tv Wanna Cry Ransomware Attack Briefing CSPAN December 29, 2017 7:25pm-8:02pm EST
>> i would like to talk to you today about a dangerous cyberattack known as t2 that had distributed rendered thousands of computers useless they receive ransom demands to unlock their computers it was a careless and reckless attack affected individuals in industry and government and the consequences were beyond the computers were affected badly in the u.k. with their healthcare system putting lives at risk. united states is publicly attributing to north korea. we do not make this allegation -- allegation might me but we do so with our partners. other governments agree that
united kingdom, canada is the new zealand japan and australia has seen the analysis and join us. commercial partners have acted like microsoft traced it to the north korean government and others have contributed their analysis. the stability of the internet with free and fair trade and accountability and cooperation are the principal of the cybersecurity strategy. north korea is more than a decade this malicious behavior is growing more egregious it is a step to holding them accountable but not the last step it also requires government and businesses to cooperate and increase the cost of hackers to defend america.
president trump has route rallied allies in the free world to increase the security and resilience of the internet cooperation we can no longer afford to wait. with the corporate partners acting on their own initiative last week any direction by the government to disrupt those korean hackers. they attack in ways that spare many targets last week they disrupted the most operations as they were still affecting computers across the globe. they shut down accounts i am extremely proud of the hard and dedicated work for cybersecurity professionals and i'm happy today to have one of the finest.
i will introduce jeanette manfra from dhs and i called today and the president calls today on the private sector to increase accountability in the cyberrealm to take action to deny north korea as a bad actor to launch reckless cyberacts as responsible companies join us along with her leadership team they are in charge literally of coordinating the operations to protect us as a make internet safer we will hold accountable those who harm us or threaten us on behalf of criminal nations or organizations. thank you. >> dhs cybersecurity is a core mission just like preventing
terrorism responding to hurricanes and wildfires it is a shared responsibility between government, industry, and the american people. it began may 12 before mother's day something unusual was happening in the asia-pacific region as the malware went across the globe we received information from europe the national health service was impacted in the u.k. we knew we are dealing with a serious issu issue. by midafternoon all the major internet service providers were on watch board or on the phone sharing information was they were seeing globally. with the department of health and human services reaching out to hospitals. we engaged across the government to make sure our systems were not vulnerable asking assistance from our partners and by 9:00 p.m. that night over 30 companies
representing on-call offering analytical assistance. working closely that night we could issue a technical alert publicly to defeat the malware and we were on alert all weekend in many ways it was a defining moment demonstrated a commitment of our industry partners that showed how the government and private sector got it right under preparation and investments of cybersecurity keeping systems up to date although the t3 attack shows the national -- national capability we cannot be complacent seeing increased activity from the nonstate actors.
that god and the challenge this is why cybersecurity continues to be a strategic risk to the united states. in addition we see some gaps that might consider adequate security for the public's interest. the american people depend on electricity, stable financial system with a modern way of life. these are run by the private sector. in order to ensure the security of these systems function they rely heavily on collaboration. it is entirely voluntary protecting those with strong privacy protections should they participate. to ensure adequate security dhs plans to respond to more
practically becoming the world leader in analysis and urging them to remove them from the system. as we learned from the t3 attack it could have life-threatening consequences. the internet was engineered for trust and openness often times the cost of security or on the open market and the attackers only have to be once defenders have to be right all the time. some say it is impossible we can take small tangible action to make the cyberecosystem safer with the malicious
e-mail that could only be used once with the advantage to the defender by operating independently distinguishing between public and private government and industry must work together now more than ever if we are serious about our collective defense the company cannot single-handedly defend itself to all play a part to prevent another attack like wannacry we are calling on all companies for the defense of our nation and with that defense of the global challenge only to the international partnership did they have time to prepare.
we are taking a greater leadership role with a more interoperable solution with greater opportunities to be accomplished from working together. thank you very much. >> united states was slow to identify north korea as a culprit was there some new evidence the second question is marked -- mark is such an so what will happen now that he has been locked up on unrelated charges? >> there are two questions. number one too slow? no.
the most important thing is to do it right we took a lot of time to look through sensitive information. we relied on other information i cannot share but technical links to previously identified tools in north korea and infrastructure and is part of the accountability we cannot do that wrong. or it would be more the damage to our reputation and the second question i cannot comment on the ongoing criminal prosecution but to some degree we did get lucky. it wasn't luck it was preparation and so forth.
so to have a glitch in the malware it was a kill switch to cause a lot of benefit. we don't think next time we will be so lucky so we look for the increased partnership to share information to prevent patient zero from being patient number 150. >> how do you believe generally the cyberoperations but then also talking about the private sector so that
difficulty is to figure out where those two biggest challenges people operating keyboards all over the world with a north korean actor. so we are comfortable we are directed by the government of north korea. and they carried out those types of attacks. and that routines. how they operate is mysterious. and part of a larger strategy of increased pressure and then to change that behavior.
if they have smart people there to be positive contributors to the world. >> did they outsource the majority? >> i don't think there is an outsourcing distinction everything that happens with and by direction of their leadershi leadership. >> there are two halves to this with that targeted attack records put together so if you report to us we can notify the whole country to be on the lookout. increase sharing in as a move forward to become more sophisticated asking them to look into sharing more technical information to get a
more strategic view to defend hersel herself. >> with the ransom where to raise money do you know how much money they made as a result or what they did with the money? did it find the nuclear program or to the regime? >> it is interesting first we don't know how much they raised but they architected it in a way that smart one would do so they didn't want to get a lot of money so in this case it was like to meant to cause havoc and destruction. >> to have a collective defense. >> at this point as an actor
on the global stage president trump has used every lever versus starving them to change their behavior. it is important to call them out and to let them know with their behavior and to galvanize back to the question previously in this case facebook stopped that execution that is on all like-minded companies supporting north korean hackers operating north korea or elsewhere to call on the other countries that were
affected often they can travel outside of north korea to rely on those with better access to the internet. >> as a follow-up there is different handling but first the elaborate rollout for the cyberactivity and to interfere in the u.s. to call russia out. >> and for what it's worth not only the national emergency to have the sanctions involved.
>> this was the continuation of the national emergency of cyberenabled activities. president trump continued a national emergency pursuant to the economic powers act doing with the national security policy and if not making people comfortable and removing from the federal networks we did so because having a company to report information to the government on a federal network in the spirit of the cooperation corporation with the second it has providers and sellers in retail stores and with north korea at times and china off the internet.
so to be largely unchecked. >> president trump made it very, very clear they could have and should have done more when the opportunity to do so and at this point the cyberissue comes on the heels. and with that pressure campaign without any wavering. >> thanks for doing this. so with the leadership of north korea that isn't necessarily visible from the code itself. can you talk about that? and if it was directly
involved? but that is not the usual north korean old. long -- mo. so tell us about that. >> so to address those in reverse order so with those difficulties of that assertion one of the most troubling attributes it is important to treat this differently. the idea is to discriminate is not the intent of the attacker but the people that they sought to attack.
people in russia, china and they took this very badly. so we are all struggling to keep up with this increasingly reckless behavior and to be demonstrated to hold the entire world through the nuclear missile program but second getting to your second question it is hard to find the smoking gun but with a series of behaviors with a deep and experienced analyst in the intelligence community but also the routine and behaviors so you have to apply some gumshoe work not just analysis.
>> does that make a significant difference? >> i think what david is alluding to the vulnerabilities are almost never designed on purpose when we find vulnerabilities and in this particular case i am proud of that process under this president's leadership with the deputy now cybersecurity coordinator leading the most transparent vulnerability in the world. but at a rate of almost 90% it could be useful tools for own national security benefit but they said they could have the
collective defense of the country to keep those exploits to the totalitarian regimes. so in this case i am proud of the vet program so those vulnerabilities that we do keep for specific purposes using them that are tailored to the perceived threat and are used very carefully and protected in such a way. that has happened in the past but one level deeper when we do use those vulnerabilities for national security sometimes we find evidence of bad behavior. sometimes on a regular basis anymore routine fashion to call targets that are not
subject to a rollout and we believe you have been hacked and need to take immediate action. it works well and it saves us time and money so that processes equity balancing we got it right and i know the united states is head and shoulders above anyone else in the world. >> with the policy with the attack on the u.s. government clearly holding the state of north korea responsible but on digital currency it does seem to be if there is any compensation? >> any crypto currency could be difficult as those are used
for illicit behaviors. but in this particular case our assumption comes from the belief that hackers reported what they did mostly they did not pay. some seemed like they tried to pay but then quickly reported computers were not unlocked so other stopped paying. >> but without that report you wouldn't necessarily have that ability? >> i will reserve judgment on that. i am not sure how we would have tracked the currency. but i will say it isn't about holding a country accountable but we determined who is behind the attack and now we
push forward with cybersecurity we will hold them accountable and shamed them and then we will cooperate and trust each other companies are demonstrating that think the president brings them together in a way it feels they are on their side to improve our security. >> you are saying attacking a company constitutes attacking the government? that is of the policy and you are not moving in that direction? >> that is not the policy back. [inaudible] >> i hope they stop behaving badly online. i am not naïve they will continue to deny and believe they are beyond repercussions and consequences.
but at some point they will realize this president and the allies will cause them to change their behavior and if not the national security interest of the other countries. we are clear on that. >> did he have any doubt? senator graham said there was a 30% chance that they tested another nuclear weapon. >> i have no ability of percentage on those outcomes. doesn't seem productive for me to do so. the president is briefed regularly and that is how we received this information.
>> you talk about sharing information back with the countries so was this one of the 10%? >> there is a case to be made for the tool that we used be cobbled together from different sources but that was exploited was the underlining vulnerability but it predated and preexisted our administration taking power. i don't know what they got or were they got it but they had things cobbled together in a way to cause harm that they did not create themselves that would attribute to their behavior looking at their different parts and how they tied them together they use their tradecraft and reveal their hand.
>> one of the criticisms that came out is the nsa kept a hold of the operating systems and then to stockpile that vulnerability so talk about private industry but how much is the u.s. government? >> not at all. and needs to better protect itself with security measures to prevent that from happening. appreciating now what we hold onto because it is a transparent process that was changed under president trump's tenure something we rolled out people are have criticized us but the aclu
complemented us how well that process was ruled out. >> microsoft today is standing with me on television as a good partner for this country and coming out in this particular case so i think microsoft is a strong partner there is no wedge between them. >> but what i'm trying to get at. >> the reason i thought i answered it already is because of the question earlier what brad was talking about at that time that was extemporaneous to that remark was his belief we were not adequately weighing the different equities in the process holding onto the vulnerabilities we discovered inside the government now he
understands how that process works by the time he made that comment it was not open and transparent. we hold onto about 10% give or take. with the national security exploitation. >> so this cannot happen again so then providing 100%. >> to have the vulnerability to modify a weapon to deploy that recklessly. >> he said it is difficult to track then you are monitoring but what exactly is being monitored? what is the administration's position?
>> we don't have a formal position on the crypto currencies at this point in the way there is hope and promise in presenting some security risk but i track and monitor this very closely because not only advising on a cyberpolicy so we want to make sure the crypto currency is supported in ways we cannot discover but people in the administration are following it from a trade perspective. we don't have any negative or positive you but to monitor closely. it is lucrative. [inaudible conversations]
i will give you a full briefing on puerto rico. the secretary of homeland security is there today. meeting with secretary of housing and urban development that is a major challenge for u us. the gov.'s is doing a great job it has a large issue here with 55% of the population in informal housing. . . . .
trayvon martin. sybrina fulton and tracy martin discussed his son's life and death and their experiences with the judicial system and they're both "rest in power: the enduring life of trayvon martin". they are joined the conversation why washington post national reporter, wesley lowery. the author of they can't kill us all. ferguson, baltimore in the new era in america's racial justice movement. this weekend marks the fifth anniversary of trayvon martin's death. >> thank you guys both again for joining me today to talk about the book that you wrote about the death and life of your son, trayvon martin. i want to start off by first noting that it has been five years. it is almost hard to believe. it feels longer than that and shorter than that. what do you guys, what do you think now five years later as your visit life in these traumatic events that happened to your family five years ago? >> each year when his birthday comes around, which was february 5, sunday. it just