Former CISA chief says Biden order on cybersecurity is "dramatic game change"
Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, praised the Biden administration for taking action to address cybersecurity threats. Krebs spoke with CBS News chief Washington correspondent Major Garrett for this week's episode of "The Takeout" podcast.
President Biden signed an executive order Wednesday aimed at hardening the federal government's cybersecurity defenses by directing the Commerce Department to author new standards for software vendors supplying the federal government. Krebs called the action a "dramatic game change" that showed Mr. Biden's "committed leadership vision" to prioritize cybersecurity concerns.
Highlights from this week's episode:
- Christopher Krebs on Biden's executive order: "It dramatically increases security expectations of the software products that are sold to the federal government."
- Presidential and congressional action on cybersecurity: "You need both."
- Ransomware attacks: "Ransomware is a really, really profitable business these days."
- Need for companies to take action to secure their software: "Everybody can do better. The threats are so diverse right now."
"It dramatically increases security expectations of the software products that are sold to the federal government," Krebs said, explaining that this would have a "cascading effect" for products sold to ordinary American customers.
Krebs praised Mr. Biden for "jettisoning the traditional approach" to addressing cybersecurity, but said that Congress needed to act to shore up the nation's cyber infrastructure as well. Krebs has previously called on Mr. Biden to incorporate this into his $2.3 trillion infrastructure proposal.
"You need both," Krebs said, meaning presidential and congressional action.
Krebs also responded to the ransomware attack on Colonial Pipeline, after the company announced Wednesday that it has begun restarting pipeline operations after a cyberattack forced the company to take some of its systems offline last Friday.
"Ransomware is a really, really profitable business these days," Krebs remarked.
The company, which operates a major energy pipeline, first announced the hack a week ago, also soon disclosed that "this incident involves ransomware." Several sources told CBS News on Thursday that Colonial Pipeline did pay a ransom to the hackers who had infiltrated its computer network. The money was paid shortly after the computer systems started locking up late last week.
The FBI said Monday that the attack was the work of a criminal gang known as DarkSide, an operation which Krebs said was composed mainly of Russian individuals, many in their teens or early twenties. Colonial Pipeline said an outside security firm is investigating the incident.
Krebs said that DarkSide not only holds data for ransom, but exfiltrates it as well, calling the operation "fifth-dimension chess here from a criminal perspective."
Mr. Biden said Thursday that there's no evidence that the Russian government was involved in the ransomware attack on Colonial Pipeline, although U.S. intelligence suggests the hackers live in Russia. Krebs said that he had "a hard time seeing how it would be possible" for DarkSide to operate without Russian domestic intelligence having knowledge of their actions.
"There are prior examples of ransomware crews coordinating and collaborating with Russian intelligence," Krebs said.
The decision to take the company's systems offline led to long lines in some states this week, as gas prices in some areas hit a nearly seven-year high, and gas stations in several states were plagued by long lines and many ran out of gasoline. The 5,500-mile pipeline supplies about 45% of the East Coast's fuel.
Krebs also discussed the SolarWinds hack last year, an intrusion that initially gave cyber criminals access to 18,000 government and private computer networks, though a much smaller number were the actual targets of espionage. The National Security Agency, FBI and CISA have formally attributed the attack to Russia, saying the country's Foreign Intelligence Service, or SVR, directed the intrusions. The Biden administration recently issued sanctions on Russia in part in response to the SolarWinds intrusion.
Krebs, whose cybersecurity consultant firm is working with SolarWinds, said that "there are plenty of lessons learned that everyone can take" from the intrusion.
"Everybody can do better. The threats are so diverse right now," Krebs said. He added that there were many businesses that needed to improve their "corporate citizenship" by upping their cybersecurity practices.
Krebs was fired by former President Trump in November after he continued to debunk the president's false claims that the election was stolen from him.
For more of Major's conversation with Krebs, download "The Takeout" podcast on Art19, iTunes, Spotify, Google Podcasts, and Stitcher. New episodes are available every Friday morning. Also, you can watch "The Takeout" on CBSN Friday at 5pm, 9pm, and 12am ET and Saturday at 1pm, 9pm, and 12am ET. For a full archive of "The Takeout" episodes, visit www.takeoutpodcast.com. And you can listen to "The Takeout" on select CBS News Radio affiliates (check your local listings).
Producers: Arden Farhi, Jamie Benson, Jacob Rosen, Sara Cook and Eleanor Watson
CBSN Production: Eric Soussanin, Julia Boccagno and Grace Segers
Show email: TakeoutPodcast@cbsnews.com
Twitter: @TakeoutPodcast
Instagram: @TakeoutPodcast
Facebook: Facebook.com/TakeoutPodcast