While the impact of the COVID-19 pandemic has left a flurry of cybersecurity risks in its wake targeting healthcare and other sectors, the Cybersecurity and Infrastructure Security Agency (CISA) has scarcely missed a beat in carrying out its mission to protect the U.S. from cyber threats.
“The mission hasn’t stopped. All of the reasons that CISA existed and many of our departments and agencies existed is still ongoing and yet we’ve had to operate in ways that were certainly not what we would have chosen,” CISA’s Assistant Director for Cybersecurity Bryan Ware said during CrowdStrike’s Cybersecurity Conference today. “And you know I think that I’ve been really pleased with our ability to perform under those conditions.”
Despite the massive turn to telework at government agencies and in the private sector during the pandemic – and the accompanying assault of cyber attacks from actors looking to take advantage of the situation – Ware said that CISA has continued on pace with other missions, including effort to secure the national elections in November.
He said the “risk picture” for CISA has shown up strongly in four categories: phishing exploit increases; ransomware attacks on healthcare systems; espionage against pharmaceutical companies and laboratories; and risks involved with shift to telework.
Those threats, Ware said, aren’t too dissimilar from those before the pandemic, but since the pandemic began COVID-19 has turned into a common denominator for certain cyber actors. Going forward, Ware said that he thinks it will take discovery and deployment of a vaccine before “normalcy” resumes.
“It’s going to take a vaccine before everything can return to some sense of a new normal and getting that vaccine has of course been, you know, a critical role for the U.S. government, our allied nations, and industry as well,” Ware said. Protecting supply chains involved in vaccine development and production from cyber threats will be key in speeding up that process, he said.