This is part one of a two-part series. Read part one here.
"Are You Ready for AI Agents?"
In the second segment of a media’s virtual interview, Chris Krebs—former director of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and now Chief Public Policy Officer at SentinelOne—stresses the urgent need for organizations to enhance their cyber and physical security infrastructure. He discusses the rising trend of supply chain attacks, particularly in healthcare and manufacturing, and articulates how generative AI can bolster human-centric security efforts.
Interview Highlights:
a media: How should national security strategies evolve concerning cyber and physical security, especially regarding infrastructure? The recent 2024 Annual Threat Assessment from the U.S. Intelligence Community indicates that Russia excels in attacking infrastructure.
Krebs: We assist multiple clients in the control systems and manufacturing sectors by evaluating the current threat landscape. Historically, Russia's military intelligence team, GRU, has demonstrated significant capabilities, notably with incidents like the 2015-2016 Ukrainian grid attack. Their tactics have matured since then, showcasing an alarming progression in sophistication.
By analyzing their trajectory, I encourage my team to anticipate where they might be headed in the future, enabling us to reduce potential vulnerabilities. Our mission at SentinelOne—“Securing tomorrow”—echoes the need to think strategically rather than reactively. Focusing solely on today's threats limits our ability to address future challenges.
a media: How are Chinese entities targeting infrastructure?
Krebs: Interestingly, China's approach to infrastructure targeting has shifted from intellectual property theft to a more serious pre-positioning strategy within U.S. critical infrastructure. This aligns not only with their military objectives, particularly regarding Taiwan, but also raises concerns about civilian infrastructure being vulnerable to attacks lacking direct military ties.
This tactic reflects a broader strategy where the implications of cyber-physical systems attacks extend beyond mere technical damage to psychological impacts. Executives must now consider how their organizations could be implicated in geopolitical conflicts or critical events like the 2024 U.S. elections, transcending the traditional focus on cyber risks alone.
Take Change Healthcare, for example. They grasp the significance of their role and need to evaluate the potential repercussions of being targeted. Many companies are still overly focused on short-term performance, underestimating long-term impacts.
VB: Do you believe that bad actors are exploiting weak supply chains, especially in healthcare, to extract larger ransom payments?
Krebs: Yes, healthcare organizations are particularly vulnerable due to a combination of outdated technology and intense pressure to pay ransoms during crises. Similar vulnerabilities are evident in manufacturing, where operational downtime directly affects profitability. The industry is witnessing a trend towards targeting entities with extensive legacy systems and poor security practices, capitalizing on their urgency to recover operations.
Ransomware defenses are improving, with advancements in detection, mitigation, and recovery. While the average ransom paid may rise, the frequency of payouts related to encryption has likely declined, although payouts for data extortion remain significant.
VB: What role does generative AI play in enhancing human-centric security?
Krebs: Overall, generative AI has been somewhat overhyped. Reports indicate that while adversaries can utilize AI for social engineering, target research, and task automation, we’re a step ahead in defense. At SentinelOne, we’re leveraging generative AI for proactive security measures with our upcoming Purple A.I., aimed at simplifying threat hunting.
This allows security professionals to adopt more accessible tools, such as querying for evidence of specific compromises without needing intricate technical knowledge. The goal is to remove barriers, making advanced threat detection more approachable for everyone.