Washington — When the White House convened 30 countries this week to develop a strategy to fight ransomware, one of the biggest contributors to the problem, Russia, was deliberately omitted.
It does not mean that President Biden has frozen the country from the debate. Since the summit meeting between President Vladimir Putin and Mr. Biden in Geneva in June, White House officials have tested Moscow’s willingness to crack down on the ransomware gang that caused the turmoil in the United States last spring. It has closed important gasoline and jet fuel pipelines, crippling major producers of meat. In recent weeks, U.S. officials have begun to inform Russians about certain hackers that the U.S. believes are behind threats to businesses, cities and infrastructure. Officials say the Russians sounded supportive but have not yet been arrested.
There is some evidence that the pressure exerted by Mr. Biden in Geneva has made modest progress. Despite the steady beat of continued demand for ransomware, epic attacks on critical infrastructure have diminished. Nevertheless, when asked how often the United States would face such attacks five years later, General Paul M. Nakasone, Director of the National Security Agency and Commander of the United States Cyber Command, said: .. .. “
Purpose of Biden’s national security adviser, Jake Sullivan, changed the future by calling for participation in the United States, which he calls his allies “an integrated effort to destroy the ransomware ecosystem.” He said he tried. So for two days in a group led by Australia, the United Kingdom, Germany and India, government experts could prevent the group from using anonymous cryptocurrencies to facilitate ransom payments, or a ransomware attack. We sought agreement on how to strengthen our infrastructure to be less vulnerable. Freeze important operations, as we did in May at Colonial Pipeline, a fuel distributor to the northeast.
The conference was convened by Anne Neuberger, a longtime National Security Agency official and now Sullivan’s adjutant for cyber and emerging technologies. Mr. Neuberger is also leading a quiet exchange with Russia, and authorities will not discuss this in detail. She described the conference as a “ransomware countermeasures initiative” focused on “cryptocurrency, resilience, turmoil and diplomacy.”
A diplomat who attended the closing two-day meeting said it reminded him of the “early counterterrorism” when the White House was trying to bring in key players to deny a terrorist group’s space of activity. .. “But in that case, we put the Pakistanis in the room and treated them as if they were part of the solution,” he said. “No one was willing to do that in Russia.”
White House officials said there was little debate on the question of whether to exclude Russia, but publicly said Moscow might be invited to a future meeting. In the first session, the administration said that the tolerance of ransomware groups operating on Russian territory (some suspected of occasionally bidding on Russian intelligence) would poison real people. Discussions on common initiatives that it decided would be better to try to show to Moscow, and that Moscow would do everything possible to thwart the modest steps that the 30 countries could agree on.
Still, even the Biden administration has found the limits of how difficult it is to drive major changes. Although government contractors have mandated cybersecurity standards and government agencies have created a series of “sprints” to strengthen their systems, efforts to crack down on the use of cybercurrencies have been made by major investors and users of those currencies. I ran into some dissenting opinions.
Mr. Neuberger insisted on “knowing customers” rules similar to those governing banks to fight money laundering, but for important crypto investors, anonymity is important for growing markets. I opposed the requirement to disclose the transaction.
Some of the country’s largest companies are fighting parliamentary legislation that requires them to report when attacked. This is a perplexity for companies that can drive away investors and customers. As the Colonial Pipeline did this year, businesses often try to hide the amount of ransom they are paying. (Some of the millions it paid were later recovered.)
“Most violations have not been reported to law enforcement agencies,” recently wrote Lisa O. Monaco, Deputy Prosecutor General, who has dealt with a wide range of cybersecurity issues as a homeland security adviser to former President Barack Obama. “Current reporting gaps hamper the government’s ability to combat all cybercriminal activity, not just the ransomware threat.”
The final communiqué declined to mention mandatory reporting. It called for “enhanced cooperation to curb, track, and prosecute ransomware payment flows in line with national law and regulation.” Cryptocurrency.
Sullivan acknowledged the difference in the opening of the virtual conference, the only public part. “Our government may take a different approach to the tools we believe are the best to counter ransomware,” he said. But he argued that it was unified with the goal of locking corporate data and stopping attacks that could make it impossible for the country to distribute water or keep bridges open.
“This is not a US conference,” Sullivan argued, pointing out how widespread ransomware attacks destroyed critical infrastructure around the world. For example, an attack on Israel’s water distribution system shook US utility executives, and an attack on a petrochemical plant in Saudi Arabia revealed its oil production vulnerabilities.
However, at the meeting, the United States will include the use of civil war-era law (fraudulent claims) to allow whistleblowers to reveal that government contractors do not meet basic cybersecurity standards. , Mentioned some of the latest moves. (The law was enacted in March 1863 to crack down on companies selling defective weapons and supplies to the Union Army.)
“Companies have long opted for silence with the false belief that hiding a breach is less risky than proactively reporting it,” Monaco said last week. “Well, that changes today.”
However, there was no such similar international initiative announced by the end of the conference. Mr Neuberger said the conference was the “beginning” and, importantly, that the United States was building a loose alliance of like-minded nations to launch a ransomware attack. “This is not the last meeting,” she said.