U.S. talks global cybersecurity without a key player: Russia - Los Angeles Times
Advertisement

The U.S. is hosting talks on cybersecurity with 30 nations. Russia is not invited

President Biden at a lectern
The U.S. will meet virtually this week with 30 countries to talk cybersecurity strategy. Above: President Biden.
(Susan Walsh / Associated Press)
Share via

Amid an epidemic of ransomware attacks, the U.S. is sitting down to talk cybersecurity strategy this week with 30 countries while leaving out one key player: Russia.

The country that, unwittingly or not, hosts many of the criminal syndicates behind ransomware attacks was not invited to a two-day meeting starting Wednesday to develop new strategies to counter the threat.

White House national security advisor Jake Sullivan called it a gathering of “like-minded” governments in agreement on the urgency of the need to protect citizens and businesses from ransomware. “No one country, no one group can solve this problem,” he said in opening remarks.

Advertisement

The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked Colonial Pipeline in May, a senior administration official said. The attack on the major U.S. pipeline company, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

The exclusion of a country so closely tied to the global ransomware phenomenon reflects the overall poor relations between Moscow and Washington.

Despite that, the U.S. has used a “dedicated channel” to address cybersecurity with Russia, said the administration official, who briefed reporters on the condition of anonymity to preview this week’s meeting with around 30 countries and the European Union.

Advertisement

To discourage cyber hackers, the U.S. must make it harder for them to profit — and signal that the country is ready and willing to retaliate.

Aug. 8, 2021

Since President Biden raised the issue directly with Russian President Vladimir Putin this summer in a summit and subsequent phone call, there have been “candid discussions” about cybercriminals operating within Russia’s borders, the official said.

“We’ve had several [discussions], and they continue, and we share information regarding specific criminal actors within Russia, and Russia has taken initial steps,” the official said.

It is unclear what steps Putin’s government has taken. Russia does not extradite its citizens, and FBI Deputy Director Paul Abbate told a security forum last month that he has seen “no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they’ve created there.”

Advertisement

The issue was expected to be on the agenda this week in Moscow as Undersecretary of State Victoria Nuland met for talks with Russian Deputy Foreign Minister Sergei Ryabkov.

The U.S. will offer rewards up to $10 million for information on foreign state-sanctioned cyberattacks, including ransomware attacks.

July 15, 2021

The Biden administration took office amid a massive cyber espionage campaign known as the SolarWinds attack, which U.S. officials have linked to Russian intelligence operatives. Ransomware attacks, perpetrated generally by criminal hacker gangs rather than state-sponsored groups, have caused tens of billions of dollars in losses to businesses and institutions and become a major source of tension between the two nations.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Actions taken by the Biden administration include imposing sanctions on a Russia-based virtual currency brokerage that officials say helped at least eight ransomware gangs launder virtual currency and issuing security directives that require pipeline companies to improve their cyber defenses.

In addition, the State Department has announced rewards of millions of dollars for information on people who engage in state-sponsored malicious cyber activities aimed at transnational criminal networks, which Sullivan said operate “across multiple countries, multiple jurisdictions to carry out their attacks.”

Most of this week’s ransomware meeting is expected to be private as participants attend sessions led by India, Australia, Britain and Germany, and will focus on themes such as developing resilience to withstand ransomware attacks.

Advertisement

Other participants include Israel, the United Arab Emirates, Bulgaria, Estonia, France, the Dominican Republic, Mexico, New Zealand, Singapore and Kenya.

Advertisement