‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments

Avatar

OXFORD, United Kingdom — Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, on Thursday poured cold water on suggestions the United States might bring in a ban on ransomware payments.

“I think within our system in the U.S. — just from a practical perspective — I don’t see it happening,” said Easterly at the Oxford Cyber Forum, an event run by the University of Oxford’s Blavatnik School of Government and the European Cyber Conflict Research Initiative (ECCRI).

She was interviewed by Ciaran Martin, the former head of the U.K.’s National Cyber Security Centre, who had earlier this year called for a ban on all ransomware payments in a comment article in The Times newspaper. He acknowledged on stage that the article had “divided opinions, to put it mildly.”

Asked how bad the problem was, Easterly said: “We have done enormous work with our partners to try and reduce ransomware attacks. It is not clear that we’ve been terribly effective at it, but I will say it’s very hard to know, frankly, because there is no baseline.

“It’s one of the reasons I’m excited about this law we have put in place called CIRCIA, the Cyber Incident Reporting for Critical Infrastructure Act, so it will be mandatory for critical infrastructure owners and operators to report if they have a ransomware attack or a cybersecurity incident,” said Easterly.

The CISA director said the new rule would “for the first time” give the agency “a sense of the cyberattack ecosystem that we just don’t have,” compared to what were currently “very anecdotal” numbers about the threat ransomware posed.

There are already similar rules for designated critical infrastructure organizations in the United Kingdom under the NIS Regulations, although the government failed to introduce an update to these laws despite announcing that it would do so two years ago. The regulations, which pre-date Brexit, are also used in Europe.

A planned consultation in Britain proposing a major overhaul of how the country responds to ransomware attacks — including by banning all payments from the critical infrastructure sector, and requiring all victims to report incidents and to seek a license before making any extortion payments — was scuppered by the snap election.

Easterly also praised her staff’s pre-ransomware notification initiative, where the agency shares detections from threat researchers with businesses, for instance of precursor malware. The program is aimed to help businesses try and prevent ransomware attacks from happening, something she said they had managed “probably hundreds of times.”

A similar program in Britain uses the intelligence agencies’ unique access to information feeds unavailable to anyone else to detect the beginnings of ransomware attacks and tip off the target. As Recorded Future News reported previously, in one three-month period this year, they detected an attack every 72 hours on average.

“I do think we’ve made a difference, but I don’t think we’re going to make ransomware a shocking anomaly without successful implementation of a Secure-by-Design campaign,” said Easterly. “We cannot expect businesses that don’t have huge security teams to be able to secure that infrastructure unless that technology comes to them with dramatically reduced numbers of vulnerabilities.”

CybercrimeLeadershipNewsPeople
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

TeamViewer says Russia’s ‘Cozy Bear’ hackers attacked corporate IT system

Next Post

Nearly 4,000 arrested in global police crackdown on online scam networks

Related Posts

The Secret Weakness Execs Are Overlooking: Non-Human Identities

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem
Avatar
Read More

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake
Avatar
Read More