A crucial meeting between US president Joe Biden and Russia’s Vladimir Putin has resulted in an agreement in principle that something must be done to bring the current surge in cyber criminal activity – specifically ransomware – to heel, but whether or not the Russian authorities will be empowered to take any action on the issue remains to be seen.
Speaking to reporters after the Geneva summit came to an end, Biden said he and his Russian counterpart had spent a great deal of time on cyber security issues.
“I talked about the proposition that certain critical infrastructure should be off limits to attack – period – by cyber or any other means,” he said. “I gave them a list, if I’m not mistaken – I don’t have it in front of me – 16 specific entities; 16 defined as critical infrastructure under US policy, from the energy sector to our water systems.
“Of course, the principle is one thing. It has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory.
“We agreed to task experts in both our countries to work on specific understandings about what’s off limits and to follow up on specific cases that originate in other countries or either of our countries.”
Biden went on to say it was in the mutual self-interest of both Russia and the US to crack down on cyber criminality. He asked Putin how he would feel if a ransomware attack shut down pipeline infrastructure to Russian gas and oil fields, to which his counterpart responded that “it would matter” a great deal.
Asked by reporters if he had given Putin any suggestion of what would happen if further attacks emanating from entities in Russia damage critical national infrastructure in the US, Biden said: “I pointed out to him that we have significant cyber capability. And he knows it. He doesn’t know exactly what it is, but it’s significant. And if, in fact, they violate these basic norms, we will respond with cyber.”
Dan Woods, vice-president of F5 Networks’ Shape Intelligence Center, and a former FBI and CIA cyber operative, said the world would be well-served if both Biden and Putin could reach a more concrete agreement to work together to curb ransomware attacks.
Read more about government cyber response
- NCSC CEO Lindy Cameron urges organisations to do more to prepare for ransomware attacks, describing the threat as one of the most insidious facing the UK.
- Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’.
- The US government steps up action against ransomware operators, while the UK’s NCSC publishes guidance on preparing to deal with a ransomware attack.
“Allowing criminal enterprises to launch attacks creates economic and, in some cases, life-threatening consequences,” he said. “Ongoing attacks against the US and other interests could provoke a significant response that quickly escalates this kind of conflict out of control.”
The meeting comes days after first the G7, then Nato, issued strongly worded statements calling out Russia for turning a blind eye to a plethora of ransomware gangs operating from within its borders with impunity, but which never seem to target organisations located in Russia or other former Soviet states.
In a statement issued following a Nato meeting earlier in the week, the alliance said it was determined to employ a “full range” of capabilities to deter, defend against and counter cyber threats in accordance with international law.
However, the alliance also said it was possible to envisage a scenario in which a cyber attack on one member might cross the line into an attack that would trigger Article 5 of its treaty – the provision that an attack on one member of the alliance is an attack on all.
“We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” said the alliance. “Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.”