White House Urges Ongoing Cyber Collaboration, Blames North Korea for WannaCry Attack
Global cyberthreat information sharing is crucial to disrupting attacks like WannaCry (see 1705180032), which White House officials said Tuesday was orchestrated by North Korea but neutralized through close cooperation among governments and stakeholders. “These were careless and reckless attacks that put lives at risk,” said Tom Bossert, assistant to the president for homeland security, to reporters. “We do not make this allegation lightly but we do so with evidence and partners” including the U.K., Australia, New Zealand, Canada and Japan, Bossert said. Commercial partners including Microsoft and Facebook independently traced the attacks to cyber affiliates of North Korea, he said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Publicizing North Korea's role in the cyberattack "is not the last step" the government plans, Bossert said. The U.S. is leading an effort to increase cybersecurity among industry and governments. "We can no longer afford to wait," he said, urging the private sector to "increase its accountability in the cyber realm" and praising actions to take down WannaCry as a model example of defeating threats.
The Department of Homeland Security will lead the global effort, which will rely upon voluntary public-private collaboration, said Jeanette Manfra, DHS assistant secretary-cybersecurity and communication. DHS plans to become the leader in cyber risk analysis, and will move "beyond offering voluntary assistance" to "intervening directly with companies when necessary" to deter threats, Manfra said. The goal is creating a cyber environment where a threat, such as a malicious email, can be used only once before it's blocked from infecting other potential victims, she said. "We make it way too easy for attackers by operating independently," she said. "Our adversaries are not distinguishing between public and private and neither should we." WannaCry infected computer systems in up to 150 countries, Manfra said.
Microsoft worked with Facebook and others in the security community taking “strong steps” last week to protect customers and the internet from “ongoing attacks by an advanced persistent threat actor known to us as ZINC, also known as the Lazarus Group,” blogged Microsoft President Brad Smith. “We concluded that this threat actor was responsible for WannaCry, a destructive attack in May that targeted Microsoft customers.” Besides disrupting the malware the group relied upon, the companies worked to clean customers’ infected computers, disabled accounts being used to pursue cyberattacks, and strengthened Windows defenses to prevent reinfection.
“Facebook has a long-standing commitment to security, and we continue to invest in efforts to protect people from cyberthreats and keep our platform safe,” a spokesman said, affirming collaboration with Microsoft and others in the security community to disrupt ZINC. “Our companies have a history of sharing threat information and working together to protect our users and the web as a whole.” The company notified people who may have been in contact with infected accounts and provided “suggestions to enhance their account security,” as has been past practice in other incidents, he said.
North Korea's role in WannaCry is a "grave reminder that the regime in Pyongyang can threaten innocent people almost anywhere on Earth with more than just ballistic missiles and nuclear weapons," said House Homeland Security Chairman Michael McCaul, R-Texas. He urged the Senate to pass bipartisan HR-3359 to create a stand-alone cyber agency (see 1712110058).
The administration’s naming North Korea in such a public way as the WannaCry perpetrator “is an important and positive development,” said Internet Security Alliance President Larry Clinton. “It highlights the general trend of state sponsorship of attacks on the private sector,” Clinton told us, noting some forensic experts estimate state sponsors are behind as much as 90 percent of attacks they investigate. “The main problem is that we have an inherently insecure system -- designed to be vulnerable and getting more vulnerable all the time -- protecting invaluable data,” he said. Profit from such breaches can be huge, which is why adversarial nation-states will “continually bang away at targets until they get through,” he said.
The administration “hopefully is setting the stage” for a new approach to cyber defense that understands even the most sophisticated private companies are vulnerable, Clinton said. Government “has a far greater responsibility than just sharing information and assisting in defining cyber frameworks or pointing fingers at the corporate victims,” he said, urging a more “aggressive collective response."