Homeland Security Advisor Tom Bossert penned an op-ed Monday publicly attributing the attack, which took out systems around the world, to North Korea.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- The White House has officially blamed North Korea for the WannaCry ransomware cryptoworm that claimed hundreds of thousands of victims in 2017.
- Homeland Security Advisor Tom Bossert has called for more accountability for such attacks, while asking leaders to work to improve cyberdefenses.
The White House has officially attributed the WannaCry ransomware attack to hackers in North Korea, according to an op-ed by Homeland Security Advisor Tom Bossert published in the Wall Street Journal on Monday.
The WannaCry cryptoworm hit hard in May 2017, claiming hundreds of thousands of victims and paralyzing the UK's National Health Service (NHS). The damage extended to the NHS "put lives at risk," Bossert wrote.
In tracing the attack back to "cyber affiliates of the North Korean government," Bossert's op-ed is further highlighting the growing risk of cyberwarfare around the globe.
In his article, Bossert claims that the US government has specific evidence that implicates North Korea in the WannaCry attack. He also noted that both the UK government and private companies like Microsoft have also connected the attack to North Korea.
The increasingly connected world is ripe for attacks from hackers, and is creating new challenges for security professionals. North Korea has been taking advantage of these vulnerabilities for "more than a decade" and the nation's behavior continues to grow more reckless, Bossert wrote.
To stop such malicious behaviors from fully manifesting, Bossert said that governments must work together to hold the attackers accountable. He also said he believes that the US government should lead the effort forward, allying itself with tech companies and like-minded governments to boost security online.
Bossert went on to explain that the recent government IT modernization effort put in place by US president Donald Trump was done in part to improve security.
SEE: Network security policy (Tech Pro Research)
"We share almost all the vulnerabilities we find with developers, allowing them to create patches," Bossert wrote. "Even the American Civil Liberties Union praised him for that. He has asked that we improve our efforts to share intrusion evidence with hacking targets, from individual Americans to big businesses."
As part of imposing stricter penalties on cyberattackers, Bossert suggests prison time for convicted hackers and the governments behind them to "pay the price" for their actions. Bossert also called out the removal of Kaspersky Lab software from all government systems, sanctions imposed on Russian hackers, and charges brought against Iranian hackers that had gone after companies in the US as punishments the White House had doled out for cyberattacks.
Now, he wrote, it's time for the US to set its sights on North Korea as well.
"Mr. Trump has already pulled many levers of pressure to address North Korea's unacceptable nuclear and missile developments," Bossert wrote, "and we will continue to use our maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."
- FBI arrests cyber expert who stopped WannaCry outbreak (CBS News)
- WannaCry ransomware: Now the US says North Korea was to blame (ZDNet)
- US blames North Korea for WannaCry cyberattack (CNET)
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)
- Ransomware attack: The clean-up continues after WannaCry chaos (ZDNet)
- WannaCry: The smart person's guide (TechRepublic)