber professionals.
“We’re going to be recruiting talent that is already developed. We’re going to be helping develop the talent that is just about to bloom, and we’re going to be investing in the seeds to grow the talent of the future,” Mayorkas said.
DHS plans to hire 200 cyber personnel by July 1 under its workforce sprint. According to an agency press release, the Cybersecurity and Infrastructure Security Agency will extend 100 conditional job offers to prospective hires, other DHS components will make the remaining 100 hires.
“As a result, this hiring effort is projected to be among the largest cyber hiring actions in DHS history,” the press release states.
DHS, meanwhile, has already made some headway with its sprint on ransomware. Last week Mayorkas announced the agency has put together a task force with members from CISA, the Coast Guard and Immigration and Customs Enforcement.
Mayorkas said the agency started with its ransomware sprint first, given the “gravity of the threat,” which has only grown in recent years.
“The losses from ransomware are staggering, and the pace at which those losses are being realized are equally staggering.” Mayorkas said.
While ransomware poses a threat to agencies and industries of all sizes, Mayorkas said small businesses are particularly vulnerable and serve as the target for at least half of all ransomware attacks in the U.S.
Victims of ransomware attacks paid more than $350 million to malicious actors last year, and Mayorkas said the rate of ransomware has more than tripled over the same period of time.
DHS, he added, is “uniquely positioned” to help small business mitigate the damage caused by ransomware
“We stand at the ready to provide education, to provide vital information, to assist you in navigating through what you perceive to be a threat — to perhaps assist you in building the defenses, should a ransomware attack seek to exploit your vulnerabilities. And, of course, to guide you in plugging those vulnerabilities in the first place,” Mayorkas said.
Eric Goldstein, CISA’s executive assistant director for cybersecurity, said ransomware attacks often look nothing like more sophisticated breaches, led by savvier operators, who exploit previously unknown vulnerabilities.
“We usually see these criminal gangs just looking for targets of opportunity where they say, ‘Here is a vulnerable device that’s sitting on the internet. Here is an internet-exposed server that’s using woefully outdated software,’ and then using that or sending phishing emails,” Goldstein said.
Goldstein said it’s hard for the federal cybersecurity community to gauge the full breadth of the problem, because many organizations either pay the ransom without contacting law enforcement and are “simply suffering through it.”
”Entities who are impacted by ransomware are victims, and the U.S. government — whether you call the Secret Service, federal law enforcement or CISA — you’ll be treated as a victim who needs assistance and help getting back on your feet,” he said.
Future of CISA: ‘In the field’ against ransomware
Former CISA Director Chris Krebs told members of the House Homeland Security Committee that DHS’ ransomware sprint and a ransomware-focused initiative recently launched by the Justice Department are a step in the right direction. He also said there are indications the White House is considering a “more strategic approach” on ransomware.
“This is frankly one of my biggest frustrations over the last four years. We needed a strategic approach to countering ransomware, given the fact that there are a multitude of agencies that have an authority, a lever or some sort of influence they have over the problem set,” Krebs said.
CISA already serves as a cyber adviser to state and local governments, but Krebs said the agency could go a step further, administering an in-house grant program to modernize legacy IT stems or working with FEMA to expand its existing state grant program.
These digital infrastructure investments would give state chief information officers the resources to buy cyber tools, but also get off legacy systems that have higher maintenance costs and pose a greater cyber risk.
“The future of CISA is in the field,” Krebs said, noting that the agency is sending out cyber coordinators to every state capitol.
CISA, he added, could also expand the scope of its shared services portfolio. The agency already offers its Continuous Diagnostics and Mitigation program to federal agencies and is on track to build a hardened cloud environment for the federal government.
“Get some economies of scale, get centrally monitored and logged, those are the sorts of game-changing technologies that I think can really help manage security better,” Krebs said.