The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis

with Aaron Schaffer

A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

"We're seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular," says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.” 

Hackers have hit thousands of victims, including critical services such as hospitals and local governments, during the pandemic. This week alone hackers hit police departments in Maine and Washington D.C. In the case of the latter, hackers leaked sensitive documents, a tactic that is becoming increasingly common in ransomware attacks. In February, Secretary of Homeland Security Alejandro Mayorkas called the uptick in the hacks an “epidemic;" he speak at an event rolling out the group's report today.

The growing threat of ransomware to those critical services is what pushed the nonprofit Institute for Security and Technology to form the task force in January, says IST CEO and Ransomware Task Force co-chair Philip Reiner.

“I think that the realization of watching those who work on cyber security, watching folks really scrambling to collaboratively staunch the tide of these kinds of attacks It struck us that there needed to be a coordinated, comprehensive approach taken to really get after this and that piecemeal efforts weren't going to be sufficient, says Reiner. 

The report from the Ransomware Task Force includes 48 recommendations for policymakers and industry to disrupt the ransomware ecosystem. The recommendations focus on five key areas: international cooperation; coordination between the private and public sector; a whole of government approach including an interagency task force; establishing response and recovery support for victims and stronger oversight of the cryptocurrency industry used by criminals for payments.

Government organizations with representatives on the task force include FBI, the Cybersecurity and Infrastructure Security Agency, the Secret Service, the National Governors Association and the New York Department of Financial Services

The report calls on the White House to stand up an interagency group to combat the problem. It also urges greater collaboration with the private sector and the establishment of a private-industry led ransomware incident sharing network. 

Lawmakers and U.S. intelligence officials have hammered on the need to fix the gap in information sharing between the private and public sector in the wake of the SolarWinds attack. The massive Russian hacking campaign that infiltrated nine federal networks could have gone undetected for months longer had private cybersecurity firm FireEye not notified SolarWinds and the government.

What's key for the private sector here is not only do we have a national strategy that's well resourced and that allows for privatization, we have the ability to share information among each other and with law enforcement and with governments, says co-chair Kemba Walden, assistant general counsel for Microsoft's digital crimes unit. I think transparency goes a long way, especially if you're part of the security community, to disrupt and to take action to operationalize that information.

The task force also recommends greater coordination with foreign governments and international law enforcement to take out hacker infrastructure and shut down safe havens. 

That pressure could come in the form of economic and trade sanctions like those recently launched against Russian companies and diplomats by the Biden administration or other means of withholding assistance or publicly calling out governments harboring hackers.

The changes will take legislative action.

Some of the report's proposed solutions require action by lawmakers and government officials. They're already considering better information sharing between the private and public sector following the SolarWinds attack, and they recently introduced legislation to increase emergency response funding for cyberattacks.

The House Committee on Homeland Security's cybersecurity subcommittee will hear next week about the report's recommendations when it hosts a hearing to combat ransomware. The hearing will feature Stifel, John Davis of Palo Alto Networks as well as National Association of State Chief Information Officers president Denis Goulet, according to a source familiar with plans for the hearing.

Members of the task force expressed optimism about steps the U.S. government is already taking, including DHS's plans for an accelerated ransomware effort as well as the Justice Department's recent creation of a task force addressing ransomware. 

But they say more work is needed. For instance, the Treasury Department could step in to heighten oversight of cryptocurrency markets using existing anti-money laundering and terrorism laws. 

Members of the task force were optimistic the recommendations could make a big impact if officials act immediately and view the report as a whole.

“The report is written with the idea that you have to take all of the actions in order to have an impact. So there are a lot of moving parts. Taking that and actioning it all at once and quickly to keep up with the pace of the crime. I think that's going to be the biggest challenge that that I think it's over,” says Walden. “Maybe I'm an optimist, but I think we can meet that challenge.”

The keys

Biden calls for infrastructure improvements to combat cyberattacks in his first joint address to Congress.
President Biden promoted his infrastructure and tax plans in his first address to a joint session of Congress on April 29. (Video: The Washington Post, Photo: Melina Mara/The Washington Post)

He called for modernizing the power grid, which is currently “vulnerable to storms, hacks and catastrophic failures” as well as improvements to public education to help build out the workforce.

President Biden's first 100 days have been defined by two major cyberattacks, one of which the U.S. responded to with sanctions against Russia as Biden noted in his speech.

The president also touched on America's need to partner with allies to address growing threats.

“No one nation can deal with all the crises of our time alone – from terrorism to nuclear proliferation to mass migration, cybersecurity, climate change – and as we’re experiencing now, pandemics,” he said.

A top Justice Department official defended the use of warrants to remove malware.

John Demers, the assistant attorney general of the Justice Department’s national security division, said the government is using the authority “judiciously” and on a case-by-case basis. The comments come weeks after Justice announced an operation to remove back doors on hundreds of U.S.-based servers that were infected by hackers who exploited weaknesses in Microsoft Exchange software.

Asked about DOJ’s development of policies for removals, Demers said “now that we’ve had this experience, that’s the kind of discussion that we’re having now internally.” 

“I don’t know that we see a need for new legislation” to give the Justice Department additional investigative powers, Demers said. “By and large, we have what we need.”

The White House endorsed a water infrastructure bill’s cybersecurity provisions.

The endorsement comes in the wake of a February cyberattack on a Florida water treatment plant, NextGov’s Mariam Baksh reports. The bill would provide $25 million in annual grants as part of a clean water infrastructure program that would allow recipients to use the money to patch holes in their cyber defenses.

The legislation “promotes resiliency projects to address the impacts of climate change and makes explicit that cybersecurity projects are eligible for key programs,” the White House said in the statement.

Hackers posted personal information about D.C. police officers.

Hundred-page dossiers on five current and former D.C. police officers were posted, NBC News’s Kevin Collier reports. The files include polygraph results and other personal information, and come as hacks-for-ransom, such as this one, reach a fever pitch across the United States.

The FBI is investigating the incident. A group calling itself Babuk has asked for a ransom in exchange for not publishing the stolen data.

A former police officer whose data was leaked said that the information was authentic and he had not been contacted by the police department. A D.C. police spokesperson did not respond to a question from Collier about the five officers, but pointed to a YouTube video of acting chief Robert J. Contee III.

Global cyberspace

Macron’s government unveils plans for new anti-terrorism legislation, in part to ward off criticism from the right (Rick Noack)

Cyber insecurity

DigitalOcean says customer billing data accessed in data breach (TechCrunch)

Chat room

Yesterday's Cybersecurity 202, which was about a legislative proposal to create cybersecurity reserves, was the subject of a Twitter debate. Rob Knake, a former director for cybersecurity policy at the National Security Council:

Microsoft's Christopher Glyer:

Doug Wilson:


  • Senate Intelligence Committee chairman Mark R. Warner (D-Va.) and former Google CEO Eric Schmidt speak at a McCain Institute Sedona Forum panel on international tech alliances today at 9 a.m.
  • Director of National Intelligence Avril Haines and Lieutenant General Scott Berrier, the director of the Defense Intelligence Agency, testify at a Senate Armed Services Committee worldwide threats hearing today at 9:30 a.m.
  • Sen. Jack Reed (D-R.I.), the chairman of the Senate Armed Services Committee, discusses cybersecurity with two other senators at a Sedona Forum event today at 10 a.m.
  • Former Cybersecurity and Infrastructure director Chris Krebs speaks with former congressman Will Hurd, a Republican who represented Texas, on a Sedona Forum panel today at 11 a.m.
  • Krebs speaks at the Munich Cyber Security Conference today at 12:10 p.m.
  • Secretary of Homeland Security Alejandro Mayorkas speaks at an Institute for Security and Technology event on hacks-for-ransom today at 1 p.m. 
  • Leonid Volkov, Russian opposition leader Alexei Navalny’s chief of staff, discusses Russian cyberattacks that target Russian citizens at an Atlantic Council event on Friday at 9:30 a.m. 
  • The McCrary Institute at Auburn University hosts a panel on digital supply chains on Friday at 11 a.m. 
  • Deputy Attorney General Lisa Monaco discusses cybersecurity enforcement at the Munich Cyber Security Conference at 11:20 a.m. on Friday.
  • Former National Security Agency general counsel Glenn Gerstell testifies at a House Armed Services Committee panel’s hearing on the Department of Defense’s information operations strategy on Friday at 3 p.m.
  • Rep. Yvette D. Clarke (D-N.Y.), the chair of the House Homeland Security Committee’s cyber panel, and other lawmakers speak at Hack The Capitol 4.0 on May 4.
  • Krebs speaks at a U.S. Agency for Global Media event on disinformation on May 5 at 9 a.m.
  • The House Homeland Security Committee’s cyber subcommittee holds a hearing on hacks-for-ransom on May 5 at 2:30 p.m.

Secure log off