The Summer of Ransomware:
Insights from National Security on Cyber Resilience 

This is a companion blog to the “The SafeHouse” podcast dated November 21,2024, with host Jeff Edwards, Co-Chair of the SafeHouse Initiative and his guest Iranga Kahangama, the Assistant Secretary for Cyber, Infrastructure, Risk and Resilience at the U.S. Department of Homeland Security.  Listen to the original podcast here: https://safehouseinitiative.org/the-summer-of-ransomware/ 

In the realm of cybersecurity, the term “The Summer of Ransomware” has emerged to describe a significant period marked by a series of alarming ransomware attacks that occurred during the summer of 2021. To understand the implications and lessons learned from this critical time, we spoke with Iranga Kahangama, Assistant Secretary for Cyber, Infrastructure, Risk and Resilience at the U.S. Department of Homeland Security (DHS). 

Background of Our Guest 

Iranga Kahangama has a rich background in public service, beginning his career with the FBI as a policy analyst focused on cybersecurity technology and internet governance. His journey took him to the National Security Council’s cyber division, where he coordinated responses to major cyber incidents. Now at DHS, he focuses on proactive defense strategies against cyber threats. 

The Context of the Summer of Ransomware 

The summer of 2021 was a pivotal moment for cybersecurity in the U.S. It followed notable cyber incidents, including the SolarWinds hack and attacks on Microsoft servers. Kahangama emphasizes the urgency of addressing ransomware as a national security issue rather than merely a law enforcement matter. “Ransomware was treated as something happening in pockets of the country, not as a broad national security concern,” he states. 

Key Incidents During the Summer 

Several high-profile ransomware attacks defined this period: 

• Colonial Pipeline: In May 2021, a ransomware attack on Colonial Pipeline led to significant public panic, with long lines at gas stations as people scrambled for fuel. This incident highlighted the vulnerabilities in critical infrastructure. 

• JBS Foods: Shortly after, JBS Foods, a major meat supplier, suffered a ransomware attack that disrupted meat production during a peak grilling season. Kahangama remarks, “The nation’s biggest beef producers were unable to deliver products, causing significant strain.” 

• CA Software: Another significant attack targeted CA Software, which is integral to various IT services, underscoring the widespread impact of ransomware on the economy. 

Government Responses and Policy Changes 

In response to these attacks, several key actions were taken: 

• The signing of a cybersecurity executive order by President Biden, which aimed to enhance the security of federal systems and improve cooperation between the public and private sectors. 

• The establishment of the Cyber Safety Review Board (CSRB), a public-private partnership that examines cyber incidents to derive lessons learned and recommendations for improving the overall security ecosystem. 

Kahangama emphasizes, “It’s this EO that creates the CSRB… to look at incidents not for punitive reasons but to figure out lessons learned.” This collaborative approach is crucial for building a resilient cyber defense framework. 

The Role of Small and Medium Businesses 

One of the most critical takeaways from this discussion is the vital role that small and medium-sized businesses play in national security. Kahangama notes, “You may be a lynchpin in a broader supply chain that could have really detrimental impacts.” Ransomware actors frequently target these businesses because they often lack the robust defenses that larger organizations might have. 

He encourages these businesses to engage with government resources, stating, “The earlier the better… we want to be engaged.” Local representatives from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI can provide valuable support before incidents occur. 

Engagement with Government Resources 

For SMBs looking to enhance their cybersecurity, Kahangama recommends engaging with local representatives from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. “The earlier you can establish a relationship, the better prepared you will be in the event of an incident,” he advises. 

Basic Cybersecurity Measures 

To mitigate risks, Kahangama emphasizes the need for businesses to focus on basic cybersecurity practices. “Double down on the basics,” he advises. Key recommendations include: 

• Multi-factor Authentication: Implementing MFA significantly reduces the risk of unauthorized access. 

• Regular Password Changes: Use complex passwords and change them regularly. 

• Software Updates: Stay up-to-date on patches and updates to protect against known vulnerabilities. 

Conclusion 

• The summer of 2021 was a wake-up call for the nation regarding the realities of ransomware attacks and the critical need for a resilient cybersecurity framework. As Kahangama highlights, “You are most likely an integral node in society.” It’s essential for businesses of all sizes to recognize their role in the cybersecurity landscape and take proactive measures to protect themselves and the broader community. 

• In the face of evolving cyber threats, collaboration between government and the private sector is more important than ever. By understanding the risks and implementing basic cybersecurity practices, businesses can significantly enhance their resilience against ransomware attacks. 

For more information and resources, feel free to visit the SafeHouse Initiative website: https://safehouseinitiative.org/or reach out to your local CISA and FBI representatives.