
首頁 500強 活動 榜單 商業 科技 領導力 專題 品牌中心


Wally Adeyemo



今年5月,科洛尼爾管道運輸公司遭到黑客勒索軟件的攻擊,導致其燃油價格和供應受到嚴重影響。圖片來源:LOGAN CYRUS - GETTY IMAGES


20世紀70年代,由于經歷了長達數月的石油禁運,輸氣管道變成美國生活中非常普遍的特征,而2012年美國東北部地區“油荒”的罪魁禍首則是颶風桑迪(Hurricane Sandy)。不過此前這類事件均因為地緣政治僵局和歷史性自然災害而引發,今年夏天的燃油短缺則是因為勒索軟件攻擊。當時,黑客劫持了科洛尼爾管道運輸公司(Colonial Pipeline)的數據和網絡,迫使該公司支付贖金。盡管此后加油站排起的長隊只是短期現象,但隨之而來的價格和供應問題讓人們清醒地意識到,網絡攻擊對經濟造成的風險巨大,并且呈現出不斷擴大的趨勢。


美國政府已經將該戰略的要素付諸行動。今年5月,美國總統喬·拜登簽署了一項行政命令,消除了共享網絡事件相關信息的障礙,加強了聯邦政府的網絡安全,并改善了軟件供應鏈的安全性。聯邦政府正在就該問題與其他國家積極接觸。各項努力中包括通過G7網絡專家組(G7 Cyber Expert Group)和其他國際論壇解決網絡攻擊造成的全球風險,也意味著對縱容惡意網絡活動的國家采取堅定立場。正如今年早些時候拜登總統提到的:將采取“任何必要行動”,避免經濟和基礎設施遭受襲擊。

這就是為何在9月下旬,美國財政部(Treasury Department)宣布采取新行動,打擊利用勒索軟件攻擊企業的網絡犯罪。首先,美國財政部對虛擬貨幣交易所Suex實施制裁,因為Suex為至少8種勒索軟件變體的非法收益提供便利。Suex的交易所對犯罪分子從勒索軟件攻擊中賺取利潤至關重要。被制裁后,Suex無法與美國公司和個人開展業務,也無法加入全球經濟交流中心的美國金融體系。這一行動充分顯示,美國決意揭露并破壞網絡攻擊中使用的非法基礎設施。



私營領域里的多家公司已經宣稱將遵守承諾。最近的一項旅行者風險指數(Travelers Risk Index)調查中提到,網絡風險是各種規模公司最關心的問題。相關擔心也在推動行動。今年8月在拜登總統牽頭的一場會議上,亞馬遜(Amazon)、蘋果(Apple)、谷歌(Google)、IBM和微軟(Microsoft)等幾家科技公司承諾在供應鏈安全方面發揮領導作用,投資網絡安全培訓,提供先進的安全解決方案,運營中進一步整合網絡安全。







20世紀70年代,由于經歷了長達數月的石油禁運,輸氣管道變成美國生活中非常普遍的特征,而2012年美國東北部地區“油荒”的罪魁禍首則是颶風桑迪(Hurricane Sandy)。不過此前這類事件均因為地緣政治僵局和歷史性自然災害而引發,今年夏天的燃油短缺則是因為勒索軟件攻擊。當時,黑客劫持了科洛尼爾管道運輸公司(Colonial Pipeline)的數據和網絡,迫使該公司支付贖金。盡管此后加油站排起的長隊只是短期現象,但隨之而來的價格和供應問題讓人們清醒地意識到,網絡攻擊對經濟造成的風險巨大,并且呈現出不斷擴大的趨勢。


美國政府已經將該戰略的要素付諸行動。今年5月,美國總統喬·拜登簽署了一項行政命令,消除了共享網絡事件相關信息的障礙,加強了聯邦政府的網絡安全,并改善了軟件供應鏈的安全性。聯邦政府正在就該問題與其他國家積極接觸。各項努力中包括通過G7網絡專家組(G7 Cyber Expert Group)和其他國際論壇解決網絡攻擊造成的全球風險,也意味著對縱容惡意網絡活動的國家采取堅定立場。正如今年早些時候拜登總統提到的:將采取“任何必要行動”,避免經濟和基礎設施遭受襲擊。

這就是為何在9月下旬,美國財政部(Treasury Department)宣布采取新行動,打擊利用勒索軟件攻擊企業的網絡犯罪。首先,美國財政部對虛擬貨幣交易所Suex實施制裁,因為Suex為至少8種勒索軟件變體的非法收益提供便利。Suex的交易所對犯罪分子從勒索軟件攻擊中賺取利潤至關重要。被制裁后,Suex無法與美國公司和個人開展業務,也無法加入全球經濟交流中心的美國金融體系。這一行動充分顯示,美國決意揭露并破壞網絡攻擊中使用的非法基礎設施。



私營領域里的多家公司已經宣稱將遵守承諾。最近的一項旅行者風險指數(Travelers Risk Index)調查中提到,網絡風險是各種規模公司最關心的問題。相關擔心也在推動行動。今年8月在拜登總統牽頭的一場會議上,亞馬遜(Amazon)、蘋果(Apple)、谷歌(Google)、IBM和微軟(Microsoft)等幾家科技公司承諾在供應鏈安全方面發揮領導作用,投資網絡安全培訓,提供先進的安全解決方案,運營中進一步整合網絡安全。






The sight of anxious drivers forming long lines at gas stations, hoping to fuel up before supplies run out, is a sure signal of economic distress.

In the 1970s, a months-long oil embargo made gas lines an all-too-common feature of American life, while in 2012 shortages hit the Northeast following Hurricane Sandy. But those events were the result of a geopolitical standoff and a historic natural disaster. This past summer’s gas shortages were caused by a ransomware attack—an attack in which criminal hackers take a target’s data and network hostage until the victim makes a ransom payment—on Colonial Pipeline. Though the resulting lines at gas stations were short-lived, the ensuing price and supply issues were a stark reminder of the significant and growing risk that cyberattacks pose to our economy.

In 2020, the amount paid in ransomware cryptocurrency payments reached over $400 million, more than four times the level in 2019, and just a fraction of the economic harm caused by all cyberattacks. Cybercriminals and ransomware actors are increasingly exploiting technological innovations that offer secure, anonymous payments for nefarious and criminal purposes. Stopping them requires a novel and concerted strategy, one that combines the resources of the public and private sectors. This is the only way to protect our economy and national security from the risk created by cybercrime and ransomware attacks.

The U.S. government is already putting elements of this strategy into action. In May, President Biden signed an executive order that removes barriers to sharing information related to cyber incidents, enhances the federal government’s cybersecurity, and improves software supply-chain security. The federal government is actively engaging with our foreign counterparts on this issue. This includes addressing the global risks that cyberattacks pose through the G7 Cyber Expert Group and other international forums. It also means taking a firm stance with countries that turn a blind eye to malicious cyber activity. As the President said earlier this year, we will take “any necessary action” to defend our economy and infrastructure from these attacks.

That is why, in late September, the Treasury Department announced new actions to combat cybercriminals that use ransomware to take companies hostage. First, we are imposing sanctions on Suex, a virtual currency exchange that has facilitated transactions involving illicit proceeds for at least eight ransomware variants. Exchanges like Suex are critical to criminals’ ability to extract profits from ransomware attacks. As a result of yesterday’s designation, Suex will be unable to conduct business with American companies and individuals or access the U.S. financial system that sits at the center of global economic exchange. This action is a signal of our intention to expose and disrupt the illicit infrastructure used in these attacks.

Second, the Treasury is updating our 2020 ransomware guidance to further support and protect ransomware victims that share information with law enforcement. This new guidance reflects our view that we can best protect our economy when government and industry collaborate and share all relevant information to deter and—where necessary—remediate cyberattacks.

We also know that when it comes to cybersecurity, our best offense is a good defense. In the United States, much of our critical infrastructure—like utility companies, pipelines, rail lines, and hospitals—are owned by private companies. These firms and others need to take decisive action to bolster their cyber defenses and prevent attacks from happening in the first place. This means meeting the highest standards for cybersecurity and holding third-party service providers, with access to their networks and data, to the same high standards.

Many in the private sector have demonstrated that they share this commitment. A recent Travelers Risk Index survey cited cyber risk as a top concern across companies of all sizes. These concerns are already driving action. During a meeting led by President Biden in August, several technology companies including Amazon, Apple, Google, IBM, and Microsoft committed to lead improvements in supply-chain security, invest in cybersecurity training, deliver advanced security solutions, and further integrate cybersecurity throughout their operations.

Finally, the potential for economic damage posed by cyberattacks must be understood as a risk to our financial system. Financial firms like banks and insurance providers need to integrate cyber risk into their decision-making. These firms must hold their clients, policyholders, and counterparties accountable for taking prudent steps to implement cybersecurity standards.

We do not expect the private sector to solve the problem of cyberattacks and ransomware on its own. Our economy works best when the public and private sectors work together to solve our greatest challenges. Through close collaboration, the sharing of critical information, and the development of cooperative solutions, we can safeguard our economy and promote secure economic growth.

Wally Adeyemo is deputy secretary of the U.S. Treasury.



請打開財富Plus APP


            主站蜘蛛池模板: 泸州市| 宜州市| 方城县| 策勒县| 东至县| 敖汉旗| 连南| 南京市| 乐东| 南投市| 寿宁县| 横峰县| 南部县| 巴彦淖尔市| 两当县| 溧阳市| 驻马店市| 同江市| 竹山县| 开远市| 志丹县| 吴桥县| 成安县| 法库县| 凉城县| 河东区| 同江市| 治县。| 宝坻区| 南投市| 新兴县| 天门市| 新巴尔虎左旗| 衡南县| 乐亭县| 绥芬河市| 扬州市| 泰顺县| 陆河县| 抚宁县| 仁布县|