Can President Biden’s cyber diplomacy sit-downs with Russian President Vladimir Putin dent the ransomware onslaught that’s plaguing U.S. critical infrastructure, government, industry and the public sector?
Biden may be laying the groundwork to do what he's historically done best: Talk to people and make friends. And behind the scenes he may be taking a swing or two at the Kremlin.
Efforts to deescalate the cyber wars would surely be welcome in the MSSP market, where cybersecurity service providers have been working overtime to detect and mitigate nation-state threats allegedly launched by hacker groups located in Russia, North Korea and China, among other locals.
Looking Back to Forecast the Future
So how might Biden move forward? A look back into the yesteryear of spy vs. spy offers some clues.
“The one thing you can bet is that spying is never over,” the late, prolific British novelist John le Carre, once said. “Spying is like the wiring in this building: It's just a question of who takes it over and switches on the lights. It will go on and on and on.” He was talking about old school espionage, the furtive world of clandestine agents and double agents.
But his words could just as easily apply to the digital spying of today. Referencing his craft, le Carre also said that a “desk is a dangerous place from which to view the world.” Both quotes, neither tethered to cyber warfare--although the latter is littered with spying and desks--neatly shoehorn into the modern version of the Cold War’s geopolitical maneuvering of 70 years ago between the U.S. and Russia: Battles made of threats, posturing and the threat of nuclear war. Cyberspace has no such definable markers, only its inestimable fallout of crippling businesses, governments, individuals and industry.
So it goes with President Biden’s recent entreaty to Russian President Vladimir Putin urging him to curb cyber criminals operating in Russia, or more to the point, state sponsored crews, about which Moscow has repeatedly denied any knowledge. Ransomware catapulted at U.S. government agencies and critical infrastructure has become too much, Biden is said to have said. On cue, Putin has reportedly agreed. It wasn't difficult to notice that nothing was revealed by either leader about who would do what to who in the event of whatever.
Did US-Russia Conversations Shut Down REvil Ransomware Group?
Nonetheless, the balance of cyber power remains a question of who takes over, who turns on the lights first. In that regard, Biden’s cyber diplomacy presented on its own in the absence of a national policy to frame U.S. responses to cyber aggression, can be seen as sounding good but somewhat inconsequential in the long view. Still, there’s some reason to believe that for the moment it carried some weight.
Only a few days after the notorious hacker group REvil claimed responsibility for an offensive against Kaseya’s VSA software on July 2, 2021, the crew disappeared from the Internet, sparking speculation that the U.S. had launched a counter attack or worked back-channels with Russia to thwart the hacker group.
Ahead of REvil's disappearance from the Internet, the VSA supply chain attack extended ransomware to roughly 50 MSPs and 1,500 downstream customers. As a result, Kaseya turned off its VSA cloud service for more than a week to harden the system. The lack of service caused thousands of MSPs to lose remote monitoring and management (RMM) capabilities for more than a week. Before disappearing from the web, REvil claimed up to 1 million endpoints in at least 17 countries were hobbled.
Biden and Putin: The Kaseya VSA Attack Conversation
In his post-Kaseya telephone comments to Putin, Biden reportedly said all the right carrot-and-stick words just as his predecessors had done decades earlier, then, admittedly, with far more bluster and bravado than now. According to a readout of the exchange provided by The White House to reporters, Biden again suggested that the U.S. will retaliate for the Kaseya incident and restated his commitment to a long-term engagement to quash ransomware.
“President Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” the readout of the conversation said. Biden told reporters that he had “made it very clear to that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is.” Newly established lines of communication will enable them to talk "on a regular basis" when either leader believes "something is happening in the other country that affects the home country," he said. All in all, "it went well," Biden said.
Tensions between the U.S. and Russia have been pulled tighter as the number and severity of cybersecurity incidents either linked to the Russian government or to Russian-based cyber criminal gangs has spiked. Meanwhile, the question of whether or not the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are fully equipped to handle the volume of malware incoming directed at the U.S. has gained steam, prompting a heating-up debate over the potential involvement of the U.S. military to launch cyber military attacks against nation-state sponsored hackers.
Indeed, Lt. Col. Kurt Sanger, the general counsel for the U.S. Cyber Command, recently warned that transnational cyber crimes “can surpass the capacity” of the FBI and CISA to immediately respond. Sanger is urging the Biden Administration to green light cyber military take-downs of nation-state sponsored hackers.
U.S. Cybersecurity Strategy: Signs of Potential Progress
To be clear, Biden seems intent upon adding heft to the country’s cybersecurity profile. In mid-May he signed a cybersecurity executive order focused on improving the nation’s cyber stance, threat intelligence sharing, and cyber attack response efforts. In particular, the order had specific implications for IT service providers that work with the U.S. federal government.
The executive order amounts to the latest step by the Biden administration to strengthen the country’s overall cyber posture. It covers threat sharing information, cybersecurity modernizing, supply chain security, a cyber safety review board and other issues. An associated goal is to speed cyber incident information sharing between IT service providers, cloud service providers, software companies and various federal government agencies, including CISA.
Does Biden’s deep experience in multilateral diplomacy combined with his administration’s early steps to clarify and coalesce the White House’s cybersecurity strategy make for a stronger U.S. cyber defense and offense? At the least, we should expect his olive branch diplomacy to extend beyond Russia to China. Then we’ll know more.