A group of major tech companies, research groups and other organizations announced Monday they’re putting together a coalition to address the ongoing impact of ransomware on government, education, health care and other critical sectors. The Ransomware Task Force, as the new coalition is called, will attempt to develop a “framework” that can be used broadly to help organizations protect themselves from the extortion malware and more efficiently mitigate attacks if they’re hit.
“What we see is the need for a cross-leveling, multi-sectoral approach,” said Philip Reiner, a former National Security Council official and chief executive of the Institute for Security and Technology, which created the task force.
“The way we’ve been thinking about this is, to date, there’s been really great work that’s being done by a number of organizations,” Reiner told StateScoop. “There are a number of tools that can be brought to bear, but more awareness, more resources are required.”
Along with the Institute for Security and Technology, the task force’s initial partners include big vendors like Microsoft, McAfee, and Rapid7; think tanks including Third Way and Aspen Digital; industry groups including the Cyber Threat Alliance and Global Cyber Alliance; and the Strauss Center for International Security and Law at the University of Texas at Austin. According to a press release, the group will include representatives from government, law enforcement, the health industry and international organizations, who will work over a “two-to-three month sprint.”
“Ransomware incidents have been growing unchecked, and this economically destructive cybercrime has increasingly led to dangerous, physical consequences,” the press release read. “Hospitals, school districts, city governments, and others have found their networks held hostage by malicious actors seeking money.”
While state and local governments have suffered hundreds of ransomware attacks since 2013, the malicious actors behind these incidents have more recently trained their sights on K-12 school districts, hospitals and universities conducting coronavirus research.
One objective of the task force, Reiner said in a phone interview, is to get people from different ransomware-addled sectors to speak openly with each other about the threat and develop common strategies to protect themselves. He also said he wants to work with organizations like the Multi-State Information Sharing and Analysis Center, as well as the ISACs covering other sectors.
“There’s a real need for getting these disparate groups together to have this conversation,” he said. “The intention here is to work across these different silos so these folks have a better awareness.”
With respect to state and local governments, Reiner said public-sector officials are “already talking to everyone they can,” but that there may be potential solutions or defenses they’re not aware of.
“We’ve found companies that offer ransomware tools that are highly effective for free, and a lot of entities may not be aware,” Reiner said. “We’re going to cover the waterfront. We’re going to do our due diligence to make sure no stone is unturned.”
Reiner was hesitant to predict what the Ransomware Task Force’s framework will look like, but he said it will be made available to government policymakers and decision-makers in other sectors. One goal is getting it into the hands of the incoming Biden administration, which will follow a Trump administration that Reiner — who worked for the NSC under former President Barack Obama — said has neglected cybersecurity.
“There hasn’t been a high-level push to prioritize this,” he said. “If you’ve got a federal government that clearly makes cyber hygiene an eminent responsibility of the administration, people follow suit.”
But, Reiner said, the task force aims to provide some outside guidance that can be used at all levels of government and critical industries.
“Sometimes these solutions don’t always come from government,” he said. “Coming out of this process and getting people who don’t talk to each other, you will see creative solutions.”