Bryan Cunningham, the head of the University of California, Irvine’s Cybersecurity Policy & Research Institute, says recent ransomware attacks show the need for U.S. companies to step up their protections or risk severe damage to their operations.
He spoke after the targeting of Colonial Pipeline and JBS meat packers, and as President Joe Biden was just about to face off against his Russian counterpart, Vladimir Putin.
Ransomware attacks lock or take control of a computer system and demand money to let it resume normal operations.
“I don’t think that these attacks of this level could happen without at least Putin’s knowing and approving them in advance,” Cunningham told the Business Journal on June 14.
Cunningham said he believes Putin may have ordered the attacks to send a message before his meeting with Biden: “We can screw you.”
Ransomware attacks have been “growing massively especially since cryptocurrency became a thing,” making the payments difficult to trace, according to Cunningham, the executive director of the group that goes by the initials CPRI.
The 5-year-old organization brings together academia, businesses, law enforcement and other government agencies and the privacy and civil liberties community in an effort to combat cyber threats.
The institute marks another notable part of Orange County’s diverse cybersecurity ecosystem; several local software companies are working on making the internet a safter place for companies and users, including Netwrix and SecureAuth, both in Irvine, and Cisoshare in San Clemente.
CrowdStrike Holdings Inc. (Nasdaq: CRWD) started here and still has a large presence; the Sunnyvale-based firm counts a value of nearly $57 billion. Irvine’s Cylance sold for about $1.4 billion to Blackberry in 2019 and still counts a base of operations here.
Cybersecurity Malpractice
Cunningham says ransomware attacks are easy to prevent if organizations have a regular automatic backup not connected to the main computer system.
“It’s cybersecurity malpractice to allow yourself to become a victim of a ransomware attack.”
He said the future could be disastrous without greater protective measures, even possibly leading to a “cyber Pearl Harbor” if there is a hit on air traffic control, a power grid, a massive healthcare attack or a major attack on financial services.
Cunningham is looking forward to the return of on-campus activities at UCI in the fall quarter to step up his in-person cybersecurity work. CPRI has 1,700 square feet of workspace allotted to its research and testing in the Interdisciplinary Science and Engineering Building.
“Even during COVID we continued with our series of cyber response exercises,” according to Cunningham.
The in-person exercises are designed to get business leaders ready for a possible ransomware attack.
Simulated Crisis
The on-campus simulated crisis exercises will also include dealing with “fake news,” fake social media posts and contacts with law enforcement.
“We did a virtual one of those even during COVID.”
He wants to hold the drills at least quarterly or even more frequently, and make them completely immersive.
Some companies don’t necessarily want exercises public since it would create a security risk if bad actors know how a company would respond.
The drills and research will also help train university students—all the more critical because of the shortage of cybersecurity experts.
Earlier this month, the Biden administration issued an open letter to companies calling on them to treat the threat of ransomware attacks with greater urgency.
Cunningham on June 3 followed that up with an “Urgent-Action Requested” note to participants at the UCI cybersecurity center.
He wrote that “the single most valuable lesson we have learned/confirmed at CPRI is the benefit and necessity of regular cyber response exercises, such as those CPRI has put on over the last three years.”