UWF Involved In The Fight Against Hackers
An energy distribution system and major meatpackers are two of the higher-profile victims of ransomware attacks – but others either are afoot or on the drawing board.
The White House contends the hacks were aimed at freezing two critical businesses in the U.S. The one on JBS — the world's biggest meat processor — resulted in an $11 million payoff. Hitting Colonial Pipeline, which transports gas to nearly half the East Coast, triggered gas and jet-fuel shortages and panic buying. The firm paid about $4.4 million in ransom.
“I believe with all my heart, it was the right choice to make,” said CEO Joseph Blount, who appeared before a U.S. Senate committee last week. He told them that the hackers were able to get into their system because it lacked a multi-factor authentication protocol.
“I did only have single-factor authentication; it was a complicated password, so I want to be clear on that — it was not a ‘Colonial 1-2-3’ type password,” Blount said.
Two-factor authentication requires a secondary way in – such as a mobile text or hardware token. The hack on Colonial, reported the FBI, was blamed on Dark Side — a Russia-based cybercrime organization. According to the Justice Department, about two million dollars of the Colonial ransom, paid with crypto-currency, had been recovered.
“I believe I was not involved in those conversations with the FBI,” said Blount. “But in discussions with my team, I don’t believe a discussion about the ransom actually took place the first day on May 7, but I do agree that their position is that you don’t encourage the payment of ransom [but] it is a company decision to make.”
Ransomware is a type of malware — malicious software — which encrypts computer files and literally holds them hostage. Ransom is demanded from victims, sometimes in bitcoin, to release the files and make the transaction untraceable. The first line of defense for both individuals and companies is paying attention to the alerts.
“Updating their software, they systems regularly; patching things when those alerts come out, and making sure we’re up to date with those things,” said Eman el-Sheikh, who leads the University of West Florida’s Center for Cybersecurity. “Hackers are looking for vulnerabilities, so the more that we can prevent those openings or those cracks in the system, the better.”
She adds that the potential targets of the bad guys are almost limitless.
“Hospitals, health care facilities, or other critical infrastructure such as water supplies [and] power grids,” said el-Sheikh. “We want to do our part, and to help others do their part to be vigilant and try to avoid this from happening to start with.”
The big challenge, says el-Sheikh, is that any system that’s connected to the Internet, network or stand-alone, is vulnerable because there’s now a gateway to that system. And that includes critical infrastructure such as the nation’s power grid, among others. She says education and training are vital.
“We’re only as good as the humans operating the systems, or the people who put in the passwords, or who the system logged in or use weak passwords,” el-Sheikh said. “So the more we can strengthen our cyber defense through human capital — human talent — the better.”
The ransomware attacks on UWF in 2016 and the city of Pensacola in 2019 said e-Sheikh, provided lessons learned that can be used today. The key, she adds, is following up on any after-incident report and see what needs improvement.
“One of the key things to help avoid being a victim of ransomware is regular backups – so you can restore without having to resort to giving in to the ransom,” el-Sheikh said. “Every organization and individuals should be questioning, ‘Am I backing up my data? Am I backing up my system?’”
Along with in-house education and training, the UWF Cyber Security Center works with both regional and national entities on the front lines – including ten other colleges and universities to offer workforce training for veterans and first responders.
“And our hope is that we lay the groundwork for that program to really be a national platform to quickly ramp up the skills needed to protect our critical infrastructure,” said el-Sheikh. “The solution isn’t always going to get more people into college programs.”
Many college cybersecurity programs are four years in length. Talent is needed now, said el-Sheikh, so their plan is for an intensive, four to six-month training program nationwide.
“That will help take people with IT and cybersecurity experience transitioning from our military or first responders’ service; give them free training via a very generous NSA grant, and get them into those critical infrastructure security jobs,” el-Sheikh said.
The program, which is finishing up its first year, has a goal of 16 hundred people trained by next year. More information is available at uwf.edu/centers/center-for-cybersecurity.