[ad_1]
The writer is a former head of MI6, Britain’s Secret Intelligence Service, and a founding partner of Vega Cyber Associates.
It’s easy to feel helpless in the face of a ransomware as amorphous and a seemingly random threat. But, like all cybersecurity issues, it is no more a technological problem than a human problem. And it’s what humans can fix.
Recent Ransomware Attacks Colonial pipeline in the US and Irish health system it should be a wake-up call. Things are going wrong and many will get worse because the incentives to carry out these attacks are strong and growing.
There is no silver bullet that will make this problem go away. There are things that states, organizations, and individuals can do together that can convince ransomware actors to use their unquestionable skills elsewhere.
First, we must recognize that the criminal problem is not national and geopolitical security either. The people behind these cyber attacks need places to live and enjoy the benefits they have not achieved. Not many people will notice that most ransomware operators run away with a “no food in Russia” policy. The reality is that many are in Russia, and as long as they do not fit into Russian interests, they will be left alone. President Vladimir Putin has made it clear that he does not believe he is the owner of the problem.
There are long-standing links between the hacking community and Russian security services. And while it is not true to say that the state is behind these attacks, it is clear that the perpetrators could not function as if the FSB home security service had been opened against them.
U.S. President Joe Biden has said the issue is high on the agenda for next week’s meeting with Putin. It should be there. And he would have to use a whole bunch of carrots and geopolitical sticks to get the ultimate indicator of realpolitik to take the problem seriously.
I was delighted with the success of the FBI in acquiring the bitcoin wallet used by the Colonial hackers and recovering a large portion of the ransom. The ransomware threat created now is a perfect application of higher national capabilities.
Incentives for such criminal activity should also be addressed. As head of the Secret Intelligence Service, I saw firsthand the consequences of not paying the terrorist rescues taken by the UK and our allies in the Five Eyes intelligence sharing group. This policy is often frustrating to implement, but it’s the right thing to do. The alternative is to fund the same activity you are trying to avoid.
There is a case to bring this view to ransomware. Opponents question whether a ban on payment in a life-threatening situation may be justified on moral grounds. They have a point. But partial bans, allowing them to pay in “emergency” situations, would encourage the attacker to create that situation. And that would be the worst of all worlds.
If one accepts that it is a matter of national security, then it is difficult to defend the suggestion that governments should leave these decisions in the hands of private citizens. As a first step, I believe it should be mandatory to disclose payments publicly and in detail. Attackers seek to present payment as an easy option. We need to change that.
We also need to look at insurance and moral hazard risks. Often attackers have access to insurance policies in advance, and they know how much they can afford. However, insurers now expect to see evidence of good quality cybersecurity before writing the business.
Then there is the question of cryptocurrency. It is debatable that the problem would not be without cryptography, which allows for rescue payments in a way that preserves the anonymity of the recipients. That is not to argue for a ban on these currencies, as they are obviously here to stay. Knowledge is about asking your customers and the development of strong anti-money laundering laws that are appropriate for the digital age.
Cryptocurrencies are undetectable: they sit in the blockchain and are sometimes easier to find than money. The difficulty for law enforcement agencies is to find the true identity or at least the real intent of the recipient or creator. The good news is that modern data and analysis can be combined to distinguish between good and bad transactions.
And then the irony. Often, the software used by attackers is based on code written by penetration testers with the best of intentions, as it helps organizations analyze their systems for vulnerability. Although there are significant practical hurdles, we need to draw on our experience in anti-proliferation licensing techniques and identify ways to limit the use of this code to its intended purpose.
As a result, governments can and should do more things but not to the extent that individuals and companies release their responsibilities. The sheer amount of this is surprisingly good at getting the basics of cybersecurity right.
Ultimately, it’s about human agency. Individually, we easily pick and scare them. But collectively, we are not from being powerless. These attackers are bullfighters. And the more persecutors return, the more you don’t bully them into the company. If anything good comes out of the latest attacks, it will be that the day of the event is approaching.
[ad_2]
Source link
