CyberGuide - Information Security and Cyber Risk Management

White House cyber chief nixes ban on ransom payments

Policymakers instead targeting ransomware ecosystem with new bills, cyber center

By Erin Ayers, Advisen

Federal action on cybercrime surged ahead last week with the launch of a cyber defense agency and bipartisan legislation aimed at regulating cryptocurrency and sanctioning nation-states that harbor threat actors.

The actions coincided with comments from Anne Neuberger, White House deputy national security advisor, on why the Biden Administration opted against a ban on ransom payments.

“Initially, that was a good approach. We know that ransom payments are driving this ecosystem,” Neuberger said, during a virtual Aspen Institute security forum. However, “a thoughtful review” of input from the private sector prompted federal officials to focus on improving the nation’s cybersecurity posture instead.

“We heard loud and clear that the state of resilience is inadequate and if we banned ransom payments, we would effectively drive even more of that activity underground and have less insight into it,” Neuberger said.

“Calling out irresponsible behavior” on the parts of nation-states underpins much of the Administration’s plan going forward, she added.

In an effort to boost the nation’s cyber defenses, the Cybersecurity and Infrastructure Security Agency (CISA) last week launched Joint Cyber Defense Collaborative (JCDC). CISA Director Jen Easterly urged security experts at the annual Black Hat conference to join forces with the government to make “phrases like ‘public-private partnership’ and ‘info-sharing’” more than “hackneyed bumper stickers,” Easterly said during her speech.

Legislation introduced by Sens. Dianne Feinstein and Marco Rubio would require sanctions against nation-states that provide safe haven to cybercriminals and require all federal agencies, government contractors and critical infrastructure operators to report ransomware events within 24 hours. The bill also calls for the development of cryptocurrency regulations to allow the government to detect users suspected of ransomware activity.

Editor Erin Ayers can be reached at [email protected]