GRI Current Events Blog
Trump Signs Cyber Executive Order while Massive Ransomware Attack Hits Europe
GRI Research Assistant
On May 11, President Trump signed an executive order aimed at improving cybersecurity within the Federal Government. It was initially scheduled to be signed January 31, but was postponed for unknown reasons. The order includes a significant change from previous drafts of the executive order: a requirement to migrate the government’s cyberdefense to the cloud, where possible. Trump’s homeland security advisor, Tom Bossert, contended this would help centralize defense, saying “If we don’t move to shared services, we have 190 agencies all trying to develop their own defenses against advanced collection efforts.” The possible danger of centralizing defense was dismissed, while data breaches and the Internet of Things were not addressed.
Other changes include making the director of each federal agency directly responsible for their respective cybersecurity measures, ordering reports looking at the U.S.’s cyber strengths and weaknesses, as well as the future of training in cybersecurity. The order stipulated that officials must use the National Institute of Standards and Technology (NIST) cyber framework, advocated for building America’s deterrence ability, and encouraged working to develop international cyber norms. Officials, including a former Obama cybersecurity advisor and Senator John McCain (R-AZ), criticized the order as amounting to a ‘plan for a plan’ rather than a directive for actual action and change.
Shortly after this, on May 12 England’s National Health Service (NHS) was hit with a ransomware attack. As a result, several hospitals and hospital trusts have shut down their systems, and postponing all ‘non-urgent activity’, which has caused several second order effects where patients or local care facilities could not contact hospitals. The attack has impacted at least 16 different organizations within the NHS in England. The malware causes a prompt to appear on affected computer screens, asking users to enter $300 in bitcoin in order to unlock their computers, with no way of bypassing the screen. According to the NHS, the attack did not target them specifically but is affecting organizations in many different industries.
Many believe the same virus infected Spain’s Telefonica, the country’s biggest telecommunications company and targeted power and utility companies. So far the attack has affected 74 countries and 57,000 systems according to Russian company Kaspersky Lab ZAO, highlighting the vulnerabilities of interconnected systems that cross borders. The group allegedly behind the attack, which calls itself the Shadow Brokers, has been leaking stolen NSA hacking tools. One of those tools was used to exploit a weakness in Microsoft’s operating systems on computers which had not been updated with the latest security patches. This attack has been the latest in a growing number of ransomware attacks, targeting hospitals, police, and utilities, both in the United States and Europe.
Sources and Further Reading:
Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool – The New York Times
Major Cyberattack Sweeps Globe, Causing Disruption – The Wall Street Journal
May. 24, 2017