WASHINGTON — When the White House this week convened 30 countries to devise strategies to combat ransomware, one country was deliberately left out: Russia, the biggest source of the problem.
It is not that President Biden is taking the country out of the discussion. Since then Mr. Biden’s Summit With President Vladimir V. Putin in Geneva in June, White House officials are testing Moscow’s will to crack down on the ransomware gangs that ravaged the United States last spring, Shutting down a critical gasoline and jet fuel pipeline And a major producer of meat. In recent weeks, US officials said they have begun providing intelligence to Russians about specific hackers the United States believes are behind threats to companies, cities and infrastructure. . Officials say the Russians have cooperated, but have yet to make arrests.
There is some evidence that the pressure exerted by Mr. Biden in Geneva has made modest progress: spectacular attacks on critical infrastructure have subsided, although the demand for ransomware continues to rise. Still, when asked how often he thought the United States would face such attacks five years from now, General Paul M. Nakasone, director of the National Security Agency and commander of the United States Cyber Command, said, “everyday .”
purpose of The meeting, Mr Biden’s national security adviser, Jake Sullivan, said, was to try to change that future by involving allies to join the United States in what he called “an integrated effort to disrupt the ransomware ecosystem”. . So for two days, government experts in groups led by Australia, Britain, Germany and India sought to agree on how they could prevent groups from using anonymous cryptocurrencies that facilitate ransom payments. , or hardens the infrastructure thereby reducing the chances of a ransomware attack. Will halt critical operations, as was done in May with Colonial Pipeline, a fuel distributor in the Northeast.
The conference was organized by longtime National Security Agency official Anne Neuberger, who is now Mr. Sullivan’s deputy for cyber and emerging technologies. Ms Neuberger has also led quiet exchanges with Russia, which officials will not discuss in detail. He described the meeting as a “counter-ransomware initiative” that will focus on “cryptocurrency, resilience, disruption and diplomacy.”
A foreign diplomat who attended the two-day closed meeting said it reminded them of the “early days of terrorism”, when the White House was trying to contain key players in order to deny terrorist groups the space to operate. be involved in the effort. “But in that case, we let the Pakistanis stay in the room, and treated them as if they would be part of the solution,” he said. “No one was willing to do that to Russia.”
White House officials said there was little debate on whether to exclude Russia, although publicly they said Moscow could be invited to future sessions. The administration decided that for the first session, it was better to try to demonstrate to Moscow that the tolerance of ransomware groups operating on Russian territory – some of whom are sometimes suspected of doing the bidding of Russian intelligence agencies – could not be tolerated by anyone. Discussions on common initiatives will also poison the real, and that Moscow will do everything possible to sabotage the modest steps that 30 countries can agree on.
Yet even the Biden administration has found the limits of how much it can push for major changes. While it mandated cyber security standards for government contractors and created a series of “sprints” for government agencies to harden their systems, its efforts Crack down on the use of cyber currencies There has been some objections between major investors and users of those currencies.
While Ms Neuberger has argued for “know your customer” rules that govern banks to combat money laundering, significant investors in cryptocurrencies have argued against the requirements that they disclose transactions, Having said that anonymity is key to a growing market.
Some of the country’s biggest companies are fighting law in congress They will need to be reported when they are attacked – a corporate embarrassment that could turn investors or clients away. Companies often try to hide how much they are paying, as Colonial Pipeline did this year. (Some of the lakhs paid by this later recovered.)
“Most breaches are not reported to law enforcement,” Lisa O’s Monaco, deputy attorney general who deals extensively with cyber security issues as homeland security adviser to former President Barack Obama, said. recently written. “The current gap in reporting hinders the government’s ability to tackle not only the ransomware threat, but all cybercriminal activity.”
Mention of mandatory reporting was avoided in the final release. It called for “increased cooperation to prevent, trace and signal ransomware payment flows in line with national laws and regulations”, the last phrase being a recognition that many countries – not just tax havens – are part of efforts to make it easier to identify. Will protest who is using cryptocurrencies.
Mr Sullivan acknowledged differences over the opening of the virtual meeting, the only part of which was held in public. “Our governments may have different perspectives with regard to the tools we believe are best for combating ransomware,” he said, “how to secure our networks, through diplomatic means.” Everything from taking advantage of, and even the most effective ways of, combating illicit finance.” But he stressed that they are united in the goal of preventing attacks that could lock down a company’s data, or make it impossible for nations to distribute water or keep bridges open.
“This is not an American meeting,” Mr Sullivan insisted, noting how widespread ransomware attacks have disrupted critical infrastructure around the world. One Attack on water distribution system in Israel, for example, officials in US utilities shook, and one-on-one petrochemical plant in saudi arabia disclosed the vulnerability of its oil production.
But at the meeting, the United States noted several of its latest moves, including using Civil War-era legislation – the False Claims Act – as whistle-blowers when government contractors failed to meet basic cybersecurity standards. allow to appear. (The law was enacted in March 1863 to crack down on companies selling defective weapons and supplies to the Union Army.)
Ms Monaco said last week: “For too long, companies have chosen to silence under the mistaken belief that it is less risky to hide a violation than to report it and report it.” “Okay, that changed today.”
But no such international initiative had been announced until the end of the conference. Ms Neuberger said the meeting was “a start” and it was important that the United States was forming a loose coalition of like-minded countries to combat ransomware attacks. “This won’t be the last meeting,” she said.