SPONSORED:

New coalition aims to combat growing wave of ransomware attacks

New coalition aims to combat growing wave of ransomware attacks
© iStock

A new coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020.

“You see ransomware as not just an increasing security threat, it is to the level of now where it’s putting hospitals, children, the elderly, financial institutions, everyone at risk,” Philip Reiner, executive chairman of the Institute for Security and Technology’s Ransomware Task Force, told The Hill.

“As a result, we were seized with the idea that creating a collaborative cross-sectoral grouping that is looking at it from a comprehensive, top-down policy approach could potentially have more effect,” Reiner added.

ADVERTISEMENT

The California-based nonprofit aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks.

Hackers have increasingly used these types of attacks -- which involve accessing and encrypting the victim’s network and demanding payment to allow access again -- to hit major targets, with city governments in Atlanta, Baltimore and New Orleans severely impaired by ransomware attacks over the past two years.

More recently, hospitals have become a target during the COVID-19 pandemic, with cyber criminals seeing vulnerable hospitals as easy targets more likely to pay a quick ransom as health care systems struggle to keep up with coronavirus cases. In some instances, the cyberattacks have been blamed for deaths due to delayed care.

“Ransomware has evolved from an economic annoyance to a national security and public health and safety threat,” said Michael Daniel, who served as special assistant to former President Obama and cybersecurity coordinator on the National Security Council. “It is affecting almost every sector of the economy and every size of organization, both public and private.”

Daniel now serves as president and CEO of the Cyber Threat Alliance, one of the groups that has signed on as a member of the newly formed coalition.

ADVERTISEMENT

The coalition’s task force is made up of heavy hitters in the cybersecurity and tech sector, including Microsoft, FireEye and McAfee, along with cyber-focused groups like the CyberPeace Institute and the Global Cyber Alliance.

Daniel stressed the importance of creating a strategy to address ransomware threats that “have grown too large.”

“We need a more comprehensive strategy for dealing with the ransomware threat,” Daniel said. “That strategy should involve both better defense and more aggressive disruption.”

The task force is beginning its work as both a new Congress and a new administration take the reins of power in Washington. Leaders in both branches of government have raised strong concerns about U.S. cybersecurity, particularly in the wake of a devastating cyberattack on IT group SolarWinds that compromised much of the federal government.

President-elect Joe BidenJoe BidenIntercept bureau chief: minimum wage was not 'high priority' for Biden in COVID-19 relief South Carolina Senate adds firing squad as alternative execution method Obama alum Seth Harris to serve as Biden labor adviser: report MORE included over $10 billion in cybersecurity and IT funds for the federal government in the $1.9 trillion COVID-19 relief proposal he unveiled on Thursday, calling it “an urgent national security issue that cannot wait.”

ADVERTISEMENT

Biden also created a new cyber-focused role on the National Security Council, announcing last week that he had appointed Anne Neuberger, director of cybersecurity at the National Security Agency, as deputy national security adviser for cyber and emerging technology.

On Capitol Hill, House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonLawmakers line up behind potential cyber breach notification legislation NAACP president accuses Trump of having operated under 'white supremacist doctrine' Lawmakers blame SolarWinds hack on 'collective failure' to prioritize cybersecurity MORE (D-Miss.) told The Hill last month that he planned to reintroduce bipartisan legislation to create a $400 million grant program that would provide financial resources to state and local leaders to address cyber challenges.

Rep. Lauren UnderwoodLauren UnderwoodNew cyber panel chair zeros in on election security, SolarWinds hack Overnight Health Care: New COVID-19 cases nationally drop below 100K for first time in 2021 | CDC warns states against lifting restrictions amid threat of virus variants | Health officials warn COVID-19 eradication unlikely Black maternal health omnibus package introduced by Democratic lawmakers MORE (D-Ill.), the new chair of the panel’s cybersecurity subcommittee, said late last year that tackling the threat of ransomware attacks would be a top priority for her, noting her desire to help “state and local governments build better defenses.”

Reiner said the coalition’s task force intends to discuss its recommendations with Congress and the Biden administration, noting that the change in government carries with it the prospect for new energy to tackle the problem.

“You have an incoming administration, you have a brand new Congress...they are all animated with the same kind of energy to do something about this so that 2021 is not just worse than 2020 like everyone assumes it’s going to be,” Reiner said.

The task force intends to publish its recommendations in the next two to three months.

Reiner said he hoped “actionable items” would help to “flatten the curve” of ransomware attacks.

“One of the things that we are dead set on is making sure that what we do isn’t just another paper, it’s not just another set of recommendations that people read and say, ‘Wow, that would be nice if that happened,’” Reiner said.

To that end, the task force can look to the recent success of the Cyberspace Solarium Commission. The congressionally created group, made up of policymakers and industry leaders, saw many of its recommendations for defending the nation in cyberspace included in the most recent National Defense Authorization Act.

“We know that there’s no silver bullet, we know that there’s no broad stroke that’s going to end it,” Reiner said. “But if you can put together the right people, maybe you can come up with a comprehensive set of proposals that can put a real dent in it.”