NSA leadership discusses critical infrastructure cyber threats

May 09, 2024 - SAN FRANCISCO, Calif. -- At an RSA Conference 2024 session, David Luber, director of cybersecurity at the National Security Agency (NSA), discussed trends across the cyber threat landscape with his predecessor, Rob Joyce.

The session, held on May 8 and entitled "State of the Hack 2024: NSA's Perspectives,” was the third annual discussion of its kind. Ranging from discussions about the Russia-Ukraine conflict to the Chinese hacking ecosystem, the session explored several facets of the cyber threat landscape, including increased attacks against critical infrastructure.

“I think the area of most concern for me is when cyber can turn to physical,” Luber said.

“When the outcome of a cyberattack, especially in critical infrastructure, turns to some sort of physical impact, whether it's in some of the smaller scale activities, water overflowing, but then on amore broad scale, you can just use your imagination on where some of those physical manifestations and impacts can occur.”

Luber stressed his concerns about the repeated targeting of critical infrastructure, especially considering the looming threat of Volt Typhoon, a Chinese nation-state threat group that is known to target critical infrastructure and handily evade detection.

Luber and Joyce shared worries about the future state of cyber threats against critical infrastructure as threat actors become more emboldened.

“At some point, somebody's going to land one of these in a place against critical infrastructure that's going to matter,” Joyce said. “And I don't think they're doing the assessment of really how significant that attack will be, the implications of it. We could see somebody tip the scales by overachieving on one of these attacks without understanding the implications.”

Luber and Joyce also briefly addressed the Change Healthcare cyberattack, a topic that remains top-of-mind for healthcare cybersecurity practitioners and providers today.

“Ransomware continues to be a national security concern. I think it is a wake-up call, and I think everyone can reflect on the Colonial Pipeline incident, where it was the first time that we really looked at ransomware as a national security issue along with the broader cybersecurity topics of the day,” Luber stated.

“But just this year, the focus has been heavily on the Change Healthcare incident. And that particular case had a significant impact to the U.S. economy, to the services for healthcare across our nation and to the American people.”

Joyce described the Change Healthcare cyberattack as a “new data point” in the continued debate about ransomware payments. He also emphasized the importance of building resilient systems so that less organizations have to resort to paying cybercriminals.

While the NSA remains focused on combatting the many cyber threats addressed during the session, Luber and Joyce encouraged security practitioners to continue staying alert and informed, hardening the attack surface, and leveraging industry and government partnerships to further mitigate risk.