Former Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs sounded an ominous warning to hackers and would-be cybercriminals during his keynote at Check Point’s virtual event Tuesday. As ransomware groups focused their attacks on hospitals and health care during the COVID-19 pandemic, CISA, working with law enforcement and intelligence agencies, channeled Liam Neeson’s character in the movie “Taken” with an effort they also called Project Taken.

“We wanted to make sure that all partners were communicating very clearly to the threat actors out there that we took protection of our health care facilities and our health care response to COVID very, very seriously,” Krebs said. “And if they came after and disrupted our ability to respond to COVID, we would not take that kindly, and we would come after them using our very particular set of skills.”

This coordinated, and largely successful, response to protecting health care organizations from hackers illustrates the importance of threat modeling, Krebs said. “How constantly evaluating both your internal and your external conditions can put you in a position to be more effective in your response to any sort of threat,” he explained.

CISA also used extensive threat modeling to protect voting infrastructure leading up to the 2020 U.S. presidential election. “We spent three and a half years in advance of the 2020 election, from a cyber security perspective, thinking through dozens and dozens and dozens of scenarios where a capable and determined cyber actor could disrupt the election,” Krebs said. “We had a wealth of understanding, a wealth of planning behind us that we then flipped around and deconstructed to help inform our defensive strategies to help inform the investment practices of state election officials. That threat modeling piece is what I firmly believe transformed our ability as an agency and as a nation around a discrete risk management activity to dramatically improve our defensive posture.”

This approach worked out well for the election, which, by all accounts, was one of the most secure in U.S. history. It didn’t, however, workout for Krebs, who former President Donald Trump fired after Krebs disputed Trump’s false claims about election fraud. Or maybe it did. Shortly after, Krebs and former Facebook chief security officer Alex Stamos founded a cybersecurity consulting firm, called Krebs Stamos Group, and landed a very high-profile client: SolarWinds. The software company hired KSG to help it recover from a massive breach during which suspected Russian hackers used SolarWinds’ software update to compromise at least 9 federal agencies and 100 private companies.

Sidebar: a couple hours after Krebs gave his keynote on Tuesday, SolarWinds CEO Sudhakar Ramakrishna was set to testify before the Senate Intelligence Committee about how his company handled the breach.

And while Krebs didn’t mention the SolarWinds breach by name, he did discuss lessons learned from the “recent supply chain compromise,” aka SolarWinds. “If the recent supply chain compromise teaches us anything, it is that there are a set of very critical, systemically important enterprise software and services that we don’t fully understand how they fit into the economy, how they fit into enterprises writ large,” he said.

Organizations need visibility across and better understanding of how these software and services fit into enterprise IT systems, and “we need to bring everyone together into meaningful operational partnerships,” Krebs added. “This is far, far beyond simple information sharing of indicators of compromise, or that you saw a suspicious IP address. This is much more advanced and more about understanding where our adversaries are going.”

In the run-up to the 2020 election, CISA turned to its counterparts in Europe for intelligence about nation-state targets and what types of networks these groups were looking to attack, Krebs said, adding that CISOs can use these lessons to better protect their organizations’ security landscape.

“It’s that sort of targeting preference that is critically important that we can bring back to inform how you, if you’re a chief information security officer, need to inform the investment of that last dollar that you might have available,” he said. “Where, in your software development lifecycle, do you need to harden? In your build process, what additional security should you implement?”

Krebs also echoed recommendations from the Cyberspace Solarium Commission that call on the Biden administration to improve existing government cybersecurity efforts by strengthening partnerships with the private sector and creating an integrated cybersecurity center to defend against future attacks.

“No one organization is going to be able to stand alone and defend themselves against an increasing onslaught of malicious cyber activity,” Krebs said. “These sorts of operational partnerships where organizations can come together and share risk information can coordinate on joint collaborative defensive operations, that’s going to be the key to success going forward.”