-
(单词翻译:双击或拖选)
British officials say 97 percent of hospitals effectively shut down by a massive cyber attack yesterday are back to normal.
The ransomware disrupted health, transportation and telephone systems across Europe. American companies, including Federal Express, said they were hit, too.
a vulnerability the U.S. National Security Agency once identified and turned into a cyber weapon. Microsoft is offering to make fixes for free.
The cyber attack occurred the day after President Trump3 signed an executive order to review and upgrade cyber protections of government agencies and infrastructure4 like energy grids5.
This will build on efforts started by the Obama administration.
Joining me now from Washington is one of the architects of those defenses: John Carlin, the former assistant attorney general for national security, now with Morrison Foerster.
Thanks for joining us. When you started to see these headlines yesterday, what did you think?
That maybe on a bigger scale, but it's more of the same. Ransomware attacks have been up by over 300 percent according to FBI reporting since 2016 alone.
I tell you, day in, day out, both when I was in government and now in the private sector7, I talked to companies who have been hit by ransomware.
You know, this particular code was something that we had a couple of months' warning on. There was patch out there.
There was news articles about how this code got out into the wild. But it could be a lot worse.
Yes, it could be worse in a couple different ways. Number one, I mean, the good and the bad side is, hey, this was something that was already known.
I think a lot of time, a lot of energy, a lot of print is spent talking about the highest level actors,
nation state actors, but the fact is most of what we're seeing today, taken advantage of by criminal groups, isn't the highest level most sophisticated hack1.
It's exploits like this where the patch was released in March 2017.
But a couple things happened. One, it gets on to people's systems through what's called phishing or spear phishing.
They send you an e-mail and an unwitting user inside the company clicks on the attachment8. That's how the bad stuff gets in. That's how the malware gets in.
Number two, a lot of companies are not patching or updating their systems in ways that could stop known vulnerabilities, like this one.
And number three, assuming that the worst can happen, we need the move both in our private companies and in government towards thinking about resilience.
What happens if the worst happened, have I backed up my information in a way I can get back to doing business?
I also want to pivot9 to the executive order that the Trump administration just signed. Your thoughts on it, given that you've helped craft some of the cyber defense6 policy that exists today.
Look, I thought the executive order is a good step in the right direction.
There are a lot of reports ordered through it, and one thing I do worry about given the scope and scale of the threat we currently face,
as was made quite vividly10 clear with this massive 100-country ransomware attack, I'm worried we're not doing enough, fast enough.
In that report is a call for a study to increase our deterrents11. I think vital to the solution to this problem is going to be deterrents,
figuring out a way to make bad guys — be they're terrorists, nation states or crooks13 — worried about taking action in this space in a way they simply aren't right now.
One of the concerns always has been is how fast government can actually kind of practice what it preaches.
I mean, you guess were very good at giving, you know, clear guidelines for the private sector,
but when you think of the number of computer systems spread out throughout government and how quickly they're able to implement14 some of this, I mean — I don't know how long that's going to take.
I think that's right. It is a concern.
I think one thing that was good about the approach in this executive order was the idea of making the cabinet secretaries responsible for figuring out what the risks are and ranking them on their own systems,
and then making the White House responsible, looking across government to figure out,
hey, what is the type of attack, what's the type of material that causes the highest risk, so we can devote our resources to it.
That's the same approach we're now just seeing private companies employ on their own systems.
Both the government and the private sector need the move faster in that regard, given what the threats are, and start thinking of this like a risk mitigation exercise.
You know, as troubling as this attack, ransomware attack was, one key thing to remember is, this was a crook12.
This was a criminal group trying to make money. What if they use that same technology and it's a terrorist group?
And what they're trying to do is cause people to get harmed and they hit hospital systems?
Then, if you pay 300 bucks15, you don't get your records back? Or what if it's a nation state and they do what they, say, they did with our elections in 2016?
They tried to undermine confidence and the integrity of an election.
And instead of hitting the electoral system, what they do is some type of massive attack like this on a day that people are trying to vote that says,
if you don't stay home and keep clicking this button on your computer, you won't be able to get access to your records?
That's a way of — one attack that was used for one purpose, being leveraged16 to accomplish a different goal. And that's the type of thing we keep seeing happened.
So, whether it's stolen information, it used to be people stole information for the monetary17 value.
Now, they weaponized that stolen information to try to achieve nation state gains. That's what we saw North Korea do with Sony. It's what we've seen Russia do.
So, I think as we look ahead, the problem right now is going to get worse before it gets better,
and it's incumbent18 upon both the executive branch, Congress and the private sector, to put this at the very top of the agenda,
in the way I don't currently think it is right now and say, what can we do to move as quickly as the threat it?
All right. John Carlin, the former assistant attorney general for national security — thanks for joining us. Thank you. undefined
点击
收听单词发音
收听单词发音 |
1
hack
|
|
| n.劈,砍,出租马车;v.劈,砍,干咳 | |
参考例句: |
|
|
|
|
2
hackers
|
|
| n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客” | |
参考例句: |
|
|
|
|
3
trump
|
|
| n.王牌,法宝;v.打出王牌,吹喇叭 | |
参考例句: |
|
|
|
|
4
infrastructure
|
|
| n.下部构造,下部组织,基础结构,基础设施 | |
参考例句: |
|
|
|
|
5
grids
|
|
| n.格子( grid的名词复数 );地图上的坐标方格;(输电线路、天然气管道等的)系统网络;(汽车比赛)赛车起跑线 | |
参考例句: |
|
|
|
|
6
defense
|
|
| n.防御,保卫;[pl.]防务工事;辩护,答辩 | |
参考例句: |
|
|
|
|
7
sector
|
|
| n.部门,部分;防御地段,防区;扇形 | |
参考例句: |
|
|
|
|
8
attachment
|
|
| n.附属物,附件;依恋;依附 | |
参考例句: |
|
|
|
|
9
pivot
|
|
| v.在枢轴上转动;装枢轴,枢轴;adj.枢轴的 | |
参考例句: |
|
|
|
|
10
vividly
|
|
| adv.清楚地,鲜明地,生动地 | |
参考例句: |
|
|
|
|
11
deterrents
|
|
| 制止物( deterrent的名词复数 ) | |
参考例句: |
|
|
|
|
12
crook
|
|
| v.使弯曲;n.小偷,骗子,贼;弯曲(处) | |
参考例句: |
|
|
|
|
13
crooks
|
|
| n.骗子( crook的名词复数 );罪犯;弯曲部分;(牧羊人或主教用的)弯拐杖v.弯成钩形( crook的第三人称单数 ) | |
参考例句: |
|
|
|
|
14
implement
|
|
| n.(pl.)工具,器具;vt.实行,实施,执行 | |
参考例句: |
|
|
|
|
15
bucks
|
|
| n.雄鹿( buck的名词复数 );钱;(英国十九世纪初的)花花公子;(用于某些表达方式)责任v.(马等)猛然弓背跃起( buck的第三人称单数 );抵制;猛然震荡;马等尥起后蹄跳跃 | |
参考例句: |
|
|
|
|
16
leveraged
|
|
| 促使…改变( leverage的过去式和过去分词 ); [美国英语]杠杆式投机,(使)举债经营,(使)利用贷款进行投机 | |
参考例句: |
|
|
|
|
17
monetary
|
|
| adj.货币的,钱的;通货的;金融的;财政的 | |
参考例句: |
|
|
|
|
18
incumbent
|
|
| adj.成为责任的,有义务的;现任的,在职的 | |
参考例句: |
|
|
|
购买
在百度中搜索