3rd Party Risk Management , Critical Infrastructure Security , Cybercrime
US Convenes Global Ransomware Summit Without Russia
China, Russia Both Absent from 30-Nation Gathering on the Threat of RansomwareThe White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts.
See Also: Gartner Guide for Digital Forensics and Incident Response
Noticeably absent from the summit: Russia.
In a pre-event press call Tuesday, a senior administration official said, "In this first round of discussions, we did not invite the Russians to participate for a host of reasons, including various constraints."
Russia and China - which is also absent from this week's gatherings - have remained a focus of the Biden administration, as the nations are often viewed as aggressors in cyberspace.
On Russia's absence, the senior administration official said, "We are having active discussions with the Russians [through the U.S.-Kremlin Experts Group on ransomware]. But in this particular forum, they were not invited to participate, but that doesn’t preclude future opportunities for them to participate."
The meetings will run from Wednesday to Thursday, with participation from senior officials and ministers from the following countries or jurisdictions: Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the EU, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the United Arab Emirates and the U.K.
In a public session to kick off the summit on Wednesday, U.S. national security adviser Jake Sullivan called for additional cooperation and said the summit brings together "like-minded nations" that "recognize the urgency" of countering ransomware, according to NPR.
The Czech Republic's director of the National Office for Cyber and Information Security, Gen. Karel Řehka, said Wednesday that ransomware can no longer be regarded as criminal activity, according to the same NPR report.
And Andres Sutt, Estonia's minister of entrepreneurship and information technology, called for benchmarks for cybersecurity funding - similar to defense spending commitments to NATO, NPR reports.
Sending a 'Clear Message'
Commenting on the gathering, Jake Williams, a former member of the National Security Agency's elite hacking team, tells ISMG: "Biden's choice to not invite Russia and China … sends a clear message that if you don't play nice, you won't get a seat at the table discussing policy. While it opens the door for China and Russia to reject any policies and norms agreed to at the summit, on balance this seems to be the right action."
Williams, the co-founder and CTO of security firm BreachQuest, says a broader question that will certainly be discussed is: At what point does a ransomware attack stop being a law enforcement problem and demand a military response?
"[And] ostracizing (Chinese President Xi Jinping and Russian President Vladimir Putin) from this meeting broadcasts to the world that they aren't viewed as legitimate international partners on cybersecurity matters," he says.
The Biden administration official said Tuesday that ransomware payments reached over $400 million globally in 2020 and topped $81 million in the first quarter of 2021, which has "illustrated the financially driven nature of these activities."
The official continued: "We've worked with allies and partners to hold nation-states accountable for malicious cyber activity [with] the broadest international support [we've ever had] - in our attributions for Russia and China's malicious cyber activities in the last few months" (see: President Biden Touts Cybersecurity Efforts).
U.S.-Russia Relations
Despite Russia's absence, the senior official said: "I can report that we've had, in the Experts Group, frank and professional exchanges in which we've communicated … expectations [to address ransomware]. We've also shared information with Russia regarding criminal ransomware activity being conducted from its territory.
"We've seen some steps by the Russian government and are looking to see follow-up actions," the official continued.
"It's not likely [the omission of Russia and China will] worsen relations [with the] U.S., as we routinely call them out when we have attribution of cyber events with high confidence," adds Mike Hamilton, the former vice chair for the Department of Homeland Security State, Local, Tribal, and Territorial Government Coordinating Council, and currently the CISO of the firm Critical Insight. "The additional message is tacit but being received by the other attendees: Our collective problem is Russian crime and Chinese espionage."
And according to Frank Downs, a former offensive analyst for the NSA and currently the director of proactive services for the security firm BlueVoyant, "The Biden administration has shown [here] that it is learning from the ransomware attacks that the U.S. has experienced in the last year by meeting with these countries and illustrating that [these] attacks are a transnational threat and can come from any country in the world."
Executive Efforts to Date
This week's meetings entail four specific sessions: one on national resilience, led by officials from India; one on countering illicit finance, led by the U.K.; one on law enforcement efforts, led by Australia; and one on diplomacy, led by Germany.
In a fact sheet issued by the White House on the gathering, the administration points to its progress in each area. This includes:
- The Department of Justice established a task force to coordinate and align law enforcement and prosecutorial initiatives;
- The Department of Treasury levied its first-ever sanctions against a Russia-based virtual currency exchange - Suex - which allegedly aided ransomware actors;
- The Department of State's Rewards for Justice program offers a $10 million reward for information leading to those orchestrating malicious cyber activities at the behest of foreign governments;
- The White House's voluntary Industrial Control System Cybersecurity Initiative led over 150 electricity utilities representing almost 90 million customers to deploy or commit to deploy enhanced cybersecurity technologies;
- The Department of Homeland Security and Department of Justice established "StopRansomware.gov" to assist private and public organizations in mitigating related risks;
- The Transportation Security Administration issued two security directives requiring critical pipeline owners and operators to bolster their cyber defenses;
- Biden met with private sector technology leaders in August to discuss a "whole-of-nation" effort to address cybersecurity - yielding ambitious commitments from Big Tech;
- The U.S. is applying anti-money laundering/countering the financing of terrorism requirements on virtual currency businesses and activities;
- The Treasury Department is leading efforts to implement international standards on financial transparency around virtual assets.