Cybercrime is ‘orders of magnitude’ larger than state-backed ops, says ex-White House advisor

INTERVIEW Uncle Sam’s cybersecurity apparatus can’t only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And the Trump administration’s steep cuts to federal government staff are making that a lot harder.

Daniel currently leads the Cyber Threat Alliance, a nonprofit threat-intel-sharing organization. Before he took that role, he served as special assistant to President Obama and cybersecurity coordinator on the National Security Council staff between 2012 and 2017.

He agrees that China poses the single greatest threat we face in cyberspace, surpassing the Russians. But they’re far from the only threat.

“And certainly, a country like the United States with the scope and scale of our national interest, our economic interests, our public health and safety – we’ve got to be able to do the equivalent of walk and chew gum at the same time,” he continued.

“We’ve got to be able to focus on and have capacity for more than one adversary. We cannot take our eyes off, or should not take our eyes off, Russia, Iran, North Korea, or the large number of cyber criminal organizations that are out there,” Daniel told The Register.

“For a manufacturing or retail company somewhere in the United States, by far, your greatest threat is cybercrime, probably in the form of ransomware, but also in the form of business email compromise,” Daniel said.

This varies by sector – tech firms, for example, also face the risk of IP theft from China. But for most US organizations, “cybercrime activities are orders of magnitude larger than anything that the nation states are doing,” he noted.

Fighting all these threats is going to be harder as the Trump administration slashes government spending. “The reductions across the board in the federal government are going to negatively affect cybersecurity, both for the federal government itself and for the nation as a whole,” Daniel said. 

“In particular, the reductions at the Cybersecurity and Infrastructure Security Agency, CISA, will have some negative impacts, but it’s also occurring at the sector-risk management agencies that were already stretched pretty thin in terms of their cyber capabilities to begin with,” he added.

Each of America’s 16 critical infrastructure sectors has its own risk management agency tasked with coordinating between the critical infrastructure owners/operators, Homeland Security, and other relevant federal agencies on managing risk – and incidents, cyber or otherwise, should they occur. 

They fall under CISA’s umbrella, and are being gutted by the Trump administration’s ongoing cost-cutting efforts. We don’t know how many CISA employees have been axed or are facing the chopping block because Homeland Security won’t say. 

We cannot take our eyes off, or should not take our eyes off, Russia, Iran, North Korea, or the large number of cyber criminal organizations that are out there

But we do know that Trump’s proposed spending plan would slash CISA’s budget by $491 million, or about 17 percent.

“I don’t think it’s the right move. I don’t think it’s the right policy decision to reduce our cybersecurity workforce,” Daniel said. “The federal government has always had trouble and will always have trouble recruiting in cybersecurity because of the difference in pay scales, and the demand is only growing.”

If anything, the feds should be boosting infosec budgets and employees, and doing more to help businesses protect themselves from the ever-increasing digital threats, he added.

Daniel says he doesn’t have “hard numbers” on how many federal employees have been fired or taken the government’s buy-out offer, either. “And that is something that, frankly, the executive branch owes the legislative branch as part of the legislative branch’s oversight function,” he opined.

“Just as a practical matter for management: you should know how many people you know you’ve let go,” Daniel added. “Somebody has to know that number. And I don’t see any reason why you shouldn’t be transparent about that.”

Anecdotally, upwards of 20 people have personally reached out to Daniel for career transition advice, he said. 

On the cyber-crime front, he said he worries that the Justice Department and Homeland Security’s realignment and shifting focus to border security, as opposed to network security, will mean less assistance to companies trying to recover from ransomware attacks and other financially motivated breaches.

There are a number of things the federal government should be doing to help these companies protect their networks and their data, Daniel added. “One of them that it really does need to focus on is how to disrupt that cyber-criminal ecosystem,” through efforts including the Biden-era international counter ransomware initiative and other related programs to cut off money to the crooks.

“Those are important efforts to keep going, to increase the pressure on cybercriminals, and to increase the pressure on the countries that harbor them,” Daniel said, naming Russia as “one of the prime countries” that does this, “far more than China, in terms of the number of cyber criminals that it harbors.”

Also on his wish list: increased assistance to state and local governments, along with education and healthcare hit by ransomware infections. 

“If you’re a rural hospital chain, it’s not likely that you can afford a Mandiant or a CrowdStrike,” Daniel said. “You’ve got to turn somewhere to help you recover from an incident, and to build your system better so that you are less likely to have an incident in the future. It’s in the federal government’s interest – and in our society’s interest – to have the federal government have the capacity to help certain aspects of our critical infrastructure fight back against these kinds of activities.” ®

READ MORE HERE