How the US aims to tackle the ‘collective action problem’ of ransomware
New efforts in the International Counter Ransomware Initiative intend to leverage automated systems to halt illicit financial transactions, according to a White House cyber official.
U.S. policy on cyber attacks is looking to better manage how organizations engage with ransomware attacks, specifically in terms of payments, according to Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger.
Speaking during a chat hosted by the Center for Strategic and International Studies, Neuberger said that while the Biden administration’s formal approach to ransomware incidents is to not pay, she acknowledged there are gaps in this posture.
“It's a collective action problem, because for any given one entity…if they weren't well prepared with backups, they may feel it's more rapid and less expensive for them to pay a ransom,” she said. “But that fuels the broader network and ecosystem of malware, of money movements that is driving ransomware. So what we're looking at is to say, how do we drive down and discourage the ransom payments?”
One of the policy approaches Neuberger discussed was the International Counter Ransomware Initiative, a collective of 50 nations — including the U.S. — sharing information to fight global cybercrime threats.
During the recent meetings of the International Counter Ransomware Initiative, Neuberger said that member countries launched an effort to use AI systems working off of global blockchain networks to analyze and identify transactions that may be money laundering via cryptocurrencies.
“The blockchain is public information; it's all out there,” she said. “Using AI to work off the blockchain and try to identify illicit money laundering across multiple coins, across multiple exchanges to help us be more effective at tackling the financial aspect of this.”
On the heels of the White House’s deluge of artificial intelligence policies this week, Neuberger also touched on how AI systems are “both in the middle of pain and gain” in malware activities. Ideally, she said, cybersecurity principles and protocols should be ahead of any AI-driven ransomware attacks.
Realistically, however, Neuberger conceded that cyber defense posture will likely be chasing malware actors, but that a promising first step for AI in cybersecurity is using automation to patch system vulnerabilities early on.
“We certainly see AI already being used to accelerate the development of malware toolkits, malicious software, to accelerate the development of identification of vulnerabilities,” she said. “We're still — particularly in government and critical services — we're still deploying unsafe code. It's what makes the cyber problem so hard. It keeps feeling like it grows every day even as we come up with different approaches and work to scale them.”
Pursuant to President Joe Biden’s executive order on artificial intelligence unveiled on Monday, projects within the Department of Defense and Department of Homeland Security will address streamlining the patching of vulnerabilities in code for all entities.