Yesterday I provided testimony to Congress about the CTI League and addressed the allegations that it is somehow part of a government censorship apparatus. Part of that testimony is in our statement linked below.
Ohad, Nate, Chris, and I created the CTI league on the 14th of March 2020 because we knew that we were facing an unprecedented global health crisis. It’s no secret to anyone that works in cybersecurity that global issues lead to global surges in cybersecurity incidents. The threat actors behind these incidents know that they can exploit the fear, uncertainty, and doubt that surges during these times. They weaponize the opportunities it provides and they attack those who are most vulnerable.
We founded the CTI League in order to use our skills to protect the infrastructure and first responders we knew to be fighting to keep us and our families safe. We founded the CTI league because we believe it is every citizen’s duty to do whatever is reasonably possible to support their fellow citizens.
Yet some actions needed to protect against cybersecurity threats are best taken by lawfully authorized government agencies or industry groups with existing connections to victim organizations. Success against sophisticated threats depends on collaboration like these – for example you can imagine the response we got when we, as unknown individuals, called hospitals being targeted by foreign nation states. Our partnerships with agencies such as CISA and with the global law enforcement community was no different from those with the World Health Organisation, The Health-ISAC, countless national Computer Emergency Response Teams (CERT), and many medical NGOs. At no point did this collaboration involve CTI League being told what to do, they were guests in our collective. The scope of their involvement was limited to working on medical sector threats and nothing else.
To help settle this matter, the CTI League is releasing all of its files. While they aren’t very interesting,they show that we are not a shadowy instrument of censorship, that disinformation was only a tiny fraction of the work we did, and most importantly, that we have not and will never endorse censorship. Rather, we are a collective of well-meaning cybersecurity professionals who worked to fight technical issues during a period of great turmoil.
CTI League Github containing our documents including all those leaked by the alleged whistleblowers. Please note we have redacted names. Individuals named in the irresponsible reporting of these false allegations have started receiving death threats. So to reduce harm we took this step. Unredacted versions have been offered to responsible journalists for comparison.
COVID-19-CTI-LEAGUE
8 repositories, 2 followers.
Through the collaboration within the CTI League over the last several years, we saw organizations warned of imminent ransomware attacks, we disrupted hostile nation attacks against critical medical infrastructure, and we worked together to protect ordinary people. People who in many cases were already experiencing some of the most challenging days they have faced. I am proud that we were able to serve our countries this way.
During the House Judiciary hearing on Weaponization of the Federal Government the idea that billion dollar hospitals would need help from a bunch of volunteers was ridiculed. I wish that was the case. Sadly we live in an age where currently the threat actors have the upper hand. A security team has to get everything right, all the time. A threat actor just has to find one opportunity once. It’s an asymmetric battle and the defenders are on the losing side.
Hospitals are amongst our most critical infrastructure, protecting the most vulnerable of the citizens in our society. As evidenced by the huge number of publicly known ransomware incidents affecting healthcare over the past few years (over 1,200 globally, nearly 900 in the US) hospitals, regardless of the size, are exposed, vulnerable, and targeted by bad actors.
Healthcare saves lives. Therefore, lives are lost when that care is delayed, degraded, and denied by cyber attacks.
There is no “Cyber 9-1-1”. During an unprecedented strain on the public health system, the CTI League played a key role in preserving care delivery – and therefore life.
The CTI League has, and will continue to, protect speech protected by the first amendment; and has and will continue to oppose censorship. The documentation we published today shows this, as has been known to those who worked these cases, who gave up nights and weekends to protect others, and even by those who have recently fixated on snippets out of context to further their own agendas.
The conversation about boundaries is an incredibly important one. US Government agencies and law enforcement organizations already have clear guidelines framed by the constitution and established law. The world is evolving rapidly, and if new lines are to be drawn it must be after careful discussion of the goals and the risks. As such It is good that this conversation is happening publicly. However, I am dismayed to see the value and benefit of these discussions destroyed by inflammatory comments and reactionary proposals. It worries me greatly that these comments and proposals are being driven by speculative, poorly researched, intentionally divisive stories meant to further Political and financial agendas .
We absolutely should be looking closely at where the lines should be drawn with regards to any kind of government involvement in our day to day lives. We absolutely should make sure that our rights are not infringed, whether deliberately or through well-meaning ignorance. However, we need to be very careful that while we perform this necessary introspection, we don’t damage the very fabric of what protects us.
I want the government to tell me and my service provider if a hostile nation is attacking my communications accounts and services. I want the government to take steps to prevent malicious entities from abusing our businesses. I worry that if we are not careful, we risk leaving ourselves vulnerable and exposed at a time when we know that hostile actors, both criminal and from foreign nations, seek to cause great harm. It’s clear that we need to carefully draw the lines that everyone should safely operate in. However, it’s just as equally clear that we can’t do this by burning everything down and starting again.
If we take our eye off the threat landscape for even a moment, the most vulnerable in our society will suffer the most. Those organizations with massive vulnerable networks, those organizations that fall below the cybersecurity poverty line, and those organizations that represent our most critical services are under constant attack and are already struggling.
As surprising as it may seem to some, altruists, volunteers, and ordinary citizens make a difference every day in cybersecurity. I look forward to continuing my work in the CTI League and several other similar organizations with my peers to relentlessly pursue the work we do to preserve care delivery for patients and their families.
Marc's Security Ramblings 