The Biden administration is leveraging state attorneys offices to gain insight into ransomware and stressed private-sector obligations as crucial to the success of its strategy to reduce the impact of the menace threatening critical infrastructure across the globe.
In a meeting with the National Association of Attorneys General Thursday, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger highlighted her June 2 open letter to corporate executives. The letter urged business leaders to also implement measures—including multi factor authentication, endpoint detection and response and encryption—outlined for federal agencies in a recent executive order. The letter also contained other best practices such as maintaining network segmentation to ensure continued operation of industrial control systems, by manual means, if necessary.
Neuberger “reiterated her call to action that corporate leaders implement the discrete, high-impact cybersecurity measures contained in her open letter, and those referenced in the President’s Executive Order,” according to a readout the White House released Friday. “Investing in cybersecurity is a far better investment for our economy and for companies than paying the funds in ransom.”
Attorneys general are a significant part of the administration’s strategy for taking on the challenge posed by ransomware, which has ballooned in recent months, as demonstrated by attacks on meat and fuel suppliers JBS and Colonial Pipeline, respectively. A new ransomware task force at the Department of Justice will centrally coordinate and analyze data from ransomware cases reported up through state attorneys offices. During an oversight hearing Thursday, FBI Director Christopher Wray said responding to ransomware requires the kind of coordinated effort that took place after September 11.
The Justice Department also notched a significant victory when the task force recovered the majority of the ransom Colonial Pipeline paid in cryptocurrency.
Neuberger told the association of attorneys general the Biden administration’s ransomware strategy includes four lines of effort: “disruption of ransomware infrastructure and actors by working closely with the private sector; international cooperation to hold countries who harbor ransom actors accountable; expanding cryptocurrency analysis to find and pursue criminal transactions; and reviewing the USG’s ransomware payment policies and approaches,” according to the readout.
Justice has attributed both the JBS and Colonial attacks to ransomware groups which experts say are not officially affiliated with the Kremlin but are nevertheless based in Russia. Biden is set to raise the issue with Russian President Vladimir Putin in Geneva June 16. Ransomware and cybersecurity more broadly are also on the agenda for G7 meetings in the United Kingdom over the coming days.
Along with COVID, the climate, the global economy and infrastructure, “they will discuss ransomware and how to set the rules of the road on all forms of emerging technology so that it’s democracies, and not autocracies, who are laying the foundation for standards as we go forward,” a senior administration official said, according to the White House release Friday of a background call with reporters. “All of this will end up getting enshrined in the G7 leaders communiqué that will be released at the conclusion of the summit.”
Neuberger’s appeal to the private sector Thursday noted pilots planned through an industrial control systems working group established to help critical infrastructure entities implement the best practices she outlined in the June 2 letter. The first of these is happening through a 100-day sprint at the Department of Energy and the Cybersecurity and Infrastructure Security Agency but others can soon be expected “to strengthen the cyber resilience of other critical sectors like pipelines, water, and chemicals,” the White House said.
“Under President Biden’s leadership, the Federal Government is stepping up to do its part, working with like-minded partners around the world to disrupt and deter ransomware actors,” Neuberger wrote in the letter. “The private sector also has a critical responsibility to protect against these threats.”