President Biden used a recent US-Russia bilateral meeting with President Putin to outline 16 infrastructure that should not be victim to cyberattacks in future.
According to Cyberscoop, areas such as energy, water, healthcare, finance and election systems were highlighted as key sectors that should not be subject to malicious cyber activity. The full list was not disclosed.
Biden and Putin also agreed to work with cybersecurity experts from each government ‘to work on specific understandings about what’s off-limits and to follow up on specific cyber incidents that originate in either of our countries’, according to Biden.
The meeting between the two heads of state came after a spate of recent cyberattacks that were rumoured to have been based in Russia or included Russian groups. These included the severe ransomware attack on the Colonial Pipeline back in May, which lead to the company having to take certain systems offline to contain the threat.
The attack was found a day later to have been conducted by the DarkSide ransomware variant, who were found to be a Russian group. DarkSide went on to demand a $4.4m ransom payment from Colonial, which the company paid in full. However, the US Department of Justice recently revealed it had recovered the ‘majority’ of the ransom payment back to Colonial.
Biden said, “I talked about the proposition that certain critical infrastructure should be off-limits to attack, period, by cyber or any other means. A principle is one thing; it has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory.”
When quizzed by reporters on what the penalty would be for Russian cyber-meddling in critical US infrastructure, Biden said the US would respond in kind.
He commented, “I pointed out to [Putin] that we have significant cyber capability, and he knows it. He doesn’t know exactly what it is, but it’s significant. And if in fact they violate these basic norms, we will respond [in cyberspace]. He knows.”
Putin noted that the two countries would ‘begin consultations’ over cybersecurity matters but highlighted that Russia itself had also been the victim of cyberattacks.
Earlier this week, the G7 called on Russia to take stronger action on ransomware attacks and cybercrime that has occurred within their borders.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst