The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations, not including Russia or China. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts.
In a pre-event press call on 12 October 2021, a senior administration official said, "In this first round of discussions, we did not invite the Russians to participate for a host of reasons, including various constraints." Russia and China which is also absent from this week's gatherings - have remained a focus of the Biden administration, as the nations are often viewed as aggressors in cyberspace.
On Russia's absence, the senior administration official said, "We are having active discussions with the Russians [through the U.S.-Kremlin Experts Group on ransomware]. But in this particular forum, they were not invited to participate, but that doesn’t preclude future opportunities for them to participate."
The meetings will run for two days, with participation from senior officials and ministers from the following countries or jurisdictions: Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the EU, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the United Arab Emirates and the U.K.
In a public session on 13 October 2021, U.S. national security adviser Jake Sullivan called for additional cooperation and said the summit brings together "like-minded nations" that "recognize the urgency" of countering ransomware, according to NPR.
The Czech Republic's director of the National Office for Cyber and Information Security, Gen. Karel Řehka, said Wednesday that ransomware can no longer be regarded as criminal activity, according to the same NPR report. Andres Sutt, Estonia's minister of entrepreneurship and information technology, called for benchmarks for cybersecurity funding - similar to defense spending commitments to NATO, NPR reports.
Commenting on the gathering, Jake Williams, a former member of the National Security Agency's elite hacking team, tells ISMG: "Biden's choice to not invite Russia and China … sends a clear message that if you don't play nice, you won't get a seat at the table discussing policy. While it opens the door for China and Russia to reject any policies and norms agreed to at the summit, on balance this seems to be the right action."
Williams, the co-founder and CTO of security firm BreachQuest, says a broader question that will certainly be discussed is: At what point does a ransomware attack stop being a law enforcement problem and demand a military response? "[And] ostracizing (Chinese President Xi Jinping and Russian President Vladimir Putin) from this meeting broadcasts to the world that they aren't viewed as legitimate international partners on cybersecurity matters," he says.
The Biden administration official said Tuesday that ransomware payments reached over $400 million globally in 2020 and topped $81 million in the first quarter of 2021, which has "illustrated the financially driven nature of these activities." The official continued: "We've worked with allies and partners to hold nation-states accountable for malicious cyber activity [with] the broadest international support [we've ever had] - in our attributions for Russia and China's malicious cyber activities in the last few months" (see: President Biden Touts Cybersecurity Efforts).
Despite Russia's absence, the senior official said: "I can report that we've had, in the Experts Group, frank and professional exchanges in which we've communicated … expectations [to address ransomware]. We've also shared information with Russia regarding criminal ransomware activity being conducted from its territory. "We've seen some steps by the Russian government and are looking to see follow-up actions," the official continued.
"It's not likely [the omission of Russia and China will] worsen relations [with the] U.S., as we routinely call them out when we have attribution of cyber events with high confidence," adds Mike Hamilton, the former vice chair for the Department of Homeland Security State, Local, Tribal, and Territorial Government Coordinating Council, and currently the CISO of the firm Critical Insight. "The additional message is tacit but being received by the other attendees: Our collective problem is Russian crime and Chinese espionage."
According to Frank Downs, a former offensive analyst for the NSA and currently the director of proactive services for the security firm BlueVoyant, "The Biden administration has shown [here] that it is learning from the ransomware attacks that the U.S. has experienced in the last year by meeting with these countries and illustrating that [these] attacks are a transnational threat and can come from any country in the world."
This week's meetings entail four specific sessions: one on national resilience, led by officials from India; one on countering illicit finance, led by the U.K.; one on law enforcement efforts, led by Australia; and one on diplomacy, led by Germany.
In a fact sheet issued by the White House on the gathering, the administration points to its progress in each area. This includes:
- The Department of Justice established a task force to coordinate and align law enforcement and prosecutorial initiatives.
- The Department of Treasury levied its first-ever sanctions against a Russia-based virtual currency exchange - Suex - which allegedly aided ransomware actors.
- The Department of State's Rewards for Justice program that offers a $10 million reward for information leading to those orchestrating malicious cyber activities at the behest of foreign governments.
- The White House's voluntary Industrial Control System Cybersecurity Initiative led over 150 electricity utilities representing almost 90 million customers to deploy or commit to deploy enhanced cybersecurity technologies.
- The Department of Homeland Security and Department of Justice established "StopRansomware.gov" to assist private and public organizations in mitigating related risks.
- The Transportation Security Administration issued two security directives requiring critical pipeline owners and operators to bolster their cyber defenses.
- Biden met with private sector technology leaders in August to discuss a "whole-of-nation" effort to address cybersecurity - yielding ambitious commitments from Big Tech.
- The U.S. is applying anti-money laundering/countering the financing of terrorism requirements on virtual currency businesses and activities;
- The Treasury Department is leading efforts to implement international standards on financial transparency around virtual assets.
It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. No government can stop these attacks except for the counties that are sponsoring or benefitting from the ransom payments.
The following is what Red Sky Alliance recommends:
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication-company wide.
- For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments