White House ransomware summit highlights need for borderless solutions

White House ransomware summit highlights need for borderless solutions

Representatives from 36 countries and the EU agree that combatting ransomware requires international collaboration but legal systems need to catch up.

Credit: Dreamstime

The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021.

At a press briefing before the summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most of the world’s time zones, and it really reflects the threat that criminals and cyber attacks bring.”

Later, the White House issued a fact sheet stating that throughout the summit, CRI and private-sector partners discussed and developed concrete, cooperative actions to counter the spread and impact of ransomware around the globe. In closing remarks at the summit, US National Security Advisor Jake Sullivan stressed the importance of international collaboration in tackling the ongoing ransomware crisis.

“We’ve been focused on really strengthening collaboration with our partners—doing this in partnership with other countries because any one country solving their cyber problem is not really getting after the root of this problem, which is a network problem that affects all of us,” he said.

In addition to the 37 countries, 13 companies and organisations participated in this year’s CRI including Crowdstrike, Mandiant, Cyber Threat Alliance, Microsoft, Cybersecurity Coalition, Palo Alto Networks, Flexxon, SAP, Institute for Security + Technology, Siemens, Internet 2.0, Tata – TCS, and Telefonica.

The summit participants were divided into five working groups focused on resilience, disrupting bad actors, countering illicit cryptocurrency movements, bringing diplomatic pressure on bad actors, and establishing public-private partnerships.

Borderless threats call for a borderless response

Several common themes emerged at the summit’s closing session. First, all the country participants appreciated the Biden administration hosting the CRI and, like Sullivan, emphasised the critical role international collaboration needs to play in defeating ransomware.

Michael Pezzulo, secretary of the Department of Home Affairs in Australia, said, “It's a borderless threat, so, therefore, it needs a borderless response.”

“I am so grateful that this group is a global group, at least with a global reach and global ambition,” Tanel Sepp, Estonia’s ambassador at large for cyber diplomacy, said. “We are all sharing the same challenge, and we need the same solutions.”

Lt. Gen Rajesh Pant, national cyber security coordinator at the National Security Council Secretariat of India, said, “the exponential growth of ransomware attacks worldwide has underscored the need for global and regional cooperation in both mitigating the attacks as well as devising internationally accepted policies and procedures to attribute and disrupt the threat actors.”

David Koh, commissioner of cyber security and chief executive of the Cyber Security Agency (CSA) of Singapore, said, “ransomware is a common threat to our respective countries, companies, and citizens. It poses economic, social, and even national security harm to us. Interestingly, we are all facing a common threat. The bad guys are out there. We are all on the same side.

"This is an area where countries from a wide political spectrum can find common cause and work together collaboratively.”

Carl Fredrik Wettermark, the senior cyber policy advisor in the Swedish Ministry for Foreign Affairs, said that when the Kaseya supply chain attack hit in 2021, he was on an island in the Stockholm archipelago.

“I had two thoughts when that happened: One was I would not be able to get food because there was only one store on the island. And that was very unfortunate, and it made me very sad. My second thought, though, was that if a cyber attack on a company in Miami is preventing me from getting meatballs and herring for my kids on a remote island in Sweden, I'm really living in a very interconnected world.”

Ransomware threatens societies and national security

Another common theme of the summit is that ransomware has risen over the past five years from a petty money-making criminal enterprise to become an existential threat to all nations' social functioning and national security. 

“Ransomware is a growing national security threat in Canada, Patricia Geddes, associate deputy minister of public safety in Canada, said. “It compromises the safety of Canadian citizens, the security of their online environment, and the prosperity of our economy.”

Pavel Stepanik of the Czech Republic said that “Ransomware is a national security imperative. We can no longer see ransomware as a type of organised crime carried out by non-state actors.”

Touching on the glaring absence from the summit of Russia, which tolerates and by all accounts encourages ransomware actors within its borders, Stepanik added, “cyber criminals very often act in close coordination and on behalf of states including Russia. Ransomware has become a great source of illicit profit for authoritarian regimes, and we must work together to counter this threat.”

Richard Browne, director of the National Cyber Security Centre in Ireland, said that “everybody knows that ransomware has grown from a nuisance issue to being a real proximate risk to national security and our future prosperity. And that kind of crosscutting dynamic international problem requires a global response.”

Legal clarifications for borderless response to ransomware are needed

Several participants raised the need to respect that different nations have different legal authorities governing how far they can work with other countries.

“We need to respect the fact that we have different legal authorities and capacities,” Australia’s Pezzulo said. “I think we've worked through those issues very well [during the CRI] and got to a good equilibrium that balances the need for an aggressive borderless response, but one that respects the equities of national jurisdictions.”

“We have started to think how to solve the international legal issue so we can get the attackers in cyber space and not in legal space,” Aviram Atzaba, executive director of strategy and international cooperation at Israel National Cyber Directorate, said.

Janusz Cieszyński, secretary of state, Government Plenipotentiary for Cyber Security, said, “I'd like to stress that we have no time to spare. I hope we will be able to take the can-do attitude that is in this room back to our home countries and go straight through the legal, security, and all the other teams to make action items from our meeting possible soon.”

“Our commitment must be a long-term one and must include the development of capacities of the legal framework and common tactical, operational, and policy approaches,” Iulian Fota, director general at the Romanian Diplomatic Institute, said.

The private sector is a key player

Most of the participants say that any strategy to combat ransomware requires the participation of the private sector to succeed. Dr. Bernd Pichlmayer, advisor to the federal chancellor at the Federal Chancellery of Austria, said that “a whole-of-society approach to delivering a deeply needed piece to solve the global ransomware puzzle needs to include predefined interfaces and cooperation with the private sector.”

Jose Montilla Suero, digital vice minister in the Dominican Republic, said, “the government cannot achieve our cyber resilience goals alone. The private sector owns and operates much of our nation's critical infrastructure.

"There is only one way to defend the state from cyber threats, and that is through government industry and civil society working together, sharing appropriate information, and raising awareness and education as allies behind the same goals.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber securityransomware


EDGE 2024

Register your interest now for EDGE 2024!

Brand Post



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments