United States President Joe Biden implied he made some progress in addressing ransomware attacks on critical infrastructure after speaking with Russian President Vladimir Putin.
Following a Wednesday summit in Geneva, Biden said he had spoken with Putin on the issue of cybersecurity, the U.S. president making it clear his opinion was certain areas of critical infrastructure were off limits for attacks — whether the targets were in Russia or the United States. Biden said the meeting had a positive tone, but he had told Putin “the United States will respond to actions that impair our vital interests or those of our allies.”
“Responsible countries need to take action against criminals who conduct ransomware activities on their territory,” said the U.S. president. “We agreed to task experts in both our countries to work on specific understandings about what’s off limits and to follow up on specific cases that originate in other countries.”
Neither world leader specifically mentioned crypto or digital assets in their respective press conferences, though both referenced the $4.4 million ransom paid to Colonial Pipeline following a cyber attack in May. Putin referred to such funds “paid electronically” rather than naming them as Bitcoin (BTC) or cryptocurrency.
Biden said Putin expressed similar concerns over a potential ransomware attack on pipelines in Russia, adding the two countries would likely have more clarification on their positions within the next 6-12 months:
“We’ll find out whether we’ll have a cybersecurity arrangement that begins to bring some order.”
Rosa Smothers, a former CIA cyber threat analyst and technical intelligence officer, now a senior vice president at security firm KnowBe4, told Cointelegraph that the U.S. government “has a host of capabilities” in addressing ransomware attacks, whether by going after the attackers’ physical servers or their crypto accounts. She added that U.S. officials could come to an understanding with their Russian counterparts depending on the situation.
“In cases where payment servers are located in Russian territory, we could consider providing the Russian government the information needed,” said Smothers.
As far as preventing future ransomware attacks, in the United States private sector companies are generally in charge of critical infrastructure, according to the former CIA analyst. However, there is some existing legislation in place to address the security of personal data.
For example, the Sarbanes-Oxley Act, passed in 2002, provides requirements for safeguards to secure financial data. Congress proposed a major piece of legislation on cybersecurity in 2012, but it failed to get the votes needed to pass in the Senate. Similar measures put forth by lawmakers in response to the Colonial Pipeline attack have yet not received a vote.