The US and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels, according to the official summit communique. NATO members agreed that the organization's Article 5 provision which states that an attack on one member nation is an attack on all could now be applied to cyber threats. But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes. Article 5 has only been invoked once by NATO following Sept. 11, 2001, terrorist attacks on the US.
In endorsing this new cybersecurity defense policy, NATO noted that ransomware attacks and other threats to critical infrastructure in the US and across Europe can cause significant harm to member states and that new actions are needed to address these and other issues.
"Reaffirming NATO's defensive mandate, the alliance is determined to employ the full range of capabilities at all times to actively deter, defend against and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law," the communique states. "We reaffirm that a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis."
The NATO cyber defense policy came as President Biden prepares to meet Russian President Vladimir Putin in Geneva on Wednesday. The two leaders are expected to discuss national security and economic issues, including a series of ransomware and other cyberattacks in the US that appeared to originate in Russia.
"I will tell you this: I’m going to make clear to President Putin that there are areas where we can cooperate, if he chooses," Biden said during a press conference after NATO released its final communique. "And if he chooses not to cooperate and acts in a way that he has in the past, relative to cybersecurity and some other activities, then we will respond. We will respond in kind." Providing Putin with a “No-Hack List” was a juvenile act for the President, All Hacks Against All Industries in the USA should have been the only message delivered by the leader of the free world.
Since coming into office in January 2021, the Biden administration has faced several cyber issues related to Russia. On 15 April 2021, the White House formally accused Russia's Foreign Intelligence Service, or SVR, of carrying out the SolarWinds supply chain attack that led to follow-on attacks on about 100 companies and nine U.S. federal agencies.
In response, the Biden administration issued sanctions against the Russian government as well as individuals and businesses that allegedly assisted in the SolarWinds attack or interfered in the 2020 US elections. Since then, the administration has turned its attention to a series of ransomware attacks that have targeted companies that support large portions of the nation's critical infrastructure. This includes the 7 May 2021 attack on Colonial Pipeline Co., which the FBI says was connected to the cybercriminal organization DarkSide, which is suspected of operating from inside Russia.
On 31 May 2021, JBS - one of the world's largest meat processors, revealed that it had been hit by a ransomware attack. The FBI said it traced the incident to REvil, also known as Sodinokibi a Russian-speaking cyber gang.
In a recent opinion piece printed in The Washington Post, Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and the former CTO of CrowdStrike, and Matthew Rojansky, director of the Wilson Center’s Kennan Institute, wrote that Biden should inform Putin about US capabilities for countering these types of attacks, pointing to the FBI recovering $2.3 million of the $4.4 ransom paid by Colonial Pipeline Co.
"After the Colonial attack, American officials announced that they were able to access the hackers’ digital wallet and recover most of the ransom. Biden administration officials have said there are 'parallels' between cybercrime and terrorism, and that 'all options are on the table to deal with the threat," Alperovitch and Rojansky wrote.
The Biden administration is also pushing other countries to do more to fight back against cyberattacks. The Group of Seven, aka G-7, leaders announced an agreement to counter ransomware attacks that calls for greater cooperation between governments and businesses. The agreement also demands that Russia do more to curb the criminal activity within its borders, according to the White House.
"The international community both governments and private sector actors - must work together to ensure that critical infrastructure is resilient against this threat, that malicious cyber activity is investigated and prosecuted, that we bolster our collective cyber defenses, and that states address the criminal activity taking place within their borders," the Biden administration notes in a statement.
While Biden and US allies were laying the groundwork for the Putin summit, the Russian president was busy laying out his own agenda. Putin indicated he would consider handing over Russian cybercriminals to the United States if the US does the same for Moscow. "If we agree to extradite criminals, then, of course, Russia will do that, we will do that, but only if the other side, in this case, the United States, agrees to the same and will extradite the criminals in question to the Russian Federation," Putin said, according to Reuters. A major question would remain, what will define Putin’s definition of a “Criminal” for the USA or Russia?
Asked about Putin’s comment that Moscow would be willing to hand over cybercriminals to the United States if Washington reciprocates, Biden described it as “potentially a good sign of progress," USA Today reports. But national security adviser Jake Sullivan subsequently clarified that Biden was not saying he is going to exchange such criminals with Russia, saying, "This is not about exchanges or swaps, or anything like that," and that "cybercriminals will be held accountable in America because they already are."
Red Sky Alliance is in New Boston, NH, USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org.
Interested in a RedXray subscription to see what we can do for you? Sign up here: https://www.wapacklabs.com/RedXray
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941