The White House’s Counter-Ransomware Initiative event, facilitated by the National Security Council (NSC), concluded two days of public-facing and closed-door sessions. Present were ministers and representatives from more than 30 countries and the European Union.
Interestingly, Russia, the country where cybercriminals apparently enjoy safe harbor from which to launch malware, including ransomware attacks against non-Russian targets, was excluded from the meeting. The White House noted it fully expects Russia to “address ransomware criminal activity coming from actors within Russia” and that the Experts Group has had “frank and professional exchanges” and “We (United States) have shared information with Russia regarding criminal ransomware activity being conducted from its territory.”
That is not to say that Russia isn’t trying to get a seat at the table of global discussion on cybersecurity. Russia is attempting to shape the global discussion and is leading the effort within the United Nations to organize a cybercrime treaty, pushing through a resolution in May 2021 calling for the Ad Hoc Committee to organize six ten-day sessions on the topic to begin in January 2022.
Collaborate to disrupt ransomware
The two-day meeting, which was announced by President Joe Biden within his statement on Cybersecurity Awareness Month, highlighted the importance of “bringing the full strength of our capabilities to disrupt malicious cyber activity.” Of particular note, especially for CISOs, was the purpose of international engagement, designed to accelerate “cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity.”
The four areas of import were identified as:
- Disrupt ransomware infrastructure and actors
- Bolster resilience to withstand ransomware attacks
- Address the abuse of virtual currency to launder ransom payments
- Leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals
The countries worked through six sessions, which began with a plenary (open to the press).
The virtual event concluded with a joint statement from the participating countries. In the statement the “governments recognize the need for urgent action.” It also provided a roadmap for the areas of importance, which CISOs will find heartening, and identified the challenges ahead.
- Resilience: This is more than technology, policy, frameworks, resources, governance, rehearsed incident response, trained and ready workforce, and public-private partnership. The participants are “dedicated to working together and with the private sector to promote improvements in basic cyber hygiene,” and sharing among CERTS.
- Countering illicit finance: This includes actions to “drive down economic incentives for ransomware actors” and “enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and take action against virtual asset exploitation.”
- Disruption and other law enforcement efforts: Degrade and hold accountable criminals and enable timely cooperation among intelligence, law enforcement, cybersecurity, et al working together to disrupt and destabilize criminal operations.
- Diplomacy: Create rules-based behavior to address operations taking place from a nation’s footprint and coordinate action to counter states that take no action to address cybercriminals. Use diplomacy to share approaches to capacity building.
Upon the conclusion of the event, Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger said, “There can be moments of extreme difficulty in our work to improve resiliency and fight cybercrime. It will be important moving forward to recall this moment of partnership and that no one country is ever truly alone in the fight against ransomware.”
While Dr. Ivana Stradner, Jeanne Kirkpatrick visiting research fellow at the American Enterprise Institute noted, “This meeting is a step in the right direction. However, combatting ransomware requires not only strong cyber defense but also forceful offensive cyber capabilities. Only a few EU member states possess offensive capabilities, which might be problematic for the transatlantic cyber partnership.” She also cautioned how this effort, may find itself heading into a collision course with the UN’s effort at creating a cybercrime treaty, especially regarding the “rules of the road”, as the UN effort is being led by Russia.
Simon Hunt, executive vice president for cyber production innovation at MasterCard, sums it up nicely for CISOs: “Don’t forget, ransomware is just another name for malware. All the things you do to protect your company from viruses, etc., protect you from ransomware.”
Copyright © 2021 IDG Communications, Inc.
