New White House cyber strategy picks a fight with ransomware
President Joe Biden's new national cyber strategy is teeing up a more aggressive, military-involved fight against ransomware.
Driving the news: In the strategy released Thursday, ransomware is officially declared a national security threat, unlocking new authorities for the military and intelligence community to use some of its strongest cyber tools against ransomware gangs.
What they're saying: "That does flip the switch," a senior administration official told Axios. "We are going to be considering tools and authorities and options that go beyond what we would have traditionally done on a crime problem."
Why it matters: Many of the military and intelligence community's most powerful cyber tools have been reserved for operations involving state-backed hackers, like the Russian GRU or Chinese cyber spies. Now, that should change to also include ransomware gangs, experts told Axios.
- "They will use capabilities that have been previously reserved by law and by policy only to national security operations," said Tom Bossert, president of Trinity Cyber and former U.S. homeland security adviser during the Trump administration.
- "They could now use our capabilities against a ransomware group in the same way they might use our capabilities against the Russian military."
The big picture: The designation of ransomware as a national security threat has been years in the making.
- The National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency and international partners released an advisory last year warning that ransomware is a national security problem.
- A report released in April 2021 from a group of former officials and cybersecurity executives called for the U.S. government to designate ransomware as a national security threat.
Zoom out: Ransomware continues to seize U.S. critical infrastructure, as schools, hospitals and local governments face a deluge of attacks.
- This week alone, the U.S. Marshals Service, a Minnesota school district and a Washington public bus system have reported ransomware attacks.
Between the lines: While the U.S. government has had success in taking down ransomware gangs' infrastructure and working with international allies to arrest ransomware affiliates, officials hope the new designation will help them do more at a faster pace.
- For instance, most of the recent ransomware takedowns have focused on infrastructure based in the U.S. or allied nations rather than proactive operations on servers in enemy countries.
- "It can take a year or even two to get to a point where U.S. law enforcement or global law enforcement are in a position to take that action," the senior administration official told Axios.
Yes, but: The section of the national cybersecurity strategy that describes how exactly the administration wants to expand on its offensive cyber operations is vague — in part because many of these tools and operations are classified.
- The strategy calls on the Pentagon to establish its own strategy to determine how the U.S. Cyber Command defends against both state and nonstate threats. And it calls for providing more resources to the FBI's National Cyber Investigative Joint Task Force.
The intrigue: Adding more muscle to the U.S. ransomware fight comes as dialogue between the U.S. and Russia, the biggest safe haven for ransomware gangs, has dissolved in the last year during the war in Ukraine.
- "Since the criminal justice system isn't going to be able to, on its own, address this problem, we do need to look at other elements of national power to be going after the threat," a senior official told reporters before the strategy's release.
The bottom line: If all goes as planned, expect to hear about more ransomware takedowns and arrests as the intelligence community gets more involved in the fight.
Sign up for Axios’ cybersecurity newsletter Codebook here.