



According to officials and experts involved in the debate, the National Security Council is researching ways to thwart debilitating attacks on critical infrastructure entities, and the government calls to respond quickly and mitigate them. We have been considering the authorities that can.

NSC deliberations are further motivated, as well as how to enhance corporate cybersecurity (an important issue given that most of the country’s critical infrastructure is controlled by the private sector). Also focuses on how to stop the cycle of that orbit. Prohibit companies from paying ransom.

As the White House approaches the end of its review, the pace of higher-level meetings on the subject at NSC has increased in recent weeks, sources said.

Megan Stifel, Co-Chair of the Ransomware Task Force and Founder of Silicon Harbor Consultants, said:

National Security Council officials put the April report of the Ransomware Task Force, written by dozens of cybersecurity experts, an important road in thinking about a government-wide approach to dealing with ransomware. It’s used as a map, people familiar with the deliberations said. The report should require the government to report ransom payments by organizations and should be formally designated as a national security threat so that ransomware can be prioritized by intelligence agencies. It provides nearly 50 recommendations for dealing with attacks, such as.

The Senate Intelligence Committee has repeatedly discussed with the Biden administration about ransomware and strategies to combat it, the commission’s aide said.

White House spokesman Jen Psaki said on Tuesday in the Department of State’s Justice Department following a recent massive attack on U.S. software company Kaseya that affected an estimated 800 to 1,500 companies in the U.S. and around the world last weekend. Announced “Major Leaders”. Homeland Security and other intelligence members will meet with President Joe Biden on Wednesday to discuss ransom and “our overall strategic effort to counter it.”

Biden feels “good” about US ability to respond to attacks

Biden told reporters that he felt “good” about the US’s ability to respond to ransomware attacks after receiving updates from the national security team on Tuesday morning.

Another meeting on the issue will be held next week between US and Russian officials, Saki said. Many of the most prolific ransomware attackers are believed to be based in Russia, including a group known as REvil, believed to have attacked both Kaseya and the meat supplier JBS, Biden. Confronted Russian President Vladimir Putin during the Summit in Geneva. last month.

Experts point out that ransomware is not a US-specific issue, and the government has been working to facilitate more coordination with its allies in the fight against attacks. Stifel, Global Policy Officer of the Global Cyber ​​Alliance, a non-profit organization, simultaneously considers strategies for the United States, United Kingdom, Canada, Australia and New Zealand’s Five Eyes countries with information sharing partnerships to combat ransomware attacks. I said that I am doing it. You may release them at about the same time to send strong global messages. One of the key factors that governments and professionals are promoting with foreign partners is to encourage cryptocurrency exchanges operating outside the United States to warn the government of suspicious transactions. This allows authorities to better track and potentially block payments.

But in the meantime, the attacks are progressing rapidly. In less than six months, the Biden administration had to tackle serious economic hits, such as attacks on JBS and the colonial pipeline of a major gas company. Both of these companies paid millions of dollars to a criminal who appeared to be based in Russia, who took the system hostage. In both cases, the US government did not know about the payment until a later date.

Following colonial hacks, the Transportation Security Administration has mandated U.S. pipeline operators to strengthen cyber defenses, and JBS is implementing cybersecurity programs to address these types of issues. “. However, recent large-scale ransomware attacks on IT supplier Kaseya show that strengthening corporate defenses can only protect a supply chain if it suffers from a single point of failure. An executive at a cyber insurance company who advised the White House on this issue said.

According to people familiar with the debate, national security officials are beginning to think about ransomware attacks in terms of counter-terrorism tactics and how the US government has long dealt with hostage offenders. Some experts with whom the NSC consulted on this issue believe that the best way to prevent such attacks is to refuse to negotiate or pay with malicious attackers. Therefore, one option being discussed is to ban payments altogether. The sanctions list can make illegal payments or penalize companies that make payments in other ways.

Some people think that banning payments is counterproductive.

However, others believe that an immediate total ban on payments is counterproductive as it further sacrifices the target. Targets may have no choice but to pay the ransom immediately to minimize disruption to employees and customers. The Ransomware Task Force report didn’t go as far as recommending a complete ban on payments, but the organization reported ransom payments and “considered alternatives before making payments.” Suggested to request.

Michael Daniel, President and Chief Executive Officer of the Cyber ​​Threat Alliance, who co-chaired the Ransomware Task Force, said: “If you want to set it as a policy goal, you need to set the procedure first and need more information.”

Daniel develops a viable strategy for the government to block payments without a better idea of ​​how many ransomware victims are and what percentage of them pay the attackers. Said it would be difficult. “We want to encourage more information sharing with the government before imposing a total ban of any kind,” he said.

The long-standing question was whether and how to force a company to disclose it to the government or law enforcement authorities when it was attacked and paid the ransom. Daniel said requesting such a report in itself could discourage companies from making payments. However, such reporting requirements may have to be enacted through law.

“It’s ridiculous that we don’t have a reporting bill yet,” said Christopher Painter, a former State Department coordinator of cyber issues under President Barack Obama. “The Task Force couldn’t conclude about banning ransomware payments, but at least encouraged people to report their payments. The White House can do a few things about it. You can, but in the end you have to pass the law. “

Senate Intelligence Committee Chairman Mark Warner (D-Va.) Last month released a draft of such a reporting bill called the Cyber ​​Incident Notification Act of 2021. The Department of Homeland Security has incorporated protection features to prevent reputational and legal damage, including exempting such reports from FOIA within 24 hours of the attack and preventing them from being used as evidence in civil or criminal proceedings. I’m out.

“The bottom line is that ransomware has changed from the perceived economic disruptions of 2013 and 2014 to national security threats and public health and security threats,” said Daniel. “It’s no longer just a secondary cybercrime issue, it’s an issue that requires a government-wide approach, so it’s good for the government to come up with a ransomware-focused strategy and knock on it. This problem is back. ”

