In the face of enhanced ransomware attacks globally, the International Counter Ransomware Initiative (CRI), a grouping of 36 countries, including India, and the European Union, has decided to deepen its institutional collaboration to enhance “collective resilience” to ransomware, disrupt attacks and pursue responsible actors, counter illicit finance that underpins the ransomware ecosystem, work with the private sector against attacks, and cooperate across all elements of the ransomware threat.
At the end of the first in-person CRI summit in Washington DC on Wednesday, hosted by the United States National Security Council, the grouping also took a series of decisions to step up the institutional mechanisms to deal with what US national security advisor Jake Sullivan called a “global challenge that requires global cooperation to produce global solutions”.
India leads the network resilience working group of the initiative along with Lithuania and was represented by Lt General (retired) Rajesh Pant, the national cybersecurity coordinator in the Prime Minister’s Office.
Acknowledging that India had been at the “receiving end of many ransomware attacks” on its “critical infrastructure”, Pant underscored the need for both public-private partnership and global and regional cooperation in combining “knowledge, expertise and capabilities” in taking on ransomware attacks and holding those responsible for it.
Pant began his remarks at the closing session of the summit by pointing to the power of the grouping. “If someone takes a picture of this powerful table, it will send some shivers down the spine of these criminals we are chasing.” India, he said, genuinely appreciated the US initiative to discuss and find solutions “to improve our domestic and collective resilience, misuse of virtual currency, and need to investigate and disrupt perpetrators of this ransomware”. He said that the discussions had helped improve the “comprehensive understanding of strategies used by ransomware actors and means by which their malicious activity can be identified and addressed”.
“We also saw that public private partnership has emerged as a point of consensus. India will be keen to collaborate and cooperate with CRI member countries in countering threats emanating from ransomware attacks for which we will focus on capacity building, information sharing, enhancing CERT to CERT cooperation, establish and share guidelines on sector specific cybersecurity standards and practice the same by the conduct of biannual cyber exercise,” Pant added.
India also announced that it intends to establish a dedicated counter ransomware platform, Malwarekosh, “to support, analyse, share and collaborate on counter randomware activities”.
In a joint statement, CRI countries said they were committed to using “all appropriate tools of national power” to implement the endorsed United Nations Framework for responsible state behaviour in cyberspace, “specifically the voluntary norm that States should cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats”.
To achieve these goals, according to a White House Factsheet, CRI members agreed to establish an international counter ransomware task force led by Australia to “coordinate resilience, disruption and counter illicit finance activities”. A fusion cell at the regional cyber defense center in Kaunas led by Lithuania will “operationlize ransomware related threat information sharing commitments”. The summit agreed to deliver an “investigator’s toolkit” that will include lessons and strategies to respond to significant ransomware events, tackle major cyber criminal actors and consolidate “tactics, techniques and procedures”.
CRI members will also institute “active and enduring private sector engagement” based on trusted information sharing and coordinated action. They will publish joint advisories offering warning and mitigation measures, coordinate “priority targets” through a single framework, develop a capacity-building tool to help countries use public-private partnerships to combat ransomware, and undertake biannual counter ransomware exercises.
The coalition has also decided to hold a second counter illicit finance ransomware workshop to build capacity on blockchain tracing and analytics; take joint steps to stop ransomware actors from being able to use the cryptocurrency ecosystem including by sharing information about crypto wallets; enhance information sharing through new platforms on the actors and their tradecraft; pursue aligned frameworks and guidelines with particular focus on provision of essential services and critical infrastructure; address ransomware across all multilateral formats; and coordinate cyber-capacity building programmes strategically “to strengthen resilience, disruption, capabilities, legal frameworks and law enforcement capacity”.
In his remarks, Sullivan spoke of the ransomware attacks faced by the US in recent years (America holds Russia responsible for some of the key attacks) and the decision to integrate domestic and foreign policy on the issue. He said that the Joe Biden administration had decided on new baseline standards for software sold to the US government; create landmark cybersecurity standards in critical infrastructure sectors from airports to water systems, pipelines to railroads; and was working to have standard cybersecurity practices for critical infrastructure owners.
Sullivan said that the US was working with its partners on securing new technologies, including digital assets, and was consulting partners to create a labelling programme for the internet of things so that consumers know that their devices are secure.
“We have been focused on really strengthening collaboration with partners..because any one country solving their cyber problem is not really getting after the root of this problem, which is a network problem affecting all of us. So we have been trying to build diverse and flexible coalitions that tackle a transnational threat like cyber.”
CRI, Sullivan said, was the largest in terms of a cybersecurity coalition and the most comprehensive, bringing both countries and companies together. “I want to particularly thank Australia, Singapore, the UK, India, Lithuania, Spain and Germany, the CRI working group leads who have made sure that this collaboration is broadly shared, brings diverse perspectives, and really creates a platform.”