Federal government still in the dark on ransomware
Information on the majority of ransomware attacks targeting American companies and civilian agencies remains unreported to the Department of Homeland Security, a top cyber official told lawmakers.
A top Department of Homeland Security (DHS) official said he was unable to provide a "definitive assessment" to lawmakers as to whether Russian-linked cyberattacks have decreased since President Joe Biden discussed ransomware with Russian President Vladimir Putin in a June summit meeting and during an hour-long phone call in July.
Rob Silvers, undersecretary for strategy, policy, and plans for DHS, suggested his department lacked critical data and information about ransomware attacks targeting the private sector and civilian agencies, while expressing support for cyber incident reporting requirements featured in the 2022 National Defense Authorization Act currently making its way through Congress.
"It's difficult to assess because the vast majority of ransomware incidents are not reported to the government," Silvers told the House Homeland Security committee when asked if the amount of Russian-linked cyberattacks have fluctuated since earlier this year, adding: "I can't make a definitive assessment at this time."
Top cyber officials have sought to answer similar questions around Russian-linked ransomware and cyberattacks in recent weeks with occasionally differing responses, arguably underlining the need for a standard set of incident reporting requirements.
Deputy National Security Adviser Anne Neuberger said in a press briefing last week the federal government has seen "a decrease in some key actors" among major ransomware groups.
Still, Neuberger said it remained unclear whether the trend represented a "sustained reduction" and added: "We're watching the trend over a period of time and using that to encourage improved resiliency."
At a separate House hearing on Tuesday, Bryan Vorndran, assistant director of the FBI's cyber division, said the FBI has "not seen a decrease in ransomware attacks in the past couple of months originating from Russia."
Vorndran also expressed support for cyber incident reporting requirements, while urging lawmakers to include the FBI along with CISA in the reporting requirements in proposed legislation expected to be included in the National Defense Authorization Act.
Brandon Wales, executive director of CISA and another witness at Wednesday's hearing, sought to reassure lawmakers and the agency's federal cyber partners about the incident reporting requirements.
"I don't see any of the changes that are being discussed changing CISA's fundamental role as the lead for civilian cyber defense," Wales said when asked about the ongoing debate to include the FBI in congressional reporting requirements. "Regardless of what is passed by Congress, we will work to ensure that the FBI and other law enforcement partners and other federal agencies that need to have this information … they will get it as soon as possible."
In June, Biden said he handed Putin a list of 16 critical industries which he told the Russian president were "off-limits" from cyberattacks, including energy and water systems, as well as information technology, health care food and agriculture.
In July, Biden told reporters that he had "made it very clear" to Putin that "the United States expects, when a ransomware operation is coming from their soil even though it’s not…sponsored by the state, that we expect them to act."