White House to announce ransomware task force — and hacking back is one option


The Biden administration is preparing to announce a cross-government task force to combat ransomware attacks, following a series of high-profile hacks that underscored how cybersecurity weaknesses can wreak havoc on American society.

Through the previously undisclosed task force, federal agencies are taking defensive actions, such as promoting digital resilience among critical infrastructure companies, and offensive ones, such as launching cyberattacks on ransomware operators, according to a Senate aide who requested anonymity to speak candidly. Agencies are also developing mechanisms for halting ransom payments made through cryptocurrency platforms, and they are coordinating all these activities with foreign allies, the aide said.

Anne Neuberger, the deputy national security adviser for cyber and emerging technology, previewed the administration’s announcement during a 35-minute briefing for senators on Wednesday afternoon.

News of the task force comes as lawmakers and experts are pressuring President Joe Biden to respond more forcefully to Russian President Vladimir Putin’s inaction against ransomware operators, who in recent months have paralyzed much of the East Coast's gasoline supply, crippled a major meat processing company and breached the IT software vendor Kaseya and hundreds of companies connected to it.

“We’ve got to send a very strong, even disproportionate, message to Russia that we’re not going to tolerate this,” House Homeland Security ranking member John Katko (R-N.Y.) told Bloomberg last week.

But Biden faces few good options for altering Putin’s calculus. Years of sanctions have proven ineffective, cryptocurrency regulations face daunting prospects, allies in Europe are heavily reliant on Russian energy supplies and retaliatory cyberattacks could backfire.

Congress is already pursuing its own options. A bipartisan group of senators is expected to introduce legislation this week or next to require a wide range of companies, including critical infrastructure operators, to report hacks to the government. The House Homeland Security Committee is crafting similar legislation. Federal officials say a lack of information about private-sector breaches hampers their ability to protect the country from digital threats.

During Wednesday’s briefing, officials asked for new authority to establish mandatory cyber standards for critical infrastructure, according to a second Senate aide, who also requested anonymity to discuss the private call.

Neuberger also told senators that the White House will announce three other steps in the coming days, the first aide said.

DHS’ Cybersecurity and Infrastructure Security Agency will launch an interagency website, stopransomware.gov, to collect defensive guidance from various agencies. The Treasury Department’s Financial Crimes Enforcement Network will convene a virtual conference on ransomware in August. And the State Department will use its “Rewards for Justice” program to offer cash payments for tips leading to the arrests of ransomware operators.

Meanwhile, a glimmer of hope for the crusade against ransomware materialized on Tuesday, when the REvil gang, which carried out the Kaseya attack, abruptly went dark. It is unclear if the U.S. or Russia disrupted REvil’s infrastructure or if the criminals shut down their servers themselves, as other groups have done in the past following internal squabbles or increased scrutiny.

Neuberger did not address the REvil outage during the briefing, Sen. Angus King (I-Maine) told reporters during a media call afterward.

As the pace and impact of cyberattacks intensify, Biden is only now getting his core team in place to deal with them. On Monday, Chris Inglis was sworn in as the first-ever national cyber director, overseeing defensive efforts from the White House. And on Tuesday, hours after the Senate confirmed her, Jen Easterly started her job as director of CISA, giving the beleaguered agency its first permanent chief since last November.

Neuberger, who joined the White House in January as Biden’s first senior cyber official, did almost all of the talking during the Senate briefing, according to the first Senate aide.

Joining her on the call were Eric Goldstein, the executive assistant director for cybersecurity at CISA; Todd Conklin, a counselor to Deputy Treasury Secretary Wally Adeyemo; Richard Downing, a deputy assistant attorney general in DOJ’s Criminal Division; and Herb Stapleton, a deputy assistant director of the FBI’s Cyber Division.

Lawmakers asked general questions during the call, the first Senate aide said. Sen. Mike Rounds (R-S.D.), the ranking member on the armed services panel’s cyber subcommittee, asked about potential military cyber operations to confront ransomware gangs. He was told that that issue was better addressed in a classified setting.

King, the co-chair of the congressionally chartered Cyberspace Solarium Commission, welcomed the administration’s new initiatives but said they would probably do little to deter Putin.

“They're necessary steps in order to deal with this issue,” he told reporters, but “the deterrence starts with the president's interactions with Putin over the last month or so.”

“Vladimir Putin understands power, and he understands risk,” King said, “and he has to understand that this kind of conduct by the Russian state is unacceptable and will entail costs.”

View original post