La’Naia Jones, Deputy CIO of the Intelligence Community, said today that the commoditization of hacking capabilities, expansion of IT supply chain exploits, and nation-state use of ransomware have come to the attention of the IC as primary areas of interest in the fight for better cybersecurity.
“These are key areas that we are focusing on and we’re trying to make headway as foundational to the overall cybersecurity and cyber imperative,” she said.
In her first public speaking appearance in the new role and just six weeks into her tenure as Deputy CIO in the Office of the Director of National Intelligence, Jones–speaking at a cybersecurity event hosted by Splunk–keyed in on the increasing complexity of those threats. She said the IC’s observations of the threat environment “has expended across several knowable areas.”
The first area she discussed is the commoditization of hacking capabilities. “It’s not just about the large state actors, if you would, it’s about anyone that wants to be a hacker,” she said.
“When we talk about the commoditization of hacking capability, today’s cyber criminals are buying exploits and services from multiple vendors on the Dark Web and combining them for maximum impact, instead of building their own capabilities,” she said.
Gone are the days when extensive time and resources were put into building exploits. “Now you can go buy a hacking tool on the web for next to nothing,” she added. “It’s a different landscape.”
Jones said that this landscape provides context for the manner in which bad actors are now targeting U.S. organizations. She flagged supply chain exploits as another IC focus, due to the way the exploits are “disrupting the way that we provide data, tools, and information” and “deliver products and commodities.”
The IC is seeing an uptick in supply chain exploits–no surprise to those attuned to the systemic risks arising from companies linked to nation-state actors, which have come under increased scrutiny from the Federal government.
Jones cited the inherent and increased risk of open-source tools, especially since “users do not expect malicious code to be introduced by updates from trusted software vendors.” She highlighted the need for balance between the convenience afforded, and risks associated, in that space.
“Hackers are successfully infecting a wide range of users through official software distribution channels and also obfuscating their intended targets,” she said.
Finally, she discussed the “nation-state link and targeted ransomware” and said the IC is probing the activities of the country’s primary adversaries every day.
“High-profile attacks in 2017 have introduced the possibility that ransomware could be used for geopolitical and even militaristic purposes,” she said. The trend “ebbs and flows,” she said, and described how hacktivist groups are eroding trust between businesses and customers, as well as governments and their constituents.
“These concepts aren’t new, and we realize we live in a world where our cybersecurity posture must be forefront in our priorities,” she said. “And if we don’t, the data and insights that we’ve obtained will be with our adversaries.”