Jeanette Manfra: US to release more info on North Korean Kim regime cyber tools
More details on regime's infrastructure and cyber tools to be made public
The US will release more information on North Korea's cyber tools and infrastructure in the coming months and will continue to fight rogue behaviour from the Kim regime.
The country also remains concerned about potential cyberattacks by that state targeting the US or one of its allies, Jeanette Manfra, US Assistant Secretary for cybersecurity and communications has told the Sunday Independent in an exclusive interview.
"Such incidents raise the potential for significant misunderstandings between the United States and other countries," she said.
Her comments come at a time of growing tensions between US President Donald Trump and the North Korean leader Kim Jong-un and his regime.
Over the past few months a war of words, including threats of nuclear action, between the two leaders intensified against the backdrop of historic differences between the two regions since North Korea was created after WWII.
"Co-operation regarding North Korean cyber infrastructure as well as IT workers and entities support the global efforts to work together to confront destabilising behaviour from North Korea as well as put maximum pressure on the Kim regime," Manfra added.
She admitted that the mission to improve the government network security is challenging, especially at a time when cyberattacks and threats are becoming more frequent and sophisticated from both nation state and non-state actors.
"In the United States, the Department of Homeland Security (DHS), through the National Protection and Programmes Directorate (NPPD), leads the federal government's efforts to secure our nation's critical infrastructure and protect federal civilian networks from malicious cyber activity," she added. However, she also said that in the past few years there has been a steady drumbeat of cybersecurity compromises affecting governments and the private sector.
One of the ways to help combat this is co-operation between the public and private sector.
"In the US, we have found that by bringing together all levels of government, the private sector, international partners, and the public, we are more effective in cultivating a cyber ecosystem that is more secure and resilient," Manfra said.
"This collaborative approach can help governments take action to protect against cybersecurity risks, improve our whole-of-government incident response capabilities and enhance sharing of information on best practices and cyber threats.
"Another useful tool we have found to reduce gaps in security is implementing lessons learned from cyber incidents into our processes and policies," she said.
There are several other ways that Governments can make both private and federal communications more secure and counter threats, she added. Manfra said, for example, the DHS National Cyber Security and Communications Integration Centre is the 24/7 civilian government's hub for cyber security sharing, asset incident response and coordination for both critical infrastructure and the federal government.
She added that as the issue of cybersecurity is an international issue and this in itself brings challenges but there are ways that governments worldwide can help each other.
Insurance giant Lloyd's of London warned earlier this year that a serious cyberattack could cost the worldwide economy over $120bn (€103bn) which would be on a par with catastrophic disasters like Hurricanes Katrina and Sandy.
And late last week the British government said it believed that North Korea was to blame for the cyberattack that crippled the NHS computer systems earlier this year.
UK security minister Ben Wallace told the BBC that Britain "quite strongly" suspected a foreign state was behind the 'WannaCry' ransomware and that its view was that the state in question was North Korea.
But Manfra said there are ways for countries to band together in the fight against cyberattacks by fostering information sharing and operational coordination among national computer security incident response teams (CSIRTS) to help protect critical networks.
"Within the National Cyber Security and Communications Integration Centre, the US-Computer Emergency Readiness Team (US-CERT) is an active leader in regional and global partnerships. We are seeing more and more governments create governmental and national CSIRTS and these CSIRTS are forming regional and global partnerships to expand cooperation," she said.
"While resources and manpower are, in a way, a barrier to effective co-operation. We need to ensure that we are leveraging automated technologies and multilateral organisations as force multipliers to reach a broad of an international audience as possible."
Manfra is the keynote speaker at the Dublin Information Sec cybersecurity conference which takes place on Wednesday, November 1, at Dublin's RDS. Other speakers include Brian Honan, chief executive at BH Consulting; and Bradley C Birkenfeld, banker and whistleblower.
Dublin Information Sec 2017, Ireland's cybersecurity conference, addresses the critically-important issues that threaten businesses in the information age. For more on INM's Dublin InfoSec 2017 conference, go to: independent.ie/infosec2017
Dublin Information Sec 2017, Ireland’s cyber security conference, addresses the critically important issues that threaten businesses in the information age. For more on INM’s Dublin InfoSec 2017 conference, go to: independent.ie/infosec
Sunday Indo Business