White House: North Korea to Blame for WannaCry Attack - 12/19/17

Kevin Hassett and I were just talking about that. This is just the latest example of North Korea's increasingly hostile cyber attacks on the United States and its allies. For more on this, I'm joined now by Shawn Henry. He's the chief security officer of CrowdStrike, former executive assistant director of the FBI and NBC News contributor. Shawn, good to have you here. Thank you for being with us.

A few years ago, North Korea being a serious cyber threat was almost laughable. Now people are saying that this is possibly one of our greatest threats.

I think that's right, Ali. I think that we've been tracking North Korea since the mid 2000s, and they were engaged in espionage. Half dozen years later, they were engaged in destructive attacks, and more recently we've seen them involved in financial crimes, possibly trying to raise money because of the economic sanctions that we've seen. And they need to continue to fuel their military machine.

North Korea is a very, very capable, sophisticated actor. They've got zero day attacks that they can use to launch, and especially with what we see with ongoing nuclear tension, we can expect to see North Korea engage in these types of activities, going forward. This is an asymmetric threat, and they're using it to attack critical infrastructure.

You make an interesting point. There may not be a political aim to it, which is what we sometimes think about, but the idea is if it's ransomware and you pay ransomware often with Bitcoin or some other cryptocurrency, that's something that can still be used in North Korea that could translate that into US dollars, and they can buy the things that they need. How do you even think about combating that?

Well, we've actually seen them engaged in attacks against banks, theft through HCH transfers, and even, there's been speculation about their involvement in some of these swift attacks, where there have been tens of millions of dollars that have been stolen. I think US authorities, law enforcement, like the FBI, working in close coordination with international partners, monitoring is critically important to help to identify who the actors are and to try and track them down.

But I think the important thing here is that the administration did attribution. And it's important to raise the awareness of the public. It's important also for these regimes to understand and recognize that the US intelligence agencies do have capabilities to identify them, and the administration seems to be able to hold them accountable, Ali.

All right, so we've got to figure out what holding them accountable looks like, particularly when it's a rogue regime that we're dealing with on a bunch of other levels. But Tom Bossert cited Microsoft as an early detector of the WannaCry attacks, and you share the view that private industry may have as big a role to play or at least a very significant role to play in the detection and combating of this kind of cyber attack.

I think that's absolutely right. The government is not able to filter out all of the malicious traffic. Therefore, those pieces of malware land on private sector networks, and the private sector needs to get better at that tempting these attacks by hunting in their environment, looking for anomalous behavior, and trying to mitigate the consequences of the attack through early detection and prevention.

That can be done using technology, using intelligence, and using proactive services, organizations that are being aggressive in advance of an attack to make themselves better and more able to defend against these attacks, Ali.

Shawn, without telling me something that you'd have to kill me after you told me, is there a coordinated effort between places like Homeland Security and the FBI and the CIA and private enterprise in sort of saying hey, who's got the best tools that we can use together on this front?

I think the private sector has been helpful in terms of helping to disable botnets and infrastructure used by criminal organizations. They've also shared indicators of compromise, some of the signatures that have been able to do some of the attribution, and I think that that's important.

At the end of the day, governments have to hold their citizens accountable, those that are launching the attacks, or you've got to hold the government agencies accountable. The US has done that through economic sanctions and diplomatic actions. And I think going forward, these types of attacks are going to require governments to talk to each other very specifically, because the dangers are high, and the risks are significant, Ali.

Shawn, good to talk to you as always. Thanks very much. Shawn Henry is a former executive assistant director of the FBI and Chief Security Officer at CrowdStrike. All right.