With a major election looming, US government authorities were already gearing up for an unusual 2020 long before the COVID-19 pandemic hit – but amidst a flood of increasingly aggressive and organised cybercrime, the head of the US’ peak cybersecurity body has said cyber defenders’ remit has rapidly changed as the agency works to protect the fast-tracked coronavirus vaccine program.

Over the past six months, Cybersecurity & Infrastructure Security Agency (CISA) director Chris Krebs told an online audience in opening the agency’s Cybersummit 2020, agency staff have been actively engaging with government peers, private-sector partners and even ethical hackers to navigate the rapidly-shifting cybersecurity threat.

This approach, rather than trying to single-handedly run broad cybersecurity programs on its own, has helped the agency rapidly establish its role as a facilitator of cybersecurity response since it was formed by presidential decree in November 2018.

Its ongoing threat-intelligence effort – the agency monitors around 3m endpoints for malware, gets nearly 100 new malware submissions and collects around 7.2TB of “incredibly rich” data per day, Krebs said – has helped the agency “extract insights” at a scale that has helped it and its partners keep on top of the surge in COVID-19 related cybercrime.

“We’re the nation’s risk advisor,” he explained. “My job is to ensure that you have the information you need to be safe and successful in managing your risk.”

Securing the virus response

Yet even as the fast-tracked coronavirus vaccine program ramped up early this year – carrying the moniker Operation Warp Speed – it quickly became clear that the operation’s integrity would depend on proactively identifying and fixing potential cyber weaknesses in the complex web of government and private-sector organisations involved in virus research and production.

The Operation Warp Speed supply chain was riddled with potential vectors for outside interference, said Josh Corman, an ethical hacker who was seconded to CISA in July as a visiting researcher tasked to help protect a vaccine effort where, he said, “even a month’s delay translates into 5 million of our loved ones [infected].”

“In this exercise with such high consequences, as we are over-dependent on undependable things potentially affecting public safety,” Corman said, “and to prevent delays to the Operation Warp Speed mission we are now more dependent than ever on you and what you will do about it.”

Protecting the rapidly-evolving and multifaceted vaccine response will require cybersecurity defenders to “think outside the box, get very creative and use a whole of community approach,” he said, citing the importance of uniting the public sector, private sector, hacker community, volunteer groups like the CTI League, and “any and all willing allies”.

Corman knows first-hand about the power of uniting grassroots hacker communities to fight a common enemy: as founder of IAmTheCavalry.org seven years ago, he has long worked with like-minded hackers to identify and mitigate threats against life-saving technology.

That effort grew out of concerns that “our dependence on connected technology is growing faster than our ability to secure it,” he said in opening the CISA conference.

“I was deeply concerned that with a failure rate approaching 100 per cent, that all of us have lost intellectual property or trade secrets [and] many federal agencies have been compromised successfully by foreign adversaries and those who wish to do us harm.”

This had proven particularly true during the COVID-19 pandemic, CISA associate director for vulnerability management Boyden Rohner explained, noting that “all crises present unique opportunities for malicious actors to capitalise on people’s fears and COVID-19 is no different.”

“As a nation we went into the pandemic with inconsistent cyber hygiene practices and limited security awareness training,” she explained, noting that pandemic-related voice-based attacks, state actor-driven information-warfare campaigns, fake domains and myriad other attacks had “challenged us to give new types of risk advice because few were prepared for the all-remote lifestyle that the pandemic has required.”

“Attackers began to take advantage of that remote-working lifestyle nearly as quickly as we adopted it,” she added, noting that CISA and its network of partners had already taken down some 7,000 fraudulent domains and reduced the volume of COVID-19 related spam campaigns.