The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021.
At a press briefing before the summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most of the world’s time zones, and it really reflects the threat that criminals and cyber attacks bring.”
Later, the White House issued a fact sheet stating that throughout the summit, CRI and private-sector partners discussed and developed concrete, cooperative actions to counter the spread and impact of ransomware around the globe. In closing remarks at the summit, US National Security Advisor Jake Sullivan stressed the importance of international collaboration in tackling the ongoing ransomware crisis.
“We’ve been focused on really strengthening collaboration with our partners—doing this in partnership with other countries because any one country solving their cyber problem is not really getting after the root of this problem, which is a network problem that affects all of us,” he said.
In addition to the 37 countries, 13 companies and organisations participated in this year’s CRI including Crowdstrike, Mandiant, Cyber Threat Alliance, Microsoft, Cybersecurity Coalition, Palo Alto Networks, Flexxon, SAP, Institute for Security + Technology, Siemens, Internet 2.0, Tata – TCS, and Telefonica.
The summit participants were divided into five working groups focused on resilience, disrupting bad actors, countering illicit cryptocurrency movements, bringing diplomatic pressure on bad actors, and establishing public-private partnerships.
Borderless threats call for a borderless response
Several common themes emerged at the summit’s closing session. First, all the country participants appreciated the Biden administration hosting the CRI and, like Sullivan, emphasised the critical role international collaboration needs to play in defeating ransomware.
Michael Pezzulo, secretary of the Department of Home Affairs in Australia, said, “It's a borderless threat, so, therefore, it needs a borderless response.”
“I am so grateful that this group is a global group, at least with a global reach and global ambition,” Tanel Sepp, Estonia’s ambassador at large for cyber diplomacy, said. “We are all sharing the same challenge, and we need the same solutions.”
Lt. Gen Rajesh Pant, national cyber security coordinator at the National Security Council Secretariat of India, said, “the exponential growth of ransomware attacks worldwide has underscored the need for global and regional cooperation in both mitigating the attacks as well as devising internationally accepted policies and procedures to attribute and disrupt the threat actors.”
David Koh, commissioner of cyber security and chief executive of the Cyber Security Agency (CSA) of Singapore, said, “ransomware is a common threat to our respective countries, companies, and citizens. It poses economic, social, and even national security harm to us. Interestingly, we are all facing a common threat. The bad guys are out there. We are all on the same side.
"This is an area where countries from a wide political spectrum can find common cause and work together collaboratively.”
Carl Fredrik Wettermark, the senior cyber policy advisor in the Swedish Ministry for Foreign Affairs, said that when the Kaseya supply chain attack hit in 2021, he was on an island in the Stockholm archipelago.
“I had two thoughts when that happened: One was I would not be able to get food because there was only one store on the island. And that was very unfortunate, and it made me very sad. My second thought, though, was that if a cyber attack on a company in Miami is preventing me from getting meatballs and herring for my kids on a remote island in Sweden, I'm really living in a very interconnected world.”
Ransomware threatens societies and national security
Another common theme of the summit is that ransomware has risen over the past five years from a petty money-making criminal enterprise to become an existential threat to all nations' social functioning and national security.
“Ransomware is a growing national security threat in Canada, Patricia Geddes, associate deputy minister of public safety in Canada, said. “It compromises the safety of Canadian citizens, the security of their online environment, and the prosperity of our economy.”
Pavel Stepanik of the Czech Republic said that “Ransomware is a national security imperative. We can no longer see ransomware as a type of organised crime carried out by non-state actors.”
Touching on the glaring absence from the summit of Russia, which tolerates and by all accounts encourages ransomware actors within its borders, Stepanik added, “cyber criminals very often act in close coordination and on behalf of states including Russia. Ransomware has become a great source of illicit profit for authoritarian regimes, and we must work together to counter this threat.”
Richard Browne, director of the National Cyber Security Centre in Ireland, said that “everybody knows that ransomware has grown from a nuisance issue to being a real proximate risk to national security and our future prosperity. And that kind of crosscutting dynamic international problem requires a global response.”
Legal clarifications for borderless response to ransomware are needed
Several participants raised the need to respect that different nations have different legal authorities governing how far they can work with other countries.
“We need to respect the fact that we have different legal authorities and capacities,” Australia’s Pezzulo said. “I think we've worked through those issues very well [during the CRI] and got to a good equilibrium that balances the need for an aggressive borderless response, but one that respects the equities of national jurisdictions.”
“We have started to think how to solve the international legal issue so we can get the attackers in cyber space and not in legal space,” Aviram Atzaba, executive director of strategy and international cooperation at Israel National Cyber Directorate, said.
Janusz Cieszyński, secretary of state, Government Plenipotentiary for Cyber Security, said, “I'd like to stress that we have no time to spare. I hope we will be able to take the can-do attitude that is in this room back to our home countries and go straight through the legal, security, and all the other teams to make action items from our meeting possible soon.”
“Our commitment must be a long-term one and must include the development of capacities of the legal framework and common tactical, operational, and policy approaches,” Iulian Fota, director general at the Romanian Diplomatic Institute, said.
The private sector is a key player
Most of the participants say that any strategy to combat ransomware requires the participation of the private sector to succeed. Dr. Bernd Pichlmayer, advisor to the federal chancellor at the Federal Chancellery of Austria, said that “a whole-of-society approach to delivering a deeply needed piece to solve the global ransomware puzzle needs to include predefined interfaces and cooperation with the private sector.”
Jose Montilla Suero, digital vice minister in the Dominican Republic, said, “the government cannot achieve our cyber resilience goals alone. The private sector owns and operates much of our nation's critical infrastructure.
"There is only one way to defend the state from cyber threats, and that is through government industry and civil society working together, sharing appropriate information, and raising awareness and education as allies behind the same goals.”