An alliance of tech heavyweights and cybersecurity groups have jointly launched a new initiative to battle ransomware operatives extorting millions of dollars from public and private institutions.
The Institute for Security and Technology (IST) has lifted off a Ransomware Task Force composed of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance and international organizations to take on this “increasingly prevalent and destructive” cybercrime, the organization said.
Thus far, 17 founding task force members have signed on to build a roadmap of objectives, solutions and milestones to help cybersecurity decision-makers stake out their defensive and offensive positions. The association, which counts IT players Citrix, Cybereason, Datto, McAfee, Microsoft and Rapid7 along with the Cyber Threat Alliance, Global Cyber Alliance and SecurityScorecard among its initial task force seats, intends to produce white papers and consult with industry influencers in an advisory capacity.
IST officials said the collaboration sees ransomware as too great a threat for any single company or entity to combat on its own but instead requires resources commanded by a collective.
“You see ransomware as not just an increasing security threat, it is to the level of now where it’s putting hospitals, children, the elderly, financial institutions, everyone at risk,” Philip Reiner, who serves as IST executive chairman and heads the task force, told The Hill. “As a result, we were seized with the idea that creating a collaborative cross-sectoral grouping that is looking at it from a comprehensive, top-down policy approach could potentially have more effect,” he reportedly said.
The task force plans to discuss its recommendations with the new Congress and the Biden administration, banking on fresh “energy to do something about this so that 2021 is not just worse than 2020 like everyone assumes it’s going to be,” Reiner told The Hill. The cyber collaborators are “dead set on” not being just another set of recommenders talking about how to blunt ransomware, he said.
The California-based nonprofit’s task force is slated to launch its website, including full membership and leadership roles, in the next 10 days and post its opening slate of recommendations in roughly three months.
The IST’s task force surfaces after alleged Russian hackers weaponized SolarWinds Orion business software to unleash a series of malware attacks on multiple government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East.
The enterprise may already have some spirited legislative wind at its back. President Biden’s proposed $1.9 trillion COVID-19 relief measure includes some $10 billion in cybersecurity and IT funding. In addition, Biden has appointed Anne Neuberger, director of cybersecurity at the National Security Agency, as deputy national security adviser for cyber and emerging technology.
Preceding ICT’s task force are dozens of cybersecurity-related provisions hailed by both sides of the aisle contained in the $740 billion 2021 National Defense Authorization Act (NDAA) vetoed by President Trump–snapping a 59-year streak of presidential approval–but subsequently codified into law in a Congressional override. Of the 77 cybersecurity articles in the NDAA, 27 are directly drawn from 25 recommendations presented by the Cyberspace Solarium Commission last year to improve the nation’s cybersecurity posture, including restoring a national cyber director within the White House responsible for coordinating federal cybersecurity policies.