The Cybersecurity and Infrastructure Security Agency has already filled nearly half the state coordinator positions it was ordered to create in last year’s defense authorization bill, the agency’s acting director said Monday.
Speaking during an event hosted by Auburn University, Brandon Wales said that CISA has already selected 25 people to be state coordinators — officials who will serve as risk advisers and advocates for federal cyber capabilities to the public and private sectors in their assigned states — and that 20 of them have already started working, with the goal of helping non-federal entities defend against threats like ransomware.
“We are talking to the state and local community every single day,” Wales said. “We are expanding that.”
Wales framed the new coordinators as one more piece in CISA’s broadening fight against ransomware, an effort that also includes an ongoing messaging campaign and technical services, like a malicious domain blocking and reporting service it funds through the Multi-State Information Sharing and Analysis Center. But, he said, ransomware continues to be a worsening problem for all sectors, especially state and local governments, education and hospitals.
“We have not cracked the code,” he said. “The ransomware problem has not gone away and we need new thinking on it.”
Wales cited recent reporting from Palo Alto Networks finding average ransomware payments more than doubled in 2020 and that attackers’ demands are still escalating as tactics like double extortion remain popular.
“Cybercriminals are becoming more savvy,” he said. “They know who has money. The folks who operate inside those critical infrastructure sectors are no longer immune.”
Wales said the anti-ransomware effort has recently emphasized hardening that infrastructure — with more frequent patching and stronger anti-phishing strategies — and increased law enforcement actions. In recent months, global authorities have arrested multiple suspects in connection with ransomware operations.
“This is not a losing battle,” he said. “If you do the basics it’s highly likely the ransomware operator will move on to someone else. They’re looking for the weakest link.
Wales told moderator Frank Cilluffo, a former DHS official and director of Auburn’s McCrary Institute for Cyber and Critical Infrastructure Security, greater coordination between the federal government and state and local agencies remains the best way to root ransomware out of the public sector. But the number of organizations doing that, especially in the education sector, continues to lag.
While the MS-ISAC, which is funded by CISA, now has more than 10,000 members, that roster only includes a few hundred K-12 school districts, Wales said. Public sector organizations, he said, need to “understand what resources are available today,” both directly through CISA and from its partner organizations like the MS-ISAC.
“There is more available to you than what you’re utilizing today,” he said. “Figure out what’s available and how you can gain more no-cost services.”
Wales also reminded the audience that Homeland Security Secretary Alejandro Mayorkas recently increased the amount of the department’s grant money that goes toward state and local cybersecurity by $25 million. Still, Wales said it’ll take more than just increased federal attention to fight ransomware.
“The federal government is an important voice, but it’s only one voice,” he said. “We need governors, state CISOs, private companies. In an age when everything’s connected, when risk is shared, we’re always going to be susceptible to our weakest vendor. The more we can raise that baseline, the stronger we’re going to be.”