Public-Private Partnerships to Combat Ransomware
Institute for Security and Technology (IST)
Uniting technology and policy leaders to create actionable solutions to emerging security challenges
Welcome back to The TechnologIST! New this month at IST:?
??We just released our latest report on public-private partnerships to combat ransomware.?In this month's edition, I sat down with the authors to learn more about their research process, findings, and next steps.?
? Virtual registration is now open for the RTF's anniversary event, to be held on Wednesday, April 24, 2024 from 10:00 to 5:00 pm ET.?
? In-person registration is now open for the?inaugural Cyber Policy Awards, immediately following the RTF event on April 24 from 5:00 to 7:50 pm ET.
? The Cyber Policy Awards nomination deadline has been extended to Friday, March 29 at 5 pm PST. There's still time to nominate those?in the cyber policy community who have achieved policy impact nationally and internationally, championed the policy ecosystem, and provided key philanthropic support!
The following is a preview of our latest newsletter. To subscribe and make sure you don't miss the full story, click the link below:
Operation HashGuard: Public-Private Partnerships in Action
Cryptojacking—the use of stolen computing power to generate cryptocurrency—is one form of cybercrime. In one recent case, a cyber criminal reportedly gained unauthorized access to cloud computing infrastructure and used its computational power to mine over $2 million in cryptocurrency.
Cryptocurrency mining requires massive amounts of computing power. The costs of acquiring this computing power often outweigh any potential crypto profits. By using malware to gain unauthorized access to servers, the individual was able to charge the computing power costs to victims of the scheme, instead of incurring costs themselves.?
Taking down an operation of this scale and sophistication is no easy feat, and it couldn’t be done by one organization or country on their own. Over the course of a year-long collaboration effort culminating in January 2024, Europol and the National Police of Ukraine worked together with a major cloud service provider to investigate and arrest the individual responsible for the scheme.?
Operation HashGuard is one example of a public-private partnership (PPP) to combat ransomware, the subject of IST’s latest report in collaboration with the GFCE. How exactly do public-private partnerships come together? How does the group communicate? What do the conveners of the public-private partnership do to build trust amongst their members??
The report,?Public Private Partnerships to Combat Ransomware, takes Europol ’s European Cybercrime Centre (EC3), the United States Joint Cyber Defense Collaborative (JCDC) within the Cybersecurity and Infrastructure Security Agency , and the Institute for Security and Technology’s Ransomware Task Force (RTF) as case studies, investigating what makes these function, identifying the challenges they face, and deriving key principles underlying PPPs that can be applied to other contexts and applications.?
For this month’s newsletter, I sat down with Elizabeth Posegate Vish and Georgeanela?Flores Bustamante, principal researchers and report authors, to learn more about their research process, hear from them on key takeaways, and talk about what’s next.
Q&A: Researching the European Cybercrime Centre, Joint Cyber Defense Collaborative, and the Ransomware Task Force
What exactly is a public-private partnership? And how does it relate to combating ransomware??
Elizabeth Vish: I think my definition of a PPP is that it’s a formal mechanism for government and intergovernmental actors to work together with private industry, the technical community, academia, non-profit organizations, and other stakeholders to address a problem that they couldn’t address just by themselves.?In the case of ransomware, government has a lot of tools at its disposal that only it can wield–but civil society and industry also have lots of ideas, information, and energy that they alone can bring. Plus, there are ransomware victims in all sectors of society, so effective action needs to include them by learning from their experiences and helping them to recover.?
Talk me through your research process. How did you select these three case studies, and what did the interviews that you conducted look like??
Elizabeth: When we put together the response to the GFCE’s request for proposals, I really wanted to look at three distinct aspects of combating ransomware: topline policy recommendations; active collaboration to go after the criminals; and work to help possible victims be less vulnerable to this kind of incident. Then we inquired with members of the Global Forum on Cyber Expertise (GFCE) about the case studies we had in mind, and if there were any we missed. Multiple folks affirmed that EC3, JCDC, and RTF were standout cases that had a lot of lessons learned.
Georgeanela Flores Bustamante: When it came to conducting the interview portion of our research, we kicked things off by interviewing the conveners of each partnership. This allowed us to understand the organizational setups, mechanisms, and strategies they put in place to manage their collaborations and engagements with the private sector. We then interviewed individuals from industry involved in these partnerships in order to get a sense of what resources and/or expertise they bring to the partnership as well as their motivations for joining the PPP. Lastly, we interviewed people from different parts of the world, which gave us great insights into how various regions approach mitigating ransomware.?
This isn’t just research; it’s also a set of actionable steps to set up effective public-private collaboration to combat ransomware going forward. What are the steps involved? Which steps, per your research, are some of the most challenging to achieve?
Georgeanela: From our research, we identified six steps to setting up a PPP. They are: 1) defining the goal of the partnership; 2) identifying relevant stakeholders; 3) starting with trust-building practices; 4) establishing the ground rules of the partnership; 5) looking for opportunities to achieve progress; and 6) continuing to refine the goals of the partnership as needed. I think the most challenging step is trust-building! Conveners of public-private partnerships need to be able to create an environment where all participants trust each other enough to share critical and sensitive information and that’s not an easy feat.?
Elizabeth: One real challenge that we heard was sustaining engagement. Sometimes, the convener will kick things off with grand visions, but then in a few months their interest gets diverted to another task and they let their convening energy wane. Or, someone will share a great piece of information, but then there isn’t sustained effort to use that information to its fullest, whether through tactically sharing it with a small group or matching it up with other information that other members of the partnership have. Europol really manages to avoid this–at least on balance–because they have the expert staff dedicated to bridge the gaps. ?
What was the most interesting case study for you? Why??
Georgeanela: I really do think they’re all interesting! This was my first big project at IST, so it was fascinating to interview those who have been involved with the RTF since the beginning and to hear about all the hard work that went into developing the original 48 RTF recommendations. We also included Europol’s European Cybercrime Centre as a case study, which has been around for a little over a decade, so it's a great example of how to sustain a PPP over a long period of time. Conversely, the JCDC—which launched in 2021—represents a newer partnership. This contrast offers readers insight into the evolution of PPPs at different stages. Ultimately, I’m grateful to all the people who work together to keep our digital ecosystem secure!?
领英推荐
What’s next for this effort?
Elizabeth: We are excited to use this research to help governments that want to more effectively collaborate with civil society, the technical community, and private industry. This is a deliverable for the Counter Ransomware Initiative (CRI), and I’m hopeful that CRI governments—from Albania and Australia to the United States, Uruguay, and Vanuatu—will take this research and progress towards improving or expanding their collaboration. And we’re continuing to seek other and additional collaborative solutions on efforts relating to information sharing and combating ransomware with our RTF partners.
"Many governments have expressed a desire to collaborate with the private sector to address [ransomware], and have tried to set up collaboration with nonprofits, the technical community, and industry representatives. However, cooperation can be challenging. Sharing information can make non-government entities feel vulnerable to regulatory action or 'naming and shaming.' Furthermore, entities involved in cybersecurity and combating cybercrime, many of whom operate on a limited budget or with insufficient resources, often struggle having enough bandwidth to thoughtfully and deliberately build out effective collaboration. This research seeks to help catalyze this collaboration through describing how specific models work and outlining global best practices."
Elsewhere at IST
In February 2023, the Nigerian presidential election was marred by disinformation, including AI-generated deep fakes. In our latest blog, IST Senior VP for Special Projects Eric Davis sat down with Nigerian journalist Hannah Ajakaiye to discuss her efforts fighting misinformation,?her observations on its effects, and possible mechanisms for intervention.
IST’s Applied Trust & Safety Initiative is a unique, cross-collaborative commitment to tackling some of the industry’s most pressing issues. Composed of thought leaders and senior practitioners from across the industry, the members of the Trust & Safety Advisory Group will inform the strategy and substance of Initiative’s work going forward.
Cyber Policy Awards | Register to attend the Cyber Policy Awards in person and nominate those who have made an impact
Join us on the evening of Wednesday, April 24, in Washington, D.C. for the first ever Cyber Policy Awards! The event will include a reception and the presentation of awards by esteemed members of the cyber community. Sign up to request in-person?attendance. Don’t forget to submit your nominations for an individual, group, or organization who demonstrated achievement in U.S. domestic policy, international policy, ecosystem championship, or philanthropy. Deadline extended: nominations close Friday, March 29, at 5pm PST.?
RTF Anniversary Event?| Register to virtually join 24 in ‘24: Doubling Down on the Ransomware Task Force Recommendations
On Wednesday, April 24, IST’s Ransomware Task Force hosts 24 in ’24: Doubling Down on the Ransomware Task Force Recommendations. This year, RTF Co-Chairs Christopher Painter, Kemba Walden, John Davis, Michael Daniel, and Michael Phillips?will moderate panels to assess the status of the Ransomware Task Force’s 4 original priorities—deter, disrupt, prepare, and respond—as well as the status of a potential ban on ransom payments. Register to attend on Zoom.
IST in the News
The FCC recently approved the U.S. Cyber Trust Mark, a voluntary label that denotes that consumer Internet of Things devices meet baseline security standards. Steven M. Kelly, CISSP discussed the new rule with Cyberscoop, noting that as other countries have implemented something similar, it was “essential that the United States firmly step into the conversation with its own approach.”?
On February 29, Mozilla and the Columbia Institute of Global Politics convened 40 scholars and practitioners to discuss what “open” should mean in the context of AI. Zo? Brammer , along with experts from Stanford, Princeton, Meta, and many others, talked through how to make AI safe and effective, AI policy, and where and how to apply “openness” to the AI stack.??
What We're Reading
Want more tech and security content? Check out some of the ISTeam's favorite pieces from the past month:?
The Institute for Security and Technology designs and advances solutions to the world’s toughest emerging security threats. It is a nonpartisan, nonprofit organization?based in the San Francisco Bay Area dedicated to solving critical international security challenges through better technology and policy. Donate today to support our mission.
For more information or media requests, please contact [email protected].
Thanks for reading The TechnologIST!?If you were forwarded this email and want to subscribe to our mailing list, click here.
Collaboration sparks innovation - Socrates would agree. Successful partnerships, like those in cybersecurity, remind us of Musk's drive for a better future. ?? Looking forward to revolutionary ideas ahead!